When working with an ASP, it is a good idea to ask whether or not they are using specific tools to enhance the security for their end users. There are many tools available that can increase your Internet security, and the list is growing daily.
For example, Atalla (http://www.atalla.com) offers self-contained, PCI-based, cryptographic hardware. These systems are built to established standards for tamper proofing and can be inserted in industry-standard PC platforms to perform the cryptographic functions for PKI/ SET or other security protocols. Some of these tools can also be used on the end user's PC to enhance security for their own applications.
A similar product, offered by 3Com, is a PCI NIC/accelerator card that offloads the computationally expensive handshakes for data security. The 3CR990 accelerates processing, freeing the server or desktop machine to run the business application by offloading the more complicated computation required for encryption and IPSEC. The end result is faster processing and thus less time spent on the server. This reduces windows of vulnerability, depending on where the client and server are located.
According to Allan Vance, director of managed security services at Atlanta-based Internet Security Systems, the need for security doesn't stop at the transaction level. He suggests users make sure their ASP can provide good answers to the following questions about overall physical and network security design as well as the procedures that are in place to ensure a proactive approach to security management. Do they have firewalls and intrusion detection technology in place? Do they regularly assess their security with automated vulnerability detection or 'scanner' software? Have they designed and implemented their networks and hosts to be resistant to Denial of Service and other Internet attacks? Does their operations staff have training in security operations and security incident handling?
Vance also commented that "security is a multi-layered and dynamic challenge to ASPs, just as it is to all organizations. Good ASPs take advantage of a total lifecycle approach to security: they assess their security status, design and deploy the proper technologies and processes and manage them for continuous improvement. Your business-critical applications and data are only as safe as your ASP's own infrastructure."About the author:
J. Kerr is a contributing editor based out of Nova Scotia, Canada.
Related book ASP - Application Service Providing : The Ultimate Guide to Hiring Rather Than Buying Applications
Author : Scn Education Bv
Publisher : Morgan Kaufmann
ISBN/CODE : 3528031484
Cover Type : Hard Cover
Published : July 2000
How can you use ASPs for your business? The Application Service Provider-market is on the verge of becoming a multibillion-dollar business, from its position as a niche market. Hiring an application instead of buying one means that the network (i.e. the Internet) becomes crucial. E-mail and Web site hosting were the first two killer applications for ASPs. What kind of applications will follow? Word-processing? Or even Enterprise Resource Planning software?