A few weeks ago I interviewed Chris Drake, CEO of Firehost, along with Kevin Mitnick, a Firehost customer and security consultant / author.
Both had good insights to offer with respect to choosing a hosting company — especially a host that will be proactive about security. In fact, Firehost CEO Drake went so far as to say that “In our opinion, proactive security should be part of the managed hosting mix.”
He says that your hosting company is as important a service as your telephone service.
Unfortunately, I would hazard a guess that most small business people do not give the “where to host” decision the same level of attention as the ‘where do we get our phones?” decision. Hosting services are often treated as a commodity, as if they are all the same and the only thing to compare is price.
One thing that came across loud and clear in the interview is that hosting services do vary considerably – especially when it comes to monitoring for, and proactively preventing, intrusion attacks. Problem is, you may only discover this after a problem has occurred … many hours of lost productivity later.
Here’s how to get in front of the curve, anticipate issues, and determine whether a hosting company is a good fit for your needs and will be there when you need them most:
1. Contact current customers of the hosting provider. See how satisfied they really are, whether they have encountered any problems, and how the hosting company responded. The most challenging part could be finding other customers as some hosting companies do not share their customer list openly, nor do they have testimonials on their website.
2. Pick up the phone and call the support line. Ask a few questions and see how they respond. Are they courteous? Or do they sound indifferent … or worse, rude? Can you understand them, or are you speaking with offshore support staff whose accents you may find difficult to grasp? How long did it take for someone to answer? “At some point you will end up on the phone with support,” says Drake. “Your time is worth something.”
3. “Make sure you understand the different packages and services the company provides,” says security consultant Mitnick. “Read the website; ask questions.” There are a number of factors to consider. How much storage space will you get? What about bandwidth and data transfer – how much is covered? Will you be charged for over-usage and if so, how much? How frequently will site backups be made? What’s the hosting company’s uptime / downtime experience? What level and type of customer support will you be entitled to with the package you choose – email-only support, telephone customer support during business hours, or telephone support 24/7? What level of security monitoring and intrusion prevention/detection is available?
4. Look for a secure provider. In today’s world, where intrusion attacks have increased dramatically, security is a much bigger issue than in the past for small businesses. (Read: What Every Business Owner Ought to Know About Website Security.) This is especially important if you have an ecommerce site that must be PCI compliant for credit card transactions. Says Drake, “A big problem we see is when a small business will come to us because their website has been breached and they have 60 days to get into PCI compliance. In extreme cases, the website may have to be shut down until brought into compliance.” It is a serious, business-threatening situation.
A secure hosting environment is only one part of the security equation. Says Drake, “The main thing for a small business, is that if you collect critical information about customers such as billing information, share the awesome responsibility related to that. A hosting company can share in securing your website, but it is also important to have secure procedures for dealing with confidential information overall.”
For example, don’t print out sensitive customer information and leave it open to the public or put it in the trash without shredding it. Another example: are employees permitted to have confidential customer information on laptops, which can be lost or stolen? A third example: don’t permit employees to give out sensitive customer data over the phone without requiring verification that they are really speaking to the customer. Be security conscious in all your business processes, as well as in your hosting arrangements.
Bottom line: Next time you are in the market for website hosting, take the time to make an informed decision. Do not rush into it without doing due diligence. You may regret a snap decision later on when you find out just how momentous your decision was for your company.
And take a hard look at your current hosting provider. Have you had security breaches? What level of support are you getting? There are many options available today that you can shop for on the Web. You do not have to settle for lousy service or being hung out to dry on security issues, even on a small business budget.