Last week I went to Miami, Florida to attend a corporate security conference. 1.5 days filled with excellent information about the latest security trends and other things in regards to make your corporate environment more secure. One of the key points made was that a while ago everyone thought that evolving technology would make us more secure. But looking at today’s situation – it doesn’t. The technology can be awesome but as long as we have to deal with the user factor we will never be secure. Look at your hosting servers. You apply all necessary patches. You run a firewall and maybe a brute force attack detection tool. Your server is secure until you put the first web hosting account on the server. From that moment the security level goes down hill. And there is nothing you can do. Security is a big trade-off. You want a secure server – don’t put any customer accounts on the server. But you also want to make money because you are a web host running a hosting business. So, by adding customer accounts to the server you are trading off on security. That’s how it has been in the past; that’s how it is today; and that is how it will be tomorrow. So, what can we do to stay secure? You will continue to patch cpanel vulnerabilities and operating vulnerabilities as always. But what else? You will need to scan your server for 3rd party scripts to see if they are outdated and need to be patched?! But that will take away valuable time and take pieces out of your revenue. How about educating users on an ongoing base? They sure will appreciate it, right?! With all those security issues surrounding the Internet user today your customers will become numb to your educational messages very soon. So, what is the solution? What are the experts proposing? The truth is – there is no "one" solution. Every environment is different and every individual is different. Define standards and policies as a first step. Only with a good set of policies in place you can communicate with your customer. From there it is up to you how you are going to enforce server security. Work with your customers right from the start. Maybe have them logon to a certain webpage once a month or a quarter where you ask them to acknowledge software patching and also make them aware of security related issues. The options are unlimited and you will never get to 100% security – but every single step towards 100% is a step into the right direction. Stay safe ….. until next time. Best regards, Christoph Puetz
Leave a Reply