Survey: ASPs suffer from sub-par security

From...

By Melanie Liew, Computerworld Australia

(IDG) -- One in four application service providers have sub-par security, lacking fundamentals such as user authentication, virus protection, network security, and firewall services, according to a recent survey by research organization IDC. These factors are integral elements of a security plan and are quite necessary to be considered by players in the market.

While the majority of respondents seem to have the basics down, there are still ASPs offering customers access to applications in an unprotected environment. The IDC survey covered players in the United States and Asia, including Singapore.

IDG.net INFOCENTER PCWorld.com home Free daily newsletters PCWorld.com: Week in Reviews TechInformer Related IDG.net Stories Newest Web-Based Apps Better Suited to Job? 2001 a Turning Point for ASPs, Says Analyst ASPs Wooing the Big Guys Features PC World.com Product Finder An inside tour of the Pentium 4 Surviving a disk crash: A checklist Visit an IDG site Choose a site: IDG.net CIO Computerworld Darwin Dummies.com GamePro.com The Industry Standard ITWorld.com InfoWorld.com JavaWorld LinuxWorld Macworld Online Network World Fusion PC World Publish.com UnixInsider IDG.net search

"Businesses understand that a breach in security could result in severe financial losses, never mind the damage to a company's reputation. It is up to the ASP to stay on top of these security systems in order to stay in the game," says Jessica Goepfert, program manager with IDC's ASP and application management services research program.

In response to the IDC findings, Leong Han Kong, chairman of the ASP/IDC Alliance Chapter says, "We are concerned that this report will give the Singapore market an undeserved negative impression of the ASP industry."

More Secure

To this end, the AAC says that it is working very closely with the Infocomm Development Authority of Singapore to ensure that the Singapore ASP industry maintains healthy service levels. To that end, it is championing initiatives to add to a framework of service level agreements which extends to insurance programs.

In addition, the AAC says that it "encourages end users to conduct due diligence to check on the level of security that their ASPs are able to provide and to incorporate the roles and obligations of both parties into the service level agreements.

Says Wong Wai Meng, chief operating officer of iaspire, an ASP, "Every organization's security needs is different. A credible ASP will advise potential customers on the type of applications needed and the appropriate level of security."

Meanwhile, the ASP market is crowded and undergoing healthy consolidation while still welcoming new entrants. These ASPs are at different points in their life cycle and may each take a unique approach to attacking the market opportunity, says IDC.

As David Yew, program manager, Asia Pacific IT Services Research of IDC points out, "The truth is that enhanced security is often a benefit of signing with an ASP because chances are that the ASP offers more security than its customers and prospects could afford to deploy on their own. Still, it is up to the service provider to offer the level of security that their customers want although some ASPs may have to consider factors such as cost and capability."