Answer Best answer as chosen by user cbwoodall
Re: Hosting a business application
You'll definitely want dedicated resources for your application, which would leave you with either a virtual private server (VPS) or like you suggested, a dedicated server. One is just as secure as the other. What it really comes down to, in terms of security, is the following:
- Is the application secure? Has it been audited? Who will maintain its integrity and security? Is highly sensitive data stored encrypted?
- Is the server secure? Who will manage/update it? Is there a security protocol in place?
- Will the application be accessed from secure devices? How is access controlled? Is there an authentication policy in place?
Each of these, if not done properly, could be a potential vulnerability to expose sensitive data. In the end, security doesn't come down to technology, but the people implementing, using and maintaining it.
A host that I have multiple clients with is Contegix. I'm not saying to go get a server with them, but they are excellent in terms of support and managing Linux servers from a day-to-day operational perspective and a security standpoint. They would be a good baseline for you so you can set appropriate expectations on what to look for.
Regardless of who you choose, I would personally get in touch with any hosting company to talk to them about your application, your needs and your expectations. Let them know that what you're looking for with a hosting provider and make sure that they'll take accountability for the things they are responsible for.
Furthermore, having back-ups and possible server redundancy (if the application can absolutely never go down) is also something to keep in mind.
Depending on who the application users are and where they are located, in terms of performance, it does make somewhat of a difference on where the server is located. The closer to you, the better. If you're application users are spread out all over the place, a look at a content delivery network (CDN) might also be of use. If you're just starting out though and the amount of users is relatively small, I wouldn't spend any money on that just yet. It's just a term I'm throwing out there so you can keep that in the back of your mind.
Between investing in back-ups, server redundancy and/or a content delivery network, I'd most definitely recommend making sure you have daily, weekly and monthly back-ups of your data.
Last, but not least, if a breach did occur, it's a good idea to have a protocol for an event like this. Let's say a user's account is compromised or there is evidence that there may be a breach in the database, what are the set of steps that need to be executed to mitigate exposure?
Was this reply helpful? (0) (0)