This thread came about from another thread of mine discussing switching from GoDaddy to another domain and hosting provider.
Here I would like to know: How can you protect your websites code and your client’s customer data from the web host??
This may sound funny, but if you think about it, a web host could be the biggest threat to your website and customers, because you are giving the host full access to everything!! (At least hackers have to work a little to get to your precious data!!)
So, while I don’t like lots of things GoDaddy has done, ironically, I think I trust them more with protecting application code and data.
How so?
Well, my thinking is that GoDaddy is big enough that they have a lot of eyes on them including regulators. So, I am sure their legal department has stressed to their executives how prone GoDaddy could be to lawsuits, and therefore I am sure the executive team has put into place lots of policies and procedures that limit the chance that a GoDaddy tech could walk off with your application code or data.
By contrast, if I choose some smaller, less known web-host for my client, what is to prevent some tech from copying all of my code to his thumbdrive or even peaking around in my client’s database and stealing customer info?
Whether it is a Shared Server or a Virtual Private Server (VPS), you are giving the host nearly complete access, right?
And if the employees of your web-host are snooping around your website and log files and database and e-mail server, how would you ever know???
I am a company of one who is struggling to learn web development. Having a client that expects me to get his site up on a web host and then manage it is already pushing my knowledge. And now I lie awake at night worrying that I’ll get sued when some 18-year-old punk working at “Bob’s Discount Tires and Web Hosting” walks off with all of my client’s code and data!!
I’m sure a lot of you are laughing thinking I wear a tin hat, but I think my fears are legitimate considering that Home Depot and Target can’t even secure their customers data!
In the end, I just don’t see how you would even know if your web host is screwing with your code or data.
And while I hate GoDaddy on many fronts, I think they are much less likely to ever do that versus a smaller host.
GoDaddy has too much to lose if one of their employees ever looked where he/she shouldn’t. But a smaller host could do that and go undetected, and you’d never know it.
How do you guys protect your application code and customer’s data when you host a website?