I always seem to come across this when it comes to recommending things to clients or even looking for hosting myself,
The client generally says they’re looking for something secure and starts out by asking me what company would be best to go with and the most cost effective for their needs, in the back of my mind I’m honestly thinking none at this point.
My reasoning behind that not only goes with my experience but just the general stories I’ve heard sometimes not even related to security but management of these servers the companies run.
All in all I personally don’t like the idea of leaving the fate of my data in the hands of another person, what I mean by this is how do you know all of the IT(s) or Tech Support people working at a company are even qualified to be there, none the less have general knowledge of security.
It seems like companies are only looking for people with their bachelors in computer science and don’t really have security officers to implement practices like not using the same password in more then one place which generally leads to the compromise of something in the network and if something on a company’s network who I’m being hosted by is compromised I might as well consider myself compromised at that point.
Lets put it this way the internet or hosting companies in this case works kinda like a tree,
At the top of the tree you have an ISP, Upstream or etc.
Just below that you’ve got your Datacenter, NOC, or whatever else it may be,
Then goes the hosting company which orders dedicated servers from such and some people may ever order reseller packages on the same hosting company leading you to believe they’re their own hosting company which in return means you’re just leaving your data in more and more unreliable, responsible and inexperienced hands the deeper you go.
Now we’ll say that’s the middle of the tree the hosting company, then you find yourself just at the bottom of such with your website and data.
Well here’s the thing shared hosting companies deploy somewhere around thousands of websites on a single server not to mention people with resellers access and half the time they are very irresponsible (E.G. Outdated kernel, Minimal Security restrictions, World readable root bash logs, left behind automation scripts, the list goes on ).
With that being said say your website is completely secure and you feel proud, and safe about such you’ve coded this website yourself and made sure you met every security practice and standard there’s no way it’s going to be compromised by some random people on the internet looking for a little destruction/graffiti.
Wrong, You’re not safe because you’ve hosted your website with the average joe nobody shared hosting company one person on that server makes a mistake which jeopardizes their website security and the whole server is going down with them which means your website too.
I know it’s horrible but it happens and this is why I don’t agree with nor trust leaving my data in the hands of a shared hosting company.
While it’s more expensive to actually order your own dedicated server and host your website that way, in the end it comes down to what is the security, and comfort of your own data worth to you?
Now here’s the thing make a smart choice when deciding where you’re going for your dedicated server as well, because just like a hosting company, a Datacenter can be just as insecure in-fact sometimes more.
There are the obvious precautions you should always take when ordering a dedicated server which are very simple actually never provide your password to customer service techs in support panels only do so over the phone and instruct them not to document such.
Because if they do document such you’re once again putting the fate of your data into someones hands which how can you trust the average tech support guy to follow every procedure in security he was or wasn’t taught.
Next up, Never keep the default password provided by techs when your server is setup this is an obviously big no no because it goes right back to the fate of your data’s security relying on someone other then yourself.
The last comment I have about this is that if you care about your data, your companies reputation as far as security or likewise don’t host with your average joe because it’s $10-$20-$30 cheaper go with a top notch company who knows what they’re doing.
While I prefer to host my servers in my own internal network not everyone has that option because they don’t want to sacrifice the bandwidth they have available in their network,
I can understand that and also relate but where the down fall of not doing so comes in is the fact you have to rely on other people for more then just security, you’ve gotta call someone else to deal with your downtime, hardware issues or etc.
Where as when you host your services internally on your own network your IT team has full management 24/7 of it and you know your data’s fate lies in your hands and your reputable ISP(s) hands.
So with all of that being said I’d have to say don’t go with shared hosting it’s just a bad idea spend the extra money and get your self a dedicated server or just internally host your services.
Any experience with this?
Has your website/server been compromised due to lack of irresponsible techs at datacenters or hosting companies?
Have any input or questions?
Leave a comment below .