Service and support play an essential role in webhosting security. Because all technical measures are of no use, if no help from the hoster is to be expected in an emergency. So ask your provider, which services the standard support by phone and e-mail includes and what costs incurred. 24×7 help should be self-evident, but it’s not: Some hosting providers do not provide 24/7 support or charge high fees for out of hours assistance. In a service level agreement (SLA), some hosters specify their services exactly. Often they also provide information on the availability of their offers.
At first glance, between 99.0 and 99.99 percent availability does not seem to be a big difference. What is one percent already? Very much! Because one percent of the year is about 3.5 days. If hosters guarantee “only” 99 percent uptime, it means the hosting plan can be up to 3.5 days a year without the provider being responsible. For many Internet projects such a failure would have fatal consequences.
Secure cloud hosting and privacy
Cloud hosting distinguishes between public clouds, private clouds and hybrid clouds. When it comes to safety, this distinction is especially important.
Public clouds correspond to the basic idea of cloud computing: the hosting customers share the resources offered by the provider. The required hosting services can be changed at any time, during operation. With autoscaling, this resource adjustment is even automatic.
The customer pays only for services actually used. As advanced as it may be, the security situation is so unclear: it is possible that the “locations” of public clouds are anonymously distributed all over the world. Users can not spatially locate their data. They may not know in which countries, in which data centers, on which servers and with which software their data are stored and processed. According to the philosophy of cloud computing, the customer probably does not know whether the hoster outsources services. So it is also conceivable that providers operate a trade in their resources.
Critics of Public Clouds even see an increasing risk of data theft, as more and more people get administrative tasks and could be among them “black sheep”. The recent ruling of the European Court of Justice on the
Safe Harbor Agreement also shows how difficult international
law currently is. The court had annulled the agreement governing data exchange between the EU and the US because it did not sufficiently protect the personal data of European Internet users from access by US authorities.
No wonder many companies prefer private clouds. These are dedicated server environments where the hosting customer can run their own private cloud. He does not have to share the infrastructure with others. This limits the scalability of hosting offerings but increases security.
A German company that outsources personal data to a cloud provider must ensure that it complies with German data protection laws. However, only hosting providers based in Germany guarantee this. But a data center in Germany is no guarantee.
The best example is the Amazon market leader with its Amazon Web Services (AWS), which includes, for example, the public cloud solution Amazon Elastic Compute Cloud (EC2) and the Amazon Virtual Private Cloud. Anyone using these services in Germany to store data under data protection laws may be at risk. Although Amazon has its services more in line with European law this year, there is no guarantee of compliance with German law.
For customers of a German hoster, the use of a hybrid cloud could be interesting. Data relevant to privacy is stored in a private cloud, other data in a public cloud. At peak loads, the customer can add more power from the public cloud.