June 24, 2004

Should you trust your ASP

In light of the breach of AOL's security, it's really got me thinking, "HOW SAFE is your data that is hosted by someone else".

Thankfully AOL customer credit card numbers were not stolen. However, these things have happened, many times, in other instances.

Intranets.com, Salesforce.com, Yahoo, NetSuite and so many other pure application service providers hold YOUR data on their computer systems. What happens if one of their disgruntled employees decides to either steal your information, destroy your information or lock down the computer systems.

I'm sure these companies do as best they can to combat any theft of corporate data, but if it can happen to AOL I'm sure it can happen to others.

Bob Parsons, president and founder of GoDaddy.com shares what GoDaddy does to protect your information.

Should businesses worry about their information being held by ASPs such as yourself? I know you are not a pure bred ASP as others are, but you do have web based services. What if one of YOUR employees either steals your customer information and/or even locks up your systems, preventing your customers having access to their data hosted by you?

There are many "what ifs" when dealing with private information. However, Go Daddy goes to great lengths not only to secure the employees they hire but also to secure their customers' personal and private information. Our systems are intricate and operate at levels that would make it impossible for one employee to "close out" customers and/or other employees. Plus, we have our own internal fraud department that investigates all claims, more often catching the suspicious activity before our customers' even know about it.

What can ASP's do to protect themselves?

It is important in any business to have checks and balances within the organizational structure. This prevents any one person from having all the answers and therefore, all the control. Of course, you must also look closely at the people you hire and it helps if the employees are comfortable within the organization to report suspicious activity of any kind to the higher authorities.

Technology consultant Scott Wolpow gives this enlightening story:

Corporate data is a prime list to sell to head hunters. Insider theft is now and will always be a risk. There is not much an ASP can do unless the company enacts good security. For one client I developed a system where no one employee good access more than 10 records at once. This and other security methods proved to be too much of a headache for the workers. The chief complainer worked to get me off the job. Months later they stole the customer list. Big surprise!
The answer is always the human factor. A business needs to balance access with risk.

0 comments