Hello Guest! Log In or Register now. Lost Password? Click Here to Reset

Ask About Validation

Train Your Staff on Good Documentation Practices in 60 Minutes!




Results 1 to 6 of 6
  1. #1

    Default Hosting applications on a public managed cloud

    What are the risks when allowing an external company to host our application?

    -- We have got a quotation from a company with a server farm who is offering either a public cloud or managed cloud. They will provide us with a Virtual Server which we will have sole access to and where we can load our application and run it from.

    --. The external company owns the servers, many other virtual servers on the one physical box.

    --. The physical box is not qualified and we don't know what other companies nor what sites or applications are running on the box.

    --. The external company will look after the back ups of our application and they also back up the other virtual servers on the same physcial box.

    --. Using a virtual server that we have sole use of provides our application with logical security, but is logical security enough?

    It is cheaper to use this managed cloud than creating our own private cloud so is there a risk to using the managed cloud?

  2. #Ads
    AskaboutValidation itwillbegrand is offline

     

  3. #2

    Default

    Quote Originally Posted by itwillbegrand View Post
    What are the risks when allowing an external company to host our application?

    -- We have got a quotation from a company with a server farm who is offering either a public cloud or managed cloud. They will provide us with a Virtual Server which we will have sole access to and where we can load our application and run it from.
    Sounds good so far, you have dedicated access to the server so no conflict.

    Quote Originally Posted by itwillbegrand View Post
    --. The external company owns the servers, many other virtual servers on the one physical box.
    That shouldn't be an issue, as long as you are getting the spec you need in terms of RAM etc

    Quote Originally Posted by itwillbegrand View Post
    --. The physical box is not qualified and we don't know what other companies nor what sites or applications are running on the box.
    For regulated hosting I would expect the environment to be qualified, either you would have to do this (not advised) or go with a company that offers this service.

    Quote Originally Posted by itwillbegrand View Post
    --. The external company will look after the back ups of our application and they also back up the other virtual servers on the same physcial box.
    No problem there.

    Quote Originally Posted by itwillbegrand View Post
    --. Using a virtual server that we have sole use of provides our application with logical security, but is logical security enough?
    Yes but I am sure they must have other levels of security too, in terms of physical etc.

    There are many companies popping up now offering regulated compliant environments with the emergence of cloud computing in the regulated space maybe you need to look at other ones too.

    Hope that helps

  4. #3

    Default

    Yes there will be other physical security eg firewalls and the application will have a SSL secure login

    I am guessing that our client would prefer to have the version of our application on their own dedicated virtual server on a dedicated physical box,
    but in this case they will have their own dedicated Virtual server but not on a dedicated physical box.

    If the same physical box also contains competitors of theirs is there any exposure or legal risk to our company.

    I suppose a parallel can be drawn with gmail as many companies are using gmail instead of exchange for their email system. This means that many different companies information is being held on the same physical boxes.

  5. #4

    Default

    Good question!

    In theory this should be fine, but comparing this to Gmail is a bit different as I would assume this is mission critical software.

    Its getting your clients heads around this could be an issue as they might be new to this concept...I would sell them the cost savings etc.

    Not sure if there is any legal risk but you would have to be extra vigilant that database connections don't get mixed up......that could be a big problem if they did.

    Regards

  6. #5

    Default

    Need to be careful about exactly how the system is deployed. Depending on your agreement with the service provider, you may be able to specify the hardware in general terms, but you may not know exactly which (physical) "box" the application is running on. In fact, if you require redundancy, it may switch over to a server (e.g., if maintenance is being done or a site goes out) in a completely different country. If you require a specific box that you can (traditionally) qualify, that may be a completely different service agreement.

    The questions raised / discussions above all swirl around the 'risk' theme. Identify the possible failure modes (like mixed up database connections) and work with the service provider to ensure a deployment that mitigates your risks to an acceptable level.

    Be sure the risk assessment identifies configuration changes by the provider. Again, this may drive a different / modified service agreement. In a validated environment, something like an OS patch would drive some level of re-validation (or at least an assessment as to whether action is needed). You may or may not have visibility into if / when such actions occur.

  7. #6

    Default

    well... I don't think there would be an issue with 3rd party hosting. It is good to have one in fact.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Get In Touch with AskaboutValidation

© 2006 - 2012 askaboutvalidation. All Rights Reserved
Single Sign On provided by vBSSO