With many businesses reassessing their hosting needs after the disastrous attack on Distribute.IT, they'll want to ensure that they're prepared, should history repeat itself.
ZDNet Australia talked to several hosting providers about the checks that customers should carry out before moving their services, and safeguards that they can put in place in case the worst does happen.
Check who the hosting company serves
Gabrielle Danczak of Hostworks said that businesses need to be aware of the type of customers the hosting service has on board and keep in mind that cheap services might not offer the standards certain businesses require.
"Do your due diligence about who your provider serves today and what they do to serve them. Are you hosting your $100 million per year site with a provider whom 90 per cent of their business are smaller, less critical websites?" she said.
Be sure of your uptime expectations
Hosts are not infallible and businesses need to consider what the impact will be to their brand during downtime.
"Even if your website is smaller scale, if its relevance to your brand is its availability, then you need to ensure you are with a supplier who can guarantee high availability," said Danczak.
Check the hosting company's physical security
Security also doesn't end at the web. Sites that hold critical information are still vulnerable at the physical layer, yet many businesses never see the infrastructure supporting their hosting.
"If your site is critical, look at the security and robustness of your supplier's infrastructure. Tour their facilities and question them about all aspects to understand who and what you are placing your website with and on," said Danczak.
Make sure the company is transparent
Bulletproof Networks CEO Lorenzo Modesto said that while the nature of the failure will dictate what steps a hosting company should take, they should always keep their customers in the loop.
"The emphasis should always be on communication proactively, transparently and consistently with your customers' base," he said.
The company has to understand your vertical
Different vertical markets have different security issues. The hosting provider will need to be aware of the issues that affect the market your business resides in. Danczak recommended staying abreast of the threats and maintaining communication with the host to ensure they can assist the business in protection where possible.
Depending on your business' market, it may have different security concerns. Danczak recommended staying abreast of the threats and maintaining communication with your host to ensure they can assist your business in protecting against them, where possible.
Modesto also said it was important to see how the business' technical people interact with a provider's engineers.
"This can also be a very good way to perform technical due diligence on a prospective supplier," he said.
Have a business continuity plan
Danczak said that at the end of the day, the onus lies with the business to ensure it has a plan to ensure it doesn't suffer because of supplier failure. Despite this, Modesto said that many businesses fail to even have one.
"We're always amazed at the number of businesses that haven't even started the process," he said.
"More and more mission critical providers will be enhancing their products to include data recovery capabilities and infrastructure, but this will never replace properly executed internal documentation that covers off the business' strategic risks and likelihood of various scenarios."
Maintain your own backups
Even though many hosts provide the option of off-site backups, Modesto said that the ultimate guarantee for data recovery was keeping control of locally stored backups in addition to what hosts might provide. He also said it needn't be expensive.
"Part of every business' data recovery planning should be a basic evaluation of the value attached to the loss of any particular application and/or database — this, associated with the likelihood of any particular disaster, will then drive the resources that are allocated to mitigating the risk," he said.
"You don't need to break the bank — this can be designed cleverly and cost-effectively and can even be combined with test, development or user acceptance testing infrastructure."