Risk of hosting website on internal application server
-
This isn't really related to SEO, but it came up with a client....
We have a client that is hosting their website internally. That's not a problem except that the server it is hosted on is the same server where they host many secure applications with sensitive customer information.
We recommended to the marketing vp to move the website to a different server that doesn't host secure apps so we don't have be concerned about any conflicts. Their IT folks pushed back. So, I'm looking for some ammunition to support our recommendation.
Any ideas?
Thanks.
Bernie Borges
Find and Convert
-
Bernie, when you say they are hosted on the same server - do you mean hosted on the same physical hardware but on separate virtualized server instances? Or are they actually running on and sharing the same OS install?
Paul
-
Just checking if you're still looking for help with this issue, Bernie. If so, still need my question above answered to give an opinion.
Paul
-
Hi Paul,
Sorry for the tardy response. I don't actually know if the client is hosting the website on the same bank of servers as their client apps. Their website is https and they host it internally. Our contact is the marketing director and she has not been able to answer this question for us.
Thanks for your interest in helping me with this. Sorry I don't have more detail at this time.
Best regards,
Bernie Borges
Find and Convert
-
Just in case the question of site hosting is still under discussion, Bernie, I'd say you're absolutely right to be concerned about the website being hosted on the same server as sensitive client data. This is assuming they are actually hosting the website on the same operating system as the other apps.
This situation is EXACTLY what Virtual Servers have been invented for. They allow complete separation of different server instances, several of which can hosted on the same physical server hardware at the same time (so one piece of hardware can actually host several virtual servers).
The security aspect of this is huge. The harm that would come to the company if they had to disclose their client data had been hacked vastly outweighs the little bit of extra effort to maintain an additional virtual server for website hosting.
On a purely practical basis, the reality is that webservers often run into load issues, glitches, urgent security patches etc that require the server to be rebooted. This is far more likely to happen to webservers than application servers. There's no reason why these reboots should have to take down the other client apps in the process.
I've known companies running all on one server to avoid implementing patches because they were afraid the patches might break custom apps. As a result, the unpatched website got hacked, causing massive downtime for both website and apps.
So yea - if they're running everything under one server instance, they're begging for trouble (and breaking industry best practices).
If they're running all on one server but with the apps and website on different virtual servers (sometimes called virtual machines) they're fine.
Hope that gives you a little more ammunition.
Paul
-
03993
-
0395
-
084.1k
-
02124
-
07755
-
03485
-
08694
-
03845