1 / 23

The Truth About ASPs

The Truth About ASPs. Trusting Strangers with Your Business Data. Introductions. Ian Poynter, Jerboa Inc. ian@jerboa.com Diana Kelley, LockStar, Inc. dkelley@lockstar.com. What is an ASP?. Application Service Provider Outsourcing Taken to the Extreme Hosted Applications

marisa
Download Presentation

The Truth About ASPs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Truth About ASPs Trusting Strangers with Your Business Data

  2. Introductions • Ian Poynter, Jerboa Inc. • ian@jerboa.com • Diana Kelley, LockStar, Inc. • dkelley@lockstar.com Ian Poynter & Diana Kelley

  3. What is an ASP? • Application Service Provider • Outsourcing Taken to the Extreme • Hosted Applications • Hosted Business Data Ian Poynter & Diana Kelley

  4. Examples • Contact Management • Agillion • Backups • Recovery Solutions Ian Poynter & Diana Kelley

  5. Examples • Calendaring • eCal • Storage • iDrive Ian Poynter & Diana Kelley

  6. Questions • For Customers • Questions to Ask • For ASPs • Questions to Answer Ian Poynter & Diana Kelley

  7. Longevity • How Long Has the ASP Been in Business? • Who Are Their Other Customers? • What Do Their References Say? Ian Poynter & Diana Kelley

  8. Security Policy • Is There a Security Policy? • How Do the ASP’s Procedures Reflect Their Policies? • How Are the Policies Upheld? • Customer Policies Should Be Willingly Accepted • Customer Suggestions Should Be Accepted Ian Poynter & Diana Kelley

  9. Security Policy • How Does the ASP Ensure Their Policies Are Enforced? • Do They Conduct Audits? • Third-party “seals of approval” • Do They Keep Secure Logs? • Are There “Checks and Balances”? Ian Poynter & Diana Kelley

  10. Application Hosting Design • What is the ASP’s Security Approach? • Philosophy and Strategy • Design and Implementation Ian Poynter & Diana Kelley

  11. Application Hosting Design • Problems with Shared Servers • Data Confusion • Physical and Network Security • Is The Facility Secured? • Is The ASP Production Network Secure? • Consider Also Their Corporate Network Ian Poynter & Diana Kelley

  12. Application Hosting Design • Home-grown vs. Custom Application • Is This Custom Software or SAP? Ian Poynter & Diana Kelley

  13. COTS Applications • Can the ASP Get Security Problems Fixed? • Is the Software Vendor Responsive? • What Control Does the ASP Have? • How Reliable Is the Vendor? Ian Poynter & Diana Kelley

  14. Home-Grown Applications • Are Applications Built With Security in Mind? • Not “Tacked On” • How Often Are Applications Modified? • Daily? Weekly? • Is There A Formal Quality Assurance Process? • Opportunities for Error Abound Ian Poynter & Diana Kelley

  15. Code Reviews • Who Has Reviewed the ASP’s Code? • Probably No One • Problems with COTS Software • Was the Review Independent? • Or Was It Internal? • How Often Are Reviews Repeated? Ian Poynter & Diana Kelley

  16. Contingency Planning • Disaster Recovery • Do They Do It? • Backups • Sent Off-site? • What Is the Off-site Backup Storage Policy? Ian Poynter & Diana Kelley

  17. Contingency Planning • Incident Response • What Are the Policies and Procedures? • What Is the Escalation Path? • How Quickly Do I Find Out My Data Was Compromised? Ian Poynter & Diana Kelley

  18. Availability • What Kind of Redundancy Is Built Into the Asp’s Systems? • What Guarantees of Availability Are There? • Uptimes? • MTBF Ian Poynter & Diana Kelley

  19. Separation Safeguards • Data Separation • Is Customer Data Kept Separate? • Is Data Safe From Internal Threats? • Employees and Contractors • Who Has Access to Your Data? Ian Poynter & Diana Kelley

  20. Employee Screening • How Experienced Are The Asp’s Employees? • Does the ASP Screen Their Employees? • Reference Checks? • Background Checks? Ian Poynter & Diana Kelley

  21. What Should ASPs Do? • Cover Themselves • Get Insurance • Take Security Seriously • And Do It Well • Prepare to be Sued Ian Poynter & Diana Kelley

  22. What Should ASPs Do? • Security As Marketing • Do All the Things We Describe • Take Security Seriously Ian Poynter & Diana Kelley

  23. What Should Customers Do? • Ask the Hard Questions • Get Everything in Writing • Get Assurance from the ASP of • Availability • Coverage for Losses • Get Insurance Ian Poynter & Diana Kelley

More Related