Hackings have increased in recent years – by one count, 161% last year.
In that kind of environment, website hosting can be a sore topic for small business people. If a website gets hacked, your hosting company typically says ‘we’ll help you fix it.’ But if it happens again, the hosting company may think your account has become too much work for too little money. You could be asked to pack up your website and find another hosting company. So on top of the inconvenience and shock of getting hacked, you’re suddenly “out on the street.”
As a business owner you may not even have thought much about security, assuming your hosting company takes care of it. Ah, but you’re probably wrong.
You must pay extra for proactive security monitoring and protection. At most hosting companies that’s expensive.
But it doesn’t have to be that way, says Chris Drake, the CEO of Firehost. Firehost is a Plano, Texas hosting company whose difference is that they provide security monitoring and protection to ALL their managed accounts – standard. Not just to the big corporate accounts that pay many thousands of dollars a month, but also to their small business accounts.
October is National Cyber Security Awareness Month here in the United States. In honor of that, I would thought it would be fitting to profile a company this month that is proactively looking out for its customers’ website security. So I had a long interview with Chris Drake on why his company is different – and what that means for small businesses.
The key takeaway from my interview is that Firehost actively blocks hackers to prevent intrusions on the websites that Firehost hosts.
Drake explained that there are two ports that a website gets visited on: port 80 and 443. Firewalls have to leave those ports open for a website to be viewable. Firehost provides a web application firewall that monitors all traffic over port 80 and 443. Firehost actually blocks traffic that meets certain activity signatures. This cartoon illustrates it:
“In our opinion, proactive security should be part of the managed hosting mix,” he says.
The company does continual research to stay ahead of hackers. One of the ways they do that is by luring in hackers, so that FireHost can watch and learn how to prevent attacks. Per Drake, “We put out a honey pot — a computer that is outside our network — and we let hackers go after it. We see what they are doing. That way we sharpen our knives. That honey pot allows us to catch bees. We’re on the bleeding edge on knowing what the attack scenarios are.”
Drake says secure hosting was a stumbled-upon business for them, “arising out of our roots as a Web application development company. Sixty percent (60%) of attacks are at the application level [i.e., they break in through your software]. Our first website we hosted was Qualcomm – we’ve been providing enterprise hosting as a development firm for a while. That’s how we learned about hosting security. Then we looked at how we could take security and provide it to small businesses.”
I asked how Firehost could afford to provide this security for small businesses, and what their business model was. According to Drake, providing secure hosting reduces customer turnover. “We’ve been pleasantly surprised to learn that security is very sticky.”
Still, as he says, “Security engineers and equipment do not come cheap. But the model of most high-end secure hosts is that the equipment is yours. We share the equipment and security level among customers,” gaining economies of scale. “We also save time and costs on support by not having to deal with customers who have been hacked.”
Firehost is so confident of their ability to keep out hackers, that they actually welcome high profile websites that are targets for hackers. One such website is that of Kevin Mitnick – once the most wanted computer hacker in the U.S.
Mitnick — now a public speaker, author and security consultant who tests the security of business information to find vulnerabilities – originally hosted his website with a friend’s company. But after multiple hackings, his friend could not afford to keep dealing with the aftermath. It was costing his company too much money. So Mitnick was asked to leave. That’s when he went to Firehost.
Mitnick’s site is a target for hackers – but it’s a misplaced target, he says. “I don’t host my own servers. I want an air gap between public servers and my internal network. That is why I decided to use a third party Web server. I don’t have anything confidential on the Web server. A lot of people want to prove they can hack my site, but they are not breaking into my computer it is really a hosting company’s computer.”
Hosting with a third party, he goes on, “is a cheaper alternative for my business than managing it in-house. Still, I want to ensure that the hosting company managing my Web server is secure — for myself, and because that is the business I am now in.”