The VAR Guy Blog

10 Questions to Ask Your Hosting Provider

The security of your website is something you cannot afford to ignore if your online reputation and the safety of your customers and visitors matters to you.

Research from SophosLabs, Sophos’ global network of threat intelligence centers, shows that 80 percent of websites where malicious content is detected are actually innocent sites that have been compromised by cybercriminals. Any site can be a target for this type of attack, from the largest global corporation to a local community volunteer organization.

The security of your website is something you cannot afford to ignore if your online reputation and the safety of your customers and visitors matters to you. One of the key choices when creating an online presence for your organization is choosing a hosting provider. There are many factors to consider including cost, bandwidth, resilience and additional services, but for now we will discuss only the security-related considerations.

Here are 10 questions you should be asking your hosting provider about features and services that will help to keep your site secure, covering general security practices, application security and operation of the site itself.

  1. What is your security policy?
  2. How do you handle security breaches?
  3. What is the platform under my application?
  4. Do you offer SSL (HTTPS)?
  5. Do you backup?
  6. Who is responsible for installing applications and CMS platforms (e.g. WordPress)?
  7. Can I disable applications and services I’m not using?
  8. Who is responsible for updating applications and software?
  9. Do you do any security monitoring?
  10. How are uploads secured?

For additional details, download the "Choosing a Hosting Provider" whitepaper from Sophos (no registration required).

Monthly guest blogs such as this one are part of The VAR Guy’s annual platinum sponsorship. Read all of Sophos‘ guest blogs here.

Discuss this Blog Entry 2

Lee Atherton (not verified)
on Mar 19, 2013

Although we had already chosen our hosting provider, this was great information for us to confirm that we made a good choice. Thank you!

on Mar 20, 2013

Lee, Team Sophos:

Great list. The VAR Guy learned some of this stuff the hard way. For instance, there's a difference between a cloud service and a managed cloud service. For a base cloud service, you pay the hosting provider to keep its core infrastructure (server hardware, storage, network, operating system, virtualization) up and running and optimized. But the hosting provider typically won't touch, manage or optimize your application for you. That's where a managed cloud service comes in. Important distinction.
-TVG

Post new comment
or register to use your The VAR Guy ID



Sponsored Introduction Continue on to (or wait seconds) ×