Security in web hosting is affected by four areas. At the top is the security of the data centers that the hosting provider has to take care of. This includes non-technical things like building security, fail-safe power supplies (chords and generators) and proper cooling of the servers (air conditioning and fans).
The hosting customer has no influence on those elements, particularly when they are just buying a shared service (or any for that matter). The second area is the security of the network at the provider level, such as firewalls and intrusion prevention or DDoS prevention systems against cyber attacks of various types. Here, too, the host is responsible and the customer doesn’t really have much control, apart from IP blocking.
Level 3 is product safety. These include backups, operating system and software updates, and measures of system monitoring – as a result, service and support. Product safety is controllable by the customer by selecting and using the right product. That is why it is at the center of this article. We are deliberately not dealing with the fourth area of hosting security: administrative project security depends solely on the online project and must be guaranteed by this.
Main focus: Product safety
However different the hosting products are, the security features are so different. Shared hosting offers less controllable by the customer security options as a dedicated root server, the security features of virtual servers differ from those in the cloud. But there are also similarities: aspects of product security, which apply to all hosting variants. This includes regular backups, as they are the best precaution in the event of data loss.
Backups of files and databases
For virtual and dedicated servers, the backup of files is usually done using a file transfer protocol (FTP) to a server-independent storage space provided by the provider. Depending on whether it is a managed server or a root server, the setup and control of the FTP backup is more or less the responsibility of the hosting provider or the customer. How much storage space is usable depends on the selected hosting product. Often, several dozens of up to a few hundred gigabytes are included, more backup space costs extra. However, there are also server offers, where the customer has to pay for backups from the beginning. Automatic backups are standard, but additional manual backups do not offer any hosting solution. However, these are necessary so that the customer can secure certain data at specific times, without being dependent on the host’s specifications.
Apart from file backups, database backups are very important as database contents usually change. This can be managed by a free tool called “MySQL dumper”, which the customer has to install on his web-space.
Updates for system and software
Most of product safety-related issues are solved with regular updates of the operating system and the software. Critical security updates should be made immediately to prevent cyber attacks of all kinds. With shared hosting, the customer must rely on the hosting provider to maintain the systems. Anyone who hires a dedicated root server is responsible for updates to the operating system and the software itself. The administration requires expertise and costs time, which is why many users prefer to access a managed server, where the hosting provider takes care of system maintenance. But be careful: Which services are part of the server management and which does not, is the question you must ask when deliberating each hosting provider.
