Hosted Applications and Security or Lack there Of

[gbugbear at gmail.com (Bugbear)]

Good Morning Everyone,

I had an interesting discussion with my boss yesterday over a really great
lunch and I decided to post it up here to see what dialog comes out of it.

We certainly have come a long way from a service provider just providing a
Virtual Web Server for our Corporate Web Page. Seems like everyone now is
selling a "hosted" solution. There is Anti-Spam Services, Message Archiving,
HRS Databases, Online Collaboration, Expense Reporting, DR Services, etc...
Every time I see such a  request or project plan in my Company for a service
such as these I get a twitch in my left eye and have a sudden urge to smoke.
In most instances I would prefer to have the apps in house but the reality
of being a mid-sized R&D company with no products yet and limited resources
sets in quickly.

What is everyone doing at work? Do you try to keep things in house? Maybe
based on the nature of the data (i.e. Hosted website offering up generic
info on Company is a lot different than a HR Database being out there)? What
does everyone look for when evaluating a host (i.e. SAS 70, other
independent audit reports, pens tests, site visits, etc...)?

Fire away I am very interested in every ones opinion!

Tim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20081031/da0af8a1/attachment.htm