Many agencies offer a retainer-based model to their clients. This is an agreed (usually monthly) fee to cover future digital activities once a website has been launched. Retainers can cover costs for marketing activities, social media activity, blog writing etc. Website maintenance is often considered as an ongoing service to make sure components are always up to date. Vulnerabilities are commonplace in CMS platforms, plugins, PHP etc, and so it’s important that fixes are applied promptly when released.
There are other security considerations to factor in, which a managed hosting provider can help with, but can make up part of the service included within an agency’s retainer fees.
DDoS mitigation
Distributed Denial of Service (DDoS) attacks on websites are becoming more and more frequent. These attacks occur when large numbers of infected computers around the world are used collectively to connect to a target website entity at the same time. The objective is typically to overload and bring down the target. Other, more sophisticated types of attacks aim to compromise website security to obtain potentially valuable information such as credit card details or other personal information.
DDoS and other attack mitigation processes should form part of any business’ risk considerations.
PCI (Payment Card Industry) Compliance
eCommerce businesses may be asked to provide regular security scans (ASV scans) to their bank or payment gateway provider. These scans test hosted servers’ security against a library of known vulnerabilities and risks. Passing scan reports are required to prove that the hosting environment is sufficiently secure to be storing, processing, or transmitting customer payment information. Fines can be issued to merchants that fail to provide passing scan reports on time.
A managed hosting provider may include a compliance guarantee with all services suitable for hosting eCommerce websites. They should be proactive and ensure all critical vulnerabilities are closed and cooperate well with security scanning providers to ensure the continuous changes to compliance requirements are adhered to.
Penetration testing
While PCI compliance is a payment card industry standard, there are plenty of other valuable assets that businesses could host online. What options are available to provide assurances that these websites or applications and the hosting platforms used are as secure as possible?
Penetration testing aims to find and exploit vulnerabilities within any online service a business uses. This could be a hosted website, an internal office application or anything else that is exposed to the internet. Penetration testing can comprehensively test server systems and the applications running on them, with the objective of finding holes in security, and allowing customers to close these before they are exploited. Hosting providers should have a good knowledge of penetration testing and be able to help customers agree on the scope of the tests.
ISO compliant hosting
ISO are internationally recognised standards, with certification issued to organisations that demonstrate compliance. Think of ISO standards as a formula, agreed by experts, that describes the best way of doing something.
ISO standards set the accepted best practice for processes within all types of businesses, whether they sell products, or provide a service or a system. Independent ISO auditors examine a business to confirm they operate with the best security, safety, environmental considerations, and quality standards. Different ISO certificates are issued for each of these standards. ISO 27001 focuses specifically on information security. Digital agencies can now select a hosting provider with suitable accreditations, and the ISO 27001 standard is often an essential requirement. Agencies can then provide assurances to their customers that the hosting service they use meets these high standard penetration testing and be able to help customers agree on the scope of the tests.rs should have a good knowledge of penetration testing and be able to help customers agree on the scope of the tests.