When it comes to online business and web security, choosing a good web hosting is half of the battle. The adage, you pay peanuts, you get monkeys, has never been more accurate. There are various types of hosting out there and it is important to know what to look for when choosing a good web hosting.

Security should be baked into the business, not sprinkled over

There are various types of web hosting available on the market. Those worth mentioning are as follows: Shared; Virtual Private Server (VPS); Dedicated; Cloud; WordPress and Email. Surely you might have come across one or two of them online. Now, which one is more secure? The truth of the matter is that any hosting service provider that offers a power-user-access capability, thus allowing web security professionals to configure and harden the settings, is the ideal host.

The first one, the most pervasive type of web hosting, is known as shared hosting. There is a balance between cost and risk with shared hosting. Imagine that you rent a flat in a block of flats. In this analogy, the flat is your website, and the building is your server. You get the picture? So, you share energy, water and many other common supplies with the whole building. If that is a problem in the flat above you, fire, flooding, or power outage, for instance, you will probably share that too. But it was the cheaper option. Very simple concept, as multiple sites are hosted on the same server, yes you get lower cost but also great risk too.  Undoubtedly, you get the most common features, such as PHP, MySQL, and so forth, but you have limited flexibility and control. The general recommendation that shared hosting is best suited for blogs and smaller websites.

VPS hosting generally comes with greater cost than shared hosting, however, the risk level is low as each site or account is hosted in its own virtual container, hence the name, Virtual Private Server.  Typically, with virtual hosting you can access root files.  Alongside greater control; more flexibility and much better performance than shared hosting. Generally, VPS’s are recommended for larger sites where more control is needed.

Now if you want to have complete control over the web server and the entire server, then you probably need to get a dedicated hosting for your websites.  Surely, it’s more expensive than other options. More importantly, it requires an operator with a solid understanding of server software. Usually, dedicated hosting plans are recommended for larger sites with custom builds where control is a must. But remember the analogy? now you have your own house, so no sharing your resources and common areas with other noisy/pesky neighbours.

There is also WordPress hosting which is specifically for sites using the WordPress content management system. Many WordPress hosts automatically handle platform specific needs like updates to the CMS, automatic backups and other back-end support. This is ideal for those who want to use the WordPress platform but have less technical back-end knowledge. Again, you get what you pay for. WordPress hosting often comes with some default security settings. And securing a WordPress website is a topic on its own and should be done by a professional.

Finally, there’s cloud hosting. Cloud hosting is nice because it’s infinitely scalable and typically costs less than other hosting options.  It does, however, require a good understanding of cloud software and is ideal for sites with lots of traffic or traffic spikes.  If you choose a hosting plan based solely on price, you could be asking for trouble. Attention to the whereabouts of the physical server facility, as GDPR rules might apply by way of storing EU/UK data on non-UK/EU territory. Food for thought on this one and don’t forget to seek professional advice from Cyber Security professionals.

Use-Case Hosting options
Blogs and lower to moderate traffic websites Shared Hosting
Larger sites, needing more control & better performance VPS Hosting
Full control over everything Dedicated Server
Massive traffic spikes & surges for less cost Cloud Hosting

Baseline Security considerations:

Ensure that your nominated hosting provider has one or more of the following crucial security accreditations:

The geographic jurisdiction of the hosting provider is also an important element.  As a customer you have obligations around your customer’s data privacy and need to ensure that your hosting provider is compliant with Data Protection regulations – i.e., GDPR, UK DPA-2018

General considerations:

Risk management executives understand that security mustn’t be an afterthought. It must be considered from the early stages of project planning to the launch of a website and beyond. To coin the old security management adage ‘Security should be baked into the business, not sprinkled over’. Without a strong cornerstone foundation, it can be easy to make mistakes that leave your business vulnerable, and the more traditional solution of patching it up as you go along might cost you, your business and your clients a great deal more and that goes beyond sanctions and heavy fines. It will have unforeseen repercussions to the business as a whole – think brand reputation, customer loyalty and subsequently, making the news. On a positive note, by assuring your customers that you handle their personal information appropriately and in a regulated safe manner, you can enjoy the benefits of ROI by strengthening the brand and attaining and retaining satisfied customers.

This is just a summary to get you going in the right direction. Explore the different types of web hosting and what to look for when choosing a quality, affordable web host.  Once you know what you’re looking for, this information will help you find the best possible host for your site. Again, consulting web security professionals in the very initial stage of the project is critical and goes without saying.