Who is supposed to handle server security? The customer or the provider? This has been on my mind for a while now. When I first started managing servers, I quickly realized that by not protecting your server you are inviting problems! However, the majority of customers are not educated on server security, so who is ultimately responsible?
If I were a hosting provider, I would ensure that all of the servers I host have all of the latest security configurations and updates, because not every individual will want or be able to take the time to learn about security.
Customers should know the Basics
I've seen plenty of customers use servers with default passwords and leave ports open. That is extremely dangerous. And as a provider, you will benefit from educating your customers on how to update and secure servers. This can help them in setting up firewalls, properly controlling access and the like. Think of it as locking the front door. The provider cannot observe every individual user all the time.Providers should play an Active Role
On the flip side, hosting providers have the tools and ability to assist customers in protecting their servers. Providers can implement security measures for the customer, including installing updates, setting up firewalls, and securing the control panel configurations.If I were a hosting provider, I would ensure that all of the servers I host have all of the latest security configurations and updates, because not every individual will want or be able to take the time to learn about security.
Working together towards security
What I recommend to do for the best way to handle this:- Educate customers on security fundamentals.
- Use secure defaults when configuring a server, therefore avoiding errors.
- Last but not least, provide customers with the necessary applications to maintain their security (through alerts, etc.).