Choosing a web hosting provider will make your life easier, but what information do you need before choosing the best host for you?
Security is obviously one of the main concerns. Security breaches in your website will cost your business dearly. Your reputation is at risk if your security is not up to scratch as your website is the window through which the world looks at you, your business or your organisation.
Some providers only give you server space and a connection and leave all of the security up to you. Ideally you should be looking for web hosting in Australia that offers non-stop traffic checking, scans for malware, and protection. It is also worth considering how the hosting provider secures their internal network.
How the hosting provider secures their internal network is another important thing to consider. Understanding how the provider protects your data is the key to keeping your website secure. You also need to be aware of how the provider deals with breaches in security. How quickly the provider contacts you are extremely important for the safety of visitors to your website. Check the procedures they have in place if a security breach does occur. Do they have procedures to help restrict access to your site? Do they assist cleanup and restoration of the site? Do they have service agreements in place to deal with response times to any security breaches?
Also, think about what server platform your CMS application will is installed on and how it is secured. A critical part of securing any underlying platform is applying updates and security patches. Some of these patches will require a restart of the service or the server itself. Knowing how often maintenance is required, and the effect it will have on your website is important. You will need to access the correct balance between operation and security. You will want everything properly secured but also require minimal downtime to your web site.
How the provider monitors security is also important. In many cases, a compromise to your websites security will be discovered by visitors to your site who are alerted by their own security software. It would be a lot more convenient and less embarrassing if you found out first and fixed the problems. A provider that offers security monitoring can, therefore, help to alleviate this.
There are several technologies that providers can use for this including Anti-malware scanning to check for malicious files hosted on your site which include firewalls known as WAF to highlight and filter attacks on both your databases and applications, plus Blacklist monitoring to alert you when a third party detects a compromise
Most service providers will provide some of the above technologies for free, but usually the more robust security monitoring are available in premium packages.
You need to know that your content gets to the host securely and that no one else can access it. The easiest way for an attack on your website is for them to get content onto the site, in the same way that the site owner does. The File Transfer Protocol (FTP) is a nice easy way to upload content, but unfortunately it is not secure. User credentials are passed in plain text and so are easy to find. For many years, malware around the world has been monitoring, logging and stealing FTP credentials.
Deactivating risky or unwanted mechanisms that update regularly can keep your website safer. Additional services may still be visible to attackers as a way into the server, increasing its attack surface. In some cases, the initial server configuration process allows you to select the applications you want to use with the option to add others later. Many providers offer one size fits all packages with a range of standard tools installed. In those cases, you have to be sure that even the tools you aren’t using are kept secure.