Results 1 to 7 of 7
  1. #1
    Join Date
    May 2001
    Posts
    348

    P&P in place of handling customer data in your company?

    I understand that hosting companies and their staff will have full permissions and root access to all data, but any company has P&P or some sort of guideline in handling (actually reading) customer data on the servers?

    I'm sourcing a hosting company to place some sensitive data (e.g. customer list). Hosting fee won't be a consideration here.

  2. #2
    Join Date
    Jun 2006
    Location
    East Coast // NYC
    Posts
    1,693
    Well, honestly a hosting company shouldn't be messing with your data (or even reading) without permission. Also, may I recommend that you encrypt and password protect this data.

    Thanks.

  3. #3
    Join Date
    Oct 2006
    Location
    uk
    Posts
    448
    It depends how far you want to go.

    As with everything nothing is 100% secure or risk free.

    One highly secure solution would be to buy our own server and co-lo it. You would store the sensitive data on an encrypted partition. Thus meaning even if someone was to gain physical access to the hard drive without your key it would be useless.

    You could take it an extra step and build your own datacenter just for this data

    However these solutions would be pretty costly.

    Encrypting whole databases is not normally a solution as it effects performance....

  4. #4
    Join Date
    Jun 2004
    Location
    Tampa Florida
    Posts
    428
    It would depend on what typoe of host you are looking at. There are some hosts out there that, for customer reasons, comply with the "Sarbanes Oxley" act restrictions with reguards to client data. Many are going to be higher end datacenters that don't really advertise...

    Track the hosting down on a few medium sized publicly held companies. Thats a good place to start.
    Rock solid hosting and dedicated servers since 1998!
    StabilityHosting Where stability and uptime are king!

  5. #5
    I would concur with the rest of the group. Most reliable and stable companies that provide hosting have SOP's which limit who has access to data on the servers. The people that have access have struck guidelines to follow. Most companies have a no access policy unless the customer requests support that requires the host to access that information.

    Another reason it would be accessed is if the federal government requested it or by court order.


    Hope this information was useful.


    Regards,
    Chris
    Heath Hosting – offering Shared Hosting services with that extra personal service and support
    IN HOST Reseller Hosting – offering reseller hosting services only Service will be available January 2007
    cPanel - WHM(Reseller only) – Fantastico – Unlimited Domains –OVERSELLING ALLOWED on reseller plans
    RVSkins – 15 Day Money Back Gurantee – 24x7 Support Ticket System –Servers located in Dallas Texas

  6. #6
    Join Date
    May 2001
    Posts
    348
    Quote Originally Posted by vantage255
    It would depend on what typoe of host you are looking at. There are some hosts out there that, for customer reasons, comply with the "Sarbanes Oxley" act restrictions with reguards to client data. Many are going to be higher end datacenters that don't really advertise...

    Track the hosting down on a few medium sized publicly held companies. Thats a good place to start.
    thanks for your advise, seem it's a good point to start with.

  7. #7
    Join Date
    Jul 2006
    Location
    Detroit, MI
    Posts
    1,955
    Quote Originally Posted by eric418
    I understand that hosting companies and their staff will have full permissions and root access to all data, but any company has P&P or some sort of guideline in handling (actually reading) customer data on the servers?

    I'm sourcing a hosting company to place some sensitive data (e.g. customer list). Hosting fee won't be a consideration here.
    Your best bet is to ask the companies you are interested in if they will accomodate, though the next issue becomes their experience with such processes, as I am sure they will accomodate you. We have had to do similar, and some Sar-Box infact, custom processes for clients, though they are not a volume segment of the market, and depending on the level of compliance can be extremely costly so it is not advertised. I would imagine other hosts operate in a similar fashion in this regard.



    Best Regards,

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •