TL; DR: In the current world of rapidly shifting online technologies, managed hosting providers need to do more than offer servers for websites and data storage. That’s why Storm Internet is our 2018 Featured Expert on all things security. CEO and Founder Salim Benadel shared with us how the UK-based provider has witnessed data protection solutions become increasingly important as Europe’s General Data Protection Regulation looms in the future.
As recently as five years ago, prospective customers would ask Storm Internet representatives the same few questions: How fast can you make my site? Will I get a good ranking on Google?
Now, according to CEO and Founder Salim Benadel, all of that is secondary. Both the UK-based host and its customers instead focus on security measures.
As organizations increasingly move on-prem networks to cloud servers, managed hosting providers like Storm Internet — our pick for expert insight into industry security trends — are seeing attacks much more frequently.
“As more information and dependency is placed online, there’s a lot more to gain,” Salim said. “The culture is changing. Security is definitely now at the forefront, and I think the whole industry is changing to be more security conscious.”
Storm Internet started out more than a decade ago by specializing in Windows servers. Even after expanding to include Linux, cloud, and email servers, Salim said that strong security measures have always been central to his company’s success in a saturated managed hosting market.
“It’s all about that extra value you can add to help people,” he said. “You want to give them that peace of mind on things they can’t necessarily cover themselves in terms of security. It’s all taken care of.”
Customers and Competitors Collaborate in the Name of Security
As the demand for secure environments grows and the exploits and vulnerabilities evolve, Storm Internet and Salim frequently find themselves reaching out to other hosting providers for news and advice.
“We’re all competitors with one another, but we all feel the same pains and problems,” he said, adding the companies frequently buy products and services from each other. Storm Internet does not own or operate a datacenter, for instance, and instead chooses to seek server space in top-of-the-line datacenters around the country. “It’s a little ecosystem, really. We’re all sort of against each other, but we all sort of benefit, as well.”
According to Salim, the recent Meltdown and Spectre vulnerabilities affecting Intel, AMD, and ARM processors triggered a flurry of conversations about patches and processes.
“We’ll pursue solutions and collaborate to catch up quickly to make things as secure as possible, together,” he said. “There is a lot of collaboration, which fosters more information about what we’ve done and what we’ve learned. That tends to get fed down to all of our customers, giving them a much better, safer, and more secure service.”
Upcoming GDPR Means Educating and Protecting Customers
Echoing what hosting companies and customers have witnessed the past few years, European governments have similarly strengthened the requirements for security. The General Data Protection Regulation will start being enforced in May, dramatically increasing the fines for any breaches or non-compliance.
To help clients take the appropriate precautions to protect their data, Salim said Storm Internet is working to educate customers on six relevant focus areas from the UK’s Information Commissioner’s Office. The list includes common hosting features such as monitoring, patching, and intrusion detection services.
“It’s a lot of common things people should be doing to lock out the bad guys, so to speak,” he said. “We’re trying to take all that information into one nice, simple, easy-to-follow checklist.”
When prospective customers want to purchase server space from Storm Internet, they’ll be asked if they want an SSL certificate, PCI compliance, or malware scanning, among other services.
Although Storm Internet naturally prevents against brute-force attacks, Salim said the company is making the required services more apparent to customers and business owners.
“There’s a series of things we recommend, and all of them are in line with what we expect you to be doing to exhibit a good level of care,” Salim said. “Obviously, you’re never fully guaranteed nothing will happen, but you can do a lot to minimize the risk. It’s not just, ‘Hey, here’s a server, here you go.'”
Transforming Expectations From Website Speed to Security
In the earlier days of hosting, according to Salim, site owners eschewed SSL certificates because of the delay in encrypting information before sending it to the browser.
Now, however, Salim said most clients are quick to apply the Meltdown patch, despite reports it could slow data-rich applications by up to 30%.
“I don’t think there’s a noticeable performance difference with locking down a system,” he said. “Even if there is a little bit, people seem more than happy to accept it.”
Salim attributed the changing attitudes to increasingly powerful hardware, where any delays are measured in practically imperceptible microseconds. Additionally, the GDPR has made the public more aware of and interested in online security measures
“Security is taking priority,” he said. “Security has always been important, but now it’s a necessity, more than ever. People have heard of it, and they’re a lot more aware of the requirements.”
WordPress Security and Helping Customers Find the Right Platforms
Despite the frequency of exploits on WordPress websites, Salim said Storm Internet doesn’t consider security when weighing in on which content management systems a customer should consider using.
“All of them have some sort of bug,” he said. “We’re more interested in making sure you’re installing updates and managing the installation responsibly.”
From a managed hosting perspective, Storm Internet recommends “solutions that fit the problem,” according to Salim. Company representatives will listen to the customer’s requirements and expectations before suggesting particular server configurations and software.
In the case of WordPress, Salim places the vulnerability blame on plugins and poor management, rather than the core platform.
“Securing a website today doesn’t make you safer indefinitely,” he said. “The threats are constantly evolving, and there are new exploits being discovered every day. However, by taking some specific security measures to protect yourself and stay on top of things, there’s a lot you can do to significantly minimize your risk. This is what we do here at Storm to help our clients.”