Hi Richard, I'm not sure what you are really asking. The legal issues are that it should be part of your contract what they should and should not do for you. For example, my company has a web application for the auto industry. We put our box in a collocation facility. We contracted for no security. All I want from them is: Internet connection, power, space, and physical security. I provide my own security solution. The reason is that I have no one to blame except myself and I also don't have to rely on anyone else. I'm also a consultant. One of my customers was recently setting up a server facility. They decided to put a firewall in front of all their customers web pages. I advised against it before they bought it and I told them they were wrong after they did it. They now have one firewall in front of all their customer's web sites. I certainly would never put my application at such a location. Nevermind the complexity of trying to maintain that rule set, what happens if one customer demands a change at a time when it is the peak usage time for another customer? If you want the other company to provide security, I would make sure it is a security solution provided for your application only. Don't know if any of that helps - I hope it does. Regards, Brad Van Orden "Scott, Richard" wrote: > > Greetings all, > > Has anyone came across a security and legal issue checklist for outsourcing > web hosting / E-commerce hosting? > > For example given that a company z used another company's services for > hosting an e-commerce application. > Has anyone experienced difficulties of enforcing their security policies on > the company hosting the app/web site? > > Any pointers to any white papers et al? > > Cheers > r. > Richard Scott > The views expressed in this email do not represent Best Buy > or any of its subsidiaries.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:58:44 PDT