ASP legal and security issues

This tip is excerpted from an online event held on our sister site, searchServiceProvider, with Morris Smith, VP of Technology at ThinKnowledge Networks. Here, Smith discusses some security issues and many of the legal issues that crop up with application service providers (ASPs), stressing the importance of service-level agreements (SLAs).

Q: Is business continuity a big issue in ASP business? Would an ASP's customers be concerned with the ASP's recoverability?
A: Redundancy and disaster recovery should be an intrinsic part of the ASP's system design and they should be able to explain their recovery plans and procedures.

Q: What do I do to ensure the ASP's staff is protecting my data? What security measures should they be taking?
A: This should be spelled out in the SLA. There are quite a few things that they should or could be doing, however, at a minimum they should be addressing the areas of backup and recovery, physical security of the data center and electronic security (i.e. hackers).

Q: What is the standard contract length between a user and an ASP?
A: We are more often than not seeing 36 month contracts and occasionally 24 months but at a slight premium.

Q: Should I have legal counsel involved when preparing my SLA?
A: Normally you would not prepare the SLA. A competent ASP will have a comprehensive SLA already designed and ready for the customer's

    Requires Free Membership to View

signature. You may have your legal team review it or offer changes, however the primary document should already be in place.

Q: Regarding SLAs: Do customers pay more for more detailed SLAs, i.e.: security, data storage, network performance, etc.? Have you seen ASPs itemize how they would charge for their SLAs?
A: Data should always be treated the same regardless of the SLA. Everyone's data should have the maximum safety. The SLA covers not safety of the data but uptime and availabilities of the applications. My COO likens it to first class and coach on an airline. Everyone is just as safe; it's a matter of who gets the extras and amenities.

Q: SLAs, I've been told should cover three areas: performance, procedures, and reporting, and that there should be penalties for non performance... What penalties does ThinKnowledge commit to? Or would you expect ASPs to commit to?
A: Most ASPs offer no financial compensation at all or they expect you to come and ask for it; which means you have to identify, track and record it. ThinKnowledge offers up to a 50 percent credit and will proactively notify its customers of any issues that require such a credit.

Q: Many ASPs outsource their data center and network facilities to hosting providers. What do you consider their responsibility regarding: network layer, platform, apps, operations, end services? How would you write that into the ASP's SLAs?
A: The customer has a contract with the ASP not the hosting center, that is the ASP's problem and they should take full ownership of any and all links between their servers and the customers' desktop devices.

Q: One of the great obstacles facing ASP models is moving beyond the perception of "If the data is not housed locally, how can I be sure my data is safe?" This is especially true in providing collaboration tools where the perception is "our knowledge is our competitive advantage." How can ASPs provide that assurance and a level of comfort to the customers beyond the SLAs?
A: Seeing is believing. Talk to their management team and visit their data center. If you are talking to the right ASP, 80 percent of your concerns will disappear after seeing the infrastructure that you are using.

Visit searchASP.com to read more of this online event.

Related book

ASP - Application Service Providing : The Ultimate Guide to Hiring Rather Than Buying Applications
Author : Scn Education Bv
Publisher : Morgan Kaufmann
ISBN/CODE : 3528031484
Cover Type : Hard Cover
Published : July 2000
How can you use ASPs for your business? The application service provider-market is on the verge of becoming a multibillion-dollar business, from its position as a niche market. Hiring an application instead of buying one means that the network (i.e. the Internet) becomes crucial. E-mail and Web site hosting were the first two killer applications for ASPs. What kind of applications will follow? Word-processing? Or even Enterprise Resource Planning software?

This was first published in May 2001

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.