You’ve no doubt heard about “The Cloud”, but what is it? How is this something that can help your business?

What is The Cloud?

Put simply, cloud computing services allow you to use software and computer resources online as a utility, allowing you to pay for those resources when you need them, provided via the web, usually on pay as you go style models.

This means moving away from considering software as a product, being replaced by online services.

To truly be considered “cloud computing” the actual work of any applications is actually performed in the cloud, rather than on the user’s machine. Users are using an interface where they can access the data that is being processed online.

This allows for more complex tasks that would traditionally have been seen as beyond the scope for traditional budget computers to be performed online, with the customer gaining the results they need at more affordable prices.

So, where historically you may have installed Microsoft’s office suite when you purchase a new computer, many users are opting for cloud based alternatives, such as Zoho and Google Docs. In fairness to Microsoft, they have been making moves to the cloud offering a host of collaboration options with Office 365.

Google’s push on its Chromebooks as well is another example of the move to the cloud. With this, these laptop operating systems have been tied to the cloud, with all your apps, documents, settings and other files all stored there.

How Can Cloud Computing Help Your Business

The number 1 consideration is cost. As more functionality is taken off site, through needing less powerful machines, you can reduce your physical technology costs.

Disaster recovery is equally important. If you have all your local servers at the physical location of your office, running your email and information storage, what would you do if there was a fire or other natural disaster? Do you have off site backups?

Accessibility of the data is also vital. Business is rarely conducted just in the office these days, and being able to access everything you need remotely wherever you are working is important.

If you are using the cloud, you can avoid the technology purchase required to hold all that data. Equally, emails and information storage can be reached seamlessly from multiple locations, allowing things to be more accessible as well as cost less!

Scalability is also an important factor for choosing the cloud – resources are supplied and paid for on-demand, rather than having excess redundant capacity.

Of course, security is a concern when considering this migration. This is something that is constantly being addressed by providers of cloud hosting services, and whilst not completely infallible, the vast majority of the services are secure. There have been some headline grabbing gaffes from providers like Google and SalesForce over the years, but these have been small isolated issues.
Summary

By not getting your business ready to use the cloud, you run the risk of being left behind by more agile competitors, who will be improving efficiency, ensuring the security of their data and reducing their costs.

Can your business afford to not be moving to the cloud?

In the 1980s, computer viruses passed around on floppy disks were the main security risks. How things have changed! Now, we have bot nets, advanced persistent threats, social engineering, and phishing to worry about. Kate Craig-Wood, MD of hosting provider, Memset has provided this overview on what you can do to keep your site safe.

Evidence is everywhere that the number of cybercriminals remains a serious issue. From hackers, script kiddies and DoSers, we as hosting providers are fighting them all.

The Evolving Threat

On a consumer level there are the phishing sites, out to steal your credit card or online banking details by pretending to be a trusted brand, and at a business level there are threats and extortion.

dDOS attacks are typically launched from “bot nets”, or collections of compromised personal computers and servers. While alone any one of those machines, usually on the end of a home ADSL connection, cannot do much damage, if thousands of them flood a Web site with bogus requests then unfortunately the only real defense against such is to have more bandwidth than an attacker. Thankfully with more companies moving to cloud providers with massive pipes like us, that means that the attacker would need a bot net of many thousands of machines to cause damage.

There has also been a marked increase in criminals attacking popular sites and advertising engines to steal information and disable websites for political reasons. The recent wave of ‘hacktivists’ presents new issues for web hosts, as many traditional organisations are now having their sites hacked.

Steps for Protection

So what can you do to protect your website & online network?

Network Design

The first stage in solving the security problem starts with the development and design stage. If developers neglect to address all security issues, a future hacker will very likely exploit the flaw to extract confidential information from the website. To fix this problem, you must ensure scripts are very well planned and tested, especially those parts that deal with private information.

Using a Digital Certificate (Digital ID) from a trusted certificate authority in conjunction with SSL encryption provides a very high grade of security for all parties involved in a transaction. Keeping Content Management Systems (CMS) up to date is also crucial and ensures other security aspects of the site are updated. It’s worth noting that WordPress is notorious for being vulnerable without updates.

Choose A Good Password

A majority of hacks are caused by bad passwords. It’s not just a simple matter of changing ‘l’s’ to 1′s either, as these are still easy to hack.

We have performed rigorous mathematical analysis on how good a password needs to be for an encrypted file system, and determined that a 10 character random string formed from a-z, A-Z and 0-9 is effectively unbreakable. A 10 character password will cost $13m to crack, and quite frankly there are easier ways for hackers to get your information.
Tight Controls on Accessing Data
We allow all staff to access from anywhere using a laptop and a browser, using HTTPS for the security. Our business administration systems included, are accessed over the public internet via HTTPS, and we trust it entirely. VPNs are unnecessary and burdensome in today’s world of cloud. However, we do not allow access from just any laptop; it must be a company one, and the browser must used must have a password-protected, encrypted password safe (for saved passwords).

We also have tight, and regularly tested, procedures for revoking user access quickly. In the event of a lost laptop or compromised user password (or SSH key) we can rapidly change that user’s access credentials.

Further, any laptop that is used to store company data (most just access it remotely) must have an encrypted hard drive.

Therefore, if one of our laptops becomes lost all that is lost is the hardware – no data can be retrieved (we require password screen locks as well). We get all staff to choose an auto-generated password created by the open source software PWgen. This approach is much better than making them choose their own (often guessable) one and changing it periodically (which means they need to write it down to remember it).

Personnel / ‘Purchase Key’ Attacks

The biggest security weak-point for any organisation is its people. A determined attacker will not bother with trying to steal servers, nor hack into them, but will attempt to gain leverage over key members of staff; the “purchase key attack”. To protect yourself and your data, you should look to take the following steps:
1. All staff with access to company data should be CRB & background checked.
2. Access to servers should be gained via personal keys, and all access is logged.
3. Logs and activity should be routinely checked by head of security.

Choose Your Hosting Provider Carefully

The only thing one can do about bot nets is to have more bandwidth than the attacker (ie. an army of hijacked home computers), which is yet another reason why companies should be giving up owning and managing their own data centres and moving to the cloud where providers like us have gigabits of connectivity so can withstand such attacks, which happen frequently.

We also have firewall technology to dynamically detect and block attacking IPs in real time. This sort of cyber warfare is not new though, but has only recently made the news. We have been fighting off such attacks for as long as I have been in the hosting industry (12 years). All that has changed is the scale of the weaponry.

Memset is very upfront about their security procedures which you can see here.

Make sure your web host is upfront about security and also holds ISO 27001 certification as a minimum.

Tags:

Breaking news: you can save 50% on any HostGator hosting plan until the end of today.

You’ll find HostGator‘s Black Friday promotion right here.

That means you can get a whole years shared hosting for just $23.76.

The discount applies to first invoice, so you need to prepay (ie, pay for a year or more, not month-by-month) to get the best savings.

HostGator are one of the hosts we hear consistently great reports from our users about (especially their phone support). Our user HostGator reviews say it all.

As the hosting industry becomes more diversified it is also becoming more specialized. These days, there are hosting brands and services for nearly every single application, operating system, CMS, client type and country.

If you have a specific need for your site, there’s a company out there that can meet it.

HostBaby is a predictable extension of this specialization. HostBaby is not just a hosting company targeted at musicians, it’s an entire hosting platform.

I recently found myself in need of a quick site for a friend’s band and decided to give HostBaby a try. Although my expectations were initially low, I was surprised to find that HostBaby is actually a fairly powerful and robust system, and one that many musicians (and their developers) may want to consider. Read the rest of this entry »

The blog commenting landscape is dominated by a handful of big names. Currently, Disquis and Facebook have the lion’s share of the market, although Automattic, the owners of WordPress.com, have a large presence with their Intense Debate platform.

However, a different company is hoping to challenge these stalwarts of the industry. Livefyre, although it’s been around almost a year and a half, is still widely thought to be the scrappy upstart of the field.

But Livefyre isn’t just billing itself as a “me too” operation. The platform is working to add compelling new features to separate it from the pack. I decided to give it a go.

I haven’t been using Livefyre long enough to comment on how it affects my community, but I have formed a quick first impression. It’s a service with a lot to love, but there are a few rough corners that might give webmasters reason to pause before signing up.

The details, as usual, are below the fold. Read the rest of this entry »

Uploading anything more complicated than basic HTML (for example, a PHP script), usually requires some fiddling with permissions settings to make things work properly. Whether you’re battling an error or just following the instructions to install a new script on your server, you at least need to know how to set permissions.

However, many webmasters successfully set their permissions without realizing that’s what they’re doing OR why it’s so important. This can lead to serious mistakes that can, in turn, lead to security and reliability issues.

Here’s the good news: permissions are easy to understand and virtually anyone can grasp them in a few minutes; all it takes is an understanding of the underlying concepts. Even the mysterious numbers we see when we use the CHMOD command will become much clearer. Read the rest of this entry »

When it comes to hosting and setting up a website, many people focus almost entirely on the technical skills one needs to keep things running smoothly. At the very least, a webmaster needs to know how to use a computer and how the Internet works, right? Only sort of.

Thanks to CPanel, WordPress and a slew of other tools, very little technical skill is actually required to get a site setup. In fact, if you’re willing to use a free hosting service, you’ll only need the necessary to skills to fill out on online form to get a site up and running in minutes.

Instead, these days, a webmaster needs just as many personal skills as technical ones.

Rather than heavy duty tech skills, your site‘s success could well come from your ability to reach out to people, both to seek help and to spread your message.

Here are some of the key personal skills you’ll need to set up and run a successful site. Without these, it is almost impossible to build a successful Web presence, much less keep one going any length of time. Read the rest of this entry »

WordPress users (and that includes us!) will be happy to know that version 3.2 had a beta release last week, bringing a slew of new features that are designed to improve the performance, usability and appearance of the blogging platform.

However, this upgrade is rather different from the others. The most touted changes are not new features or tools, but rather speed and design elements that should make WordPress cleaner, lighter and faster.

The idea is for WordPress to drop many of its old technologies and start looking forward, streamlining its code and appearance to focus on what really matters.

Sounds like a tall order eh? I think WordPress might well be able to deliver on it, although it’s tough to say at this early stage. Read the rest of this entry »

Since TwitPic’s recent controversy over its terms of service, which saw the company backtrack from an aggressive TOS that prevented its users from reselling photos they had uploaded to the service, a great deal of new attention has been focused on the contracts and agreements we sign every time we register with a new service.

It’s a fact of life that most of us don’t read our terms of service when we sign up for a new hosting account – a decision that can cost us dearly in the long run.

I can confidently say there is probably a great deal in your current terms of service that you don’t realize is there. If there is ever a legal dispute between you and your host, these could come back to haunt you; you might well have signed away more rights than you intended.

So what are some of the things buried in your TOS? Here are five things you’ll find in virtually any and all TOS’ and what they mean for you in the event of a legal dispute. Read the rest of this entry »

When it comes to third-party site statistics, Google Analytics (GA) is pretty much the gold standard. It provides a tremendous amount of practical information, integration with other Google products, including Adsense and Adwords, and clear charts all for free.

However, Google recently announced that it was taking things one step further and adding something almost no other analytics system has – a site speed feature.

The idea is fairly simple: as users load your site and the Analytics code, Google can track how long your page takes to load for them. Just like with any other statistic that GA collects, you can break down this information by page accessed, browser type and other variables to help you get a better understanding of how fast your site is moving and what variables might be causing it to slow down.

This feature is not automatically enabled on all GA accounts and will take a few steps to set up. However, once you do, you should be able to get a much more robust understanding of how your site and your host are performing with actual visitors. Read the rest of this entry »