SECURITY AND PRIVACY for APPLICATION SERVICE PROVISIONING (ASP)
- Best Practices for ASP Providers
All the recent surveys on ASPs strongly indicate that both existing and prospective ASP customers are deeply concerned about ASP security and privacy. In fact, a high percentage of potential users state that doubt about ASP security is one of the reasons why they might not consider adopting the ASP model. CIOs and IT managers have stated that their jobs would be on the line if the ASP they selected had poor security standards. Strong security SLAs is a convincing factor to gain trustworthiness and also sway skeptical ASP buyers to adopt the ASP model. A larger share of market awaits those ASPs that offer a sound and aggressive security SLAs backed up by an actual robust security program.
The US government has recently passed legislation that makes it mandatory for healthcare organizations to protect the privacy of medical records and the HIPPA standards mandate privacy protection by hospitals and healthcare organizations. The financial community has been regulated for years with privacy and security laws for computing. Board of Directors and officers of corporations are liable for failure to exercise due care in safeguarding company assets and heavy penalties apply for non-compliance to regulations.
The above concerns have been recognized by the ASP Consortium at the recent COMDEX convention in Las Vegas and it now stresses the need and the importance for ASPs to improve security SLAs.
As a responsible ASP organization or a prudent buyer of ASP services, you want to insure that the ASP data center and networks have the whole array of protection methods and standards to protect data via a host of physical security devices including electronic surveillance systems, transaction processing controls and even advanced technical safeguards (such as motion sensors and biometrics) and data privacy technologies, such as Public Key Infrastructure (PKI). In addition, the ASP security provisions should be documented in the form of sound security Service Level Agreements (SLAs) fully backed by ASP Security standards and practices.
This timely practitioner's manual provides a comprehensive set of guidelines and best practices that both ASP provider companies and ASP existing and prospective ASP customers can use to:
a) Develop a robust security and privacy program
b) Negotiate a state-of-the-art set of security SLAs with ASP providers
c) Review or audit the adequacy of an ASPs security and privacy program
The manual is written with the practitioner's needs in mind in a ready-to-apply style. The manual will save you person-years of development effort.
WHO SHOULD OBTAIN THIS MANUAL?
The manual is ideal for Application Service Provider (ASP) company executives, CIOs, IT managers, product strategists and marketing personnel and ASP hosting operations personnel. It is equally valuable for ASP customer company CIOs and IT personnel who need to assess ASPs, hosting data center and network infrastructure provider ASP partners, auditors, information security specialists, procurement and legal personnel, consultants and any one interested in IT security.
Section 1. ASPs AND THE DIRE NEED FOR SECURITY AND CONFIDENTIALITY
Section 2. THE OVERALL SCOPE OF THE ASP SECURITY PROBLEM - The aggregate ASP security panorama
Section 3. ASP HOSTING CENTER SECURITY BEST PRACTICES -
-Detailed security objectives and practices to achieve them
Section 4. NETWORK SECURITY AND PRIVACY - Detailed security objectives and practices to achieve them
SECTION 5. ASP SECURITY SERVICE LEVEL AGREEMENTS - A "Plan of Action" to develop a security policy and an aggregate ASP security program - What an SLA entails and its components - A general template for ASP security - An actual matrix that maps:
a) All the key security objectives
b) The major areas that require security coverage (applications, data centers and network infrastructure); and
c) A cadre of safeguards that ought to be considered in the ASP security SLA package
A-1. Literature References
A-2. Glossary of Terms
A-3. Organizations that Provide ASP information
A-5 Select papers on ASP security
165 pages of 8 x 11 format - Ring bound - ISBN: 0940706512 Just off the press in 2001
Note: This manual is an excellent companion to MAP-41, How to Prepare Service Level Agreements for Application Service Provisions as it greatly expands in the area of security and privacy in considerable detail.
To: MANAGEMENT ADVISORY SERVICES & PUBLICATIONS (MASP) 57 Greylock Road P.O. Box 81151 Wellesley Hills, MA 02481 Phone: (781) 235-2895 Fax: (781) 235-5446 email: email@example.com - Web page: www.masp.com
Please send me ___copy(ies) of SECURITY AND PRIVACY for APPLICATION SERVICE PROVISIONING (ASP) - Best Practices For ASP Providers and Outsourcers - MAP-46
enclosing payment of $395 per copy (the preferred clients prepublication
price), including priority postage. Overseas orders, please forward $440,
includes air post. Ask for instructions for wire transfer, if preferred.
Overseas orders, please forward $440, includes air post. Ask for instructions for wire transfer, if preferred.
Ship to: ____________________________________Dept./Div______________
You may also use the general publications order form. Click below
PUBLICATIONS ORDER FORM
For other related books on ASPs and outsourcing, click
"How to Prepare Service Level Agreements for Application Service Provisioning - MAP-41"
"Application Service Provisioning - Best Practices, SLAs for ASP and Outsourcers - MAP-44"
"Outsourcing Via Application Service Providers - Guidelines, SLAs and Success Factors - MAP-45"