Outsourcing your applications opens all kinds of doors. Beware of the barbarians at the gate.
For better or worse, the bulk of the technologies we use to secure our computers and networks rely upon isolation and a relatively simple, black-and-white notion of trust. While the security specialists constantly point out the deficiencies of this modelâ€"available evidence points to insiders as the source of the vast majority of significant security breachesâ€"for the moment, it remains at the core of standard network defenses. Most businesses simply quarantine their infrastructure, depending on firewalls to keep outsiders out.
Enter the ASP, and the rebirth of shared infrastructure. Companies rushing to capitalise on the benefits of distributing the costs of hosting and maintaining expensive apps rarely realise that they may be undermining their own security strategies.
As separate organisations use "trusted connections" like virtual private networks (VPN) and dedicated lines to link their networks to an ASP, they also link themselves to each other. And as they draw upon shared computing resources, they blur the line between trusted insiders and untrusted outsiders. Beyond their control, yet effectively inside their defensive perimeter, the ASP network introduces a very murky shade of gray into a customer's black-and-white world.
Security problems are an open secret in the ASP world, according to Internet Security Systems VP of business development Glenn McGonnigle, and they may be an inevitable part of application outsourcing. "Increased security risks are inherent in the ASP model; sharing infrastructure is always going to introduce vulnerabilities ... this is a very serious problem, and one that the industry has yet to adequately address," he says.
