The need for top notch security in the hosting industry can not be overstated. Consumers and businesses are becoming more and more savvy to the need for security in all aspects of computing. However, understanding that you need security and implementing it are two very different things. Let me give you an example.
To fly to Mexico from Salt Lake City (Where my FAMOUS Utah Jazz are from!! GO JAZZ) requires a passport. My brother was supposed to fly to Puerto Vallarta today. He THOUGHT he didn’t need a passport to fly there, but of course he does. Don’t worry, I let him have it for being completely unprepared. He called me up and was depressed that he couldn’t be there with his friends. Being the person that I am I NEVER take “No” for an answer. I immediately started thinking how to get around this “security problem”. Driving into Mexico requires far less documentation than flying into Mexico (I’ll never understand why – actually I do, but lets not get into a political discussion when talking about security!!). I then called several Mexican airlines to ask if a US Citizen needed a passport to fly within Mexico. The answer was no. Fantastic, what if my brother flew from Salt Lake City to San Diego, took a 30-40 minute cab ride to Tijuana, and then jumped on a plane to Puerto Vallarta. It couldn’t be that simple. Surely I couldn’t get out of the need for a passport to fly internationally in an hour?
Sadly the answer was yes. Its great news for my brother who is getting on a plane in a couple of hours but pathetic that our countries “security” is so ridiculous. When security hassles legitimate customers but does nothing to stop determined individuals it isn’t security at all. So many products and services prey on individuals desires to be safe but really provide nothing but a VERY false sense of security. Unfortunately ignorant decision makers set security policy in every aspect of our lives. From banks, and financial institutions, to our borders, to our own computers security – its broken from the top down.
What can I do to provide better security for our customers? A lot! We work all the time to educate ourselves and update our servers with all the latest “real” security options available to us. I think we do a pretty good job, but we can always be better. I have seen huge hosting companies that are open to attack in multiple areas where one abusive person could literally destroy the company. I won’t name any companies, but I have first hand knowledge of many companies that take a less than stalwart stance when it comes to security in the hosting industry.
We do our best to segregate customers from each other so that when a customer of ours makes a foolish decision, or doesn’t keep their own code and security up to date that their own site will be compromised without affecting our other users. Security for our servers as a whole is our responsibility. Security for individual sites and those who choose to run scripts such as blogs, forums, etc is the responsibility of our customers. Please take that responsibility seriously!
Matt Heaton / President Bluehost.com