SECURITY AND PRIVACY for APPLICATION SERVICE PROVISIONING (ASP)

- Best Practices for ASP Providers And Outsourcers - MAP-46

The explosive growth in the use of the Internet has spurred the need for organizations to quickly deploy e-commerce solutions.  This in turn has created the need and the drive to outsource e-commerce and other business application to Application Service Providers (ASPs)

However, critical company data stored on ASP hosting servers and moving through their network infrastructure might not be quite as secure as would be required to assure the integrity and confidentiality of an enterprise’s critical and patrimonial data. ASP data centers and the networks that ASPs use present many opportunities for outsider and insider mischief and for adverse events, as evidenced by recent attacks on prominent service providers such as Microsoft, e-Bay, America On-line, CNN and others. 

All the recent surveys on ASPs strongly indicate that both existing and prospective ASP customers are deeply concerned about ASP security and privacy.  In fact, a high percentage of potential users state that doubt about ASP security is one of the reasons why they might not consider adopting the ASP model.  CIOs and IT managers have stated that their jobs would be on the line if the ASP they selected had poor security standards.  Strong security SLAs is a convincing factor to gain trustworthiness and also sway skeptical ASP buyers to adopt the ASP model.  A larger share of market awaits those ASPs that offer a sound and aggressive security SLAs backed up by an actual robust security program.

The US government has recently passed legislation that makes it mandatory for healthcare organizations to protect the privacy of medical records and the HIPPA standards mandate privacy protection by hospitals and healthcare organizations. The financial community has been regulated for years with privacy and security laws for computing.   Board of Directors and officers of corporations are liable for failure to exercise due care in safeguarding company assets and heavy penalties apply for non-compliance to regulations.

The above concerns have been recognized by the ASP Consortium at the recent COMDEX convention in Las Vegas and it now stresses the need and the importance for ASPs to improve security SLAs.

As a responsible ASP organization or a prudent buyer of ASP services, you want to insure that the ASP data center and networks have the whole array of protection methods and standards to protect data via a host of physical security devices including electronic surveillance systems, transaction processing controls and even advanced technical safeguards (such as motion sensors and biometrics) and data privacy technologies, such as Public Key Infrastructure (PKI).  In addition, the ASP security provisions should be documented in the form of sound security “Service Level Agreements” (SLAs) fully backed by ASP Security standards and practices.

This timely practitioner's manual provides a comprehensive set of guidelines and best practices that both ASP provider companies and ASP existing and prospective ASP customers can use to:

    a) Develop a robust security and privacy program

    b) Negotiate a state-of-the-art set of security SLAs with ASP providers

    c) Review or audit the adequacy of an ASP’s security and privacy program

The manual is written with the practitioner's needs in mind in a ready-to-apply style.  The manual will save you person-years of development effort. 

WHO SHOULD OBTAIN THIS MANUAL?

The manual is ideal for Application Service Provider (ASP) company executives, CIOs, IT managers, product strategists and marketing personnel and ASP hosting operations personnel.  It is equally valuable for ASP customer company CIOs and IT personnel who need to assess ASPs, hosting data center and network infrastructure provider ASP partners, auditors, information security specialists, procurement and legal personnel, consultants and any one interested in IT security.

CONTENTS

 Section 1.  ASPs AND THE DIRE NEED FOR SECURITY AND CONFIDENTIALITY

Section 2.  THE OVERALL SCOPE OF THE ASP SECURITY PROBLEM - The aggregate ASP security panorama

Section 3.  ASP HOSTING CENTER SECURITY BEST PRACTICES - Detailed security objectives and practices to achieve them

Section 4. NETWORK SECURITY AND PRIVACY - Detailed security objectives and practices to achieve them

 SECTION 5.  ASP SECURITY SERVICE LEVEL AGREEMENTS - A "Plan of Action" to develop a security policy and an aggregate ASP security program - What an SLA entails and its components - A general template for ASP security  - An actual matrix that maps:

        a) All the key security objectives

        b)  The major areas that require security coverage (applications, data centers and network infrastructure); and

        c) A cadre of safeguards that ought to be considered in the ASP security SLA package

APPENDIX

A-1.   Literature References 

A-2.   Glossary of Terms

A-3.  Organizations that Provide ASP information

A-4   Index

A-5     Select papers on ASP security

165 pages of 8 x 11 format - Ring bound -  ISBN: 0940706512     Just off the press in  2001

Note:  This manual is an excellent companion to MAP-41, “How to Prepare Service Level Agreements for Application Service Provisions” as it greatly expands in the area of security and privacy in considerable detail.

----------------------------------------------------------------------------------------------------------------------------------------------------------

To: MANAGEMENT ADVISORY SERVICES & PUBLICATIONS (MASP) – 57 Greylock Road – P.O. Box 81151 – Wellesley Hills, MA 02481 – Phone: (781) 235-2895 – Fax: (781) 235-5446 – email: jaykmasp@aol.com - Web page: www.masp.com

Please send me ___copy(ies) of “SECURITY AND PRIVACY for APPLICATION SERVICE PROVISIONING (ASP) - Best Practices For ASP Providers and Outsourcers”  - MAP-46

I am enclosing payment of $395 per copy (the preferred client’s prepublication price), including priority postage.  Overseas orders, please forward $440, includes air post.  Ask for instructions for wire transfer, if preferred.

Ship to: ____________________________________Dept./Div______________

 Company________________________________________________________

 Address____________________________City_____________ST___ZIP_____

 Phone:_________________e-mail__________________Fax_______________

You may also use the general publications order form.  Click below

PUBLICATIONS ORDER FORM

For other related books on ASPs and outsourcing, click

"How to Prepare Service Level Agreements for Application Service Provisioning - MAP-41"

"Application Service Provisioning - Best Practices, SLAs for ASP and Outsourcers - MAP-44"

"Outsourcing Via Application Service Providers - Guidelines, SLAs and Success Factors - MAP-45"