Internal vs. external hosting security

Anon

I’ve been asked to provide a place for our sales reps to view and modify sales related data. My first thought is to put this on our internet site to provide the easiest accessibility for them since they travel often. But there are some concerns with having sensitive data of this nature stored outside of our internal network where we feel we have the most control. My question is, generally speaking can a site hosted by a hosting company be as secure as a site hosted internally? And vice versa? How can I know how secure the data in a MySQL database on our host’s server is, besides asking them? I guess I’m looking for the pros vs. cons of each scenario.

bastien

you would have to ask them:

where the Db is located, in the root directory or outside the root?
how much control will you have to tune the granularity of the of db (who has access to what and what can they do with it?)
do they hide the server version data (to prevent hackers from exploiting any potential loopholes in the security with the knowledge of what the server software is?

Unix is generally less vunerable to hacks by virtue of better code, but as the source is widely available, sophisticated hackers may be unstoppable.

Yet hosting the server yourself does not allivate this at all, unless you have a really good network admin who can configure the server correctly. and even this may not prevent attacks on the server and hacks of the system.

Encrypting the data in the DB is a good measure of security as anyone who gains access to the server shouldn't be able to view usable data. Connection to the application via SSL with also encrypt the data stream to the users machine and help to secure the data.

In a nutshell, you pays your money and takes your chances...but proper coding of the app and encrypting the DB data should cover a good deal of the issues here.

hth

bastien