I got a quote from a company which claims to be providing all of the following on a secure server that I can purchase from them @1200US$ per month with 800US$ setup fees. Before making a purchase decision for my client which is a banking organization, I would request you to kindly help me in deciding more confidently. As the sales pitch of the company may lead towards making a costly decision.
Here are some of the security specs that they came up with alongwith normal dedicated hosting offer;
- Web based Email with Anti-Virus Protection
- Gateway Level Anti-virus Protection
- Server Anti-virus Protection
- Denial of Service (DoS) / Distributed
- Denial of Service (DDoS) Protection
- Intrusion Detection System (host & network) Monitoring
- Worm Protection
- SPAM Protection
- Dual In-line Firewall Protection with 100% fail-over mechanism protection (High-Availability)
- Layer 3 switch filtering
- Layer 4-7 Switch filtering
- Mal URI Filtering
- Email backup independent of the network Cluster. (Off-site located mail servers).
- Secure Database connections using Kerberos authentication technique
(Using Cybercon.cm backend)
Do you think it is possible?
If possible, how would you charge and what software will my company have to purchase separately from your services?
Am I missing any critical security related hosting measure that should be well taken care of for a secure e-banking dedicated server which might be trading millions of dollars on a daily basis?
I need discussion only, so no offers please. For offers, I will use the appropriate forum, but later. Right now, I need some background credibility check on the secure hosting strategies that this company quoted us.
"I'm sure it's possible, but I really doubt it would cost that much anywhere else."
That may be based on WHT's pricing structure; and given that WHT represents an extremely small % of the overall market place...
Now, to think about...
In the U.S. a certified security professional starts out at $75,000 per year; and it is very common to see them getting paid $100,000 to $150,000 per year.
Now you have three shifts for 24x7x365 monitoring of the state of security of the servers. For three shifts with effective coverage for vacation, sick, etc. generally means four to six people (not three).
Hmmmm... do some math... $1,200 per month is extremely cheap.
The pricetag you mentioned has more to do with the critical nature of machine than the features it is offering you. Both are of course intertwined but this is the logic.
I actually concur with dynamic (and this would be the second time in one day) that the solution is indeed cheap.
One interesting link that would not be out of place here would be:
The Bunker is situated on 18 acres of land and surrounded by concertina wiring in Kent, England. It is an impregnable fortress, sitting 30 metres below ground. It has concrete walls three metres thick, steel doors weighing over two tons which protect the servers and digital storage units within.
Layered on top of this physical inaccessibility is a 24-hour watch with guard dogs, CCTV and a series of sophisticated access controls that offer the ultimate in protection from a myriad of attacks, including crackers, terrorist attack, electro-magnetic pulse, electronic eavesdropping, HERF weapons and solar flares.
That I guess is as much as I can offer to you in terms of advice, at this time.
Mediopia Technologies, Inc - Call Toll Free (24 x 7): 1-877-807-HOST
Windows and Linux Reseller and Shared Web Hosting Plans
SiteStudio, ASP, ASP.net, PHP, CGI, Coldfusion MX 6.1, Frontpage, MS SQL Server, MySQL, PgSQL ...
Originally posted by FnArFy Ummm... I'm sure it's possible, but I really doubt it would cost that much anywhere else... Anyway, it's not a good idea to follow through on purchases because you got a spam in you inbox...
Just where did he say that he got "spam in you inbox"?
I think he probably emailed someone and asked for a quote. At least that's the way I took it.
Why do people so readily jump in to bash someone/something when they don't know what they're talking about?
I don't know much about what he's asking (as far as pricing), but I do know this would be a steal at the price he says he was quoted.
I would think he'd have to pay a few thousand more to get the absolute best security that it sounds like he's looking for.
If I had a resource "trading millions of dollars on a daily basis," I would generally not trust someone else's server(s) (I would buy my own) or at least go with a highly reputable company. But those obviously have their own cost and/or resource issues.
The best advice I could give you though, is not to take the advice of us on a message board. Hire/contract a trusted security professional who can do a full analysis of the company you are looking at hosting with if you (or your client) are going to have millions of dollars per day on the line. The information you provide shows that the package seems to be a decent cost, but there's a lot more to providing a secure online environment (and having a history showing it) than what's in a package.
there area number of providers that provide security services such as this, and also have insurance to back it up if they fail. I am thinking IBM offers a dedicated services team just for situations like this, you might want to give them a call as well.
IBM and NCR are huge in the banking industry, and they are both highly reliable companies to use.
It seems a lot to me, just an opinion. I don't know how the world works, but almost all of these are part of even our most basic offerings (including shared hosting), it seems normal to me to have it as part of being in this business.
Also, I don't see anywhere in original post about 3 shifts, 6 people, US certified. Did I not read something right?
Is this a managed server quote, or is it this high just because of the things they offer that you listed in your post?
If this quote is for a nice SUN server, then it seems fine.
Actually, I think it's a fair quote, especially if the entire facility is secured and locked down... that's what you're paying for, primarily... the security of the server, the uptime guarantee (99.999% ?!? That's damned impresive!), and the best engineers this industry has to offer.
Would I pay for something like this? Heck no, not unless a customer was paying me for it... still doesn't mean that it's a bad deal.
Douglas Hazard - Certifiable Sports Junkie and Sports Community Enthusiast
Host of Two Cents Radio - Follow @TwoCentsRadio on Twitter (@BearlyDoug on Twitter)
If bank has really serious intentions about network dealing than he should for providers very thoroughly. It can also provide this services by itself but I think it will be more cheaper to entrust them to outsourcing company.