Cloud Hosting, without a doubt is emerging as one of the most adopted hosting solutions across many business industries. This is because it has allowed business to scale effectively that too at low costs. If your website requires resources to be added on a frequent basis with upscaling or down-scaling resources instantaneously, Cloud Web Hosting is for you. But perhaps one of the most important vulnerability that Cloud Web Hosting has, is security.
When you are choosing a Cloud Web Hosting provider, you need to pay keen attention to security measures that the provider will put into place so that your valuable website and data remains safe and secured. This post helps you understand what exactly you need to look for, in terms of security and ask the right questions to your Cloud Web Hosting provider.
Let’s dig right in:
- How often do you update the Utility and Performance Software?: Essential system software such as CPanel, Operating System, Caching Technology, PHP, phpMyAdmin and MySQL are definitely necessary for smooth functioning and improved performance, but are also all the more susceptible to security threats. Although certain aspects of security is the website owner’s responsibility and not the Cloud Web Hosting provider’s, the hosting company is actually responsible for a lot, still. Even if you are managing the security aspects of your website flawlessly, you could still be at risk if your hosting company isn’t holding up their end of the bargain. It is very much possible for the hosting provider to run the system on older versions of the software which means that the system is running on an outdated software which may lack important security fixes, making your website vulnerable to security attacks.
- Is it possible for one hosting account to read files in another account on the same server?: The question itself reveals the potential of massive data eavesdropping. In case an attacker gets an account on such hosting providers, they can hack into the files of other hosting accounts if proper isolation is not taken up by the Cloud Web Hosting provider. Typically, a request is processed by an application running with sufficient privileges to access any tenant’s data. This application authenticates the user and authorizes the request before carrying it out. Since the only protection is at the application level, a single vulnerability threatens the data of all tenants, and could lead to cross-tenant data leakage, making the cloud much less secure. You need to check with the Cloud Hosting Provider if appropriate measures such as SLIM (Secure Logical Isolation for Multi-tenancy) is implemented. If not, get them to explain what other measures will help reduce the vulnerability here.
- How often do you backup my website?: What happens when the worst takes place? Your website is hacked or you have lost certain mission critical data. The fastest way to recover from a hacked website is by restoring a good backup of your site. Having quick access to a backup of your site can save you time, money and a lot of work. Find out what your hosting company is backing up, how long they are retaining it and where they are storing it. Many Cloud Web Hosting providers provide a weekly backup failsafe within their hosting plans, so be sure to check your hosting provider’s backup frequency and at the same time, have a mechanism to include your personal backups within the hosting provider’s backup cycle.
- Are my Server Logs available?: A lot of information in terms of security can be achieved from Server Logs. In fact, every time you want to investigate regarding security threats, the forensics team starts by ripping apart the server logs to look for digital fingerprints. Unfortunately we often find that customers with entry-level Cloud Web Hosting plans either don’t have access to server logs at all, or that they are retained for such a short amount of time that they aren’t helpful. This, I believe is mandatory for you to ask from your Cloud Web Hosting provider.
There you have it! I hope this post helps bring in some awareness towards some of the hosting-related security issues that you need to stay on top of. If you have certain other things to add, that I may have missed out on, please feel free to put them forth in the comments section below for the larger audience to benefit from.