16 years ago when I started our web development firm, I had to decide where we were going to host our client sites. At the time there were really only a couple places in Milwaukee that offered website hosting, and none of them offered up-time guarantees or provided much in the way of service or support, even for companies like ours that would be sending them dozens of clients. But we had to choose one. So we did, and hosted all our client websites there.
After 2 years of frequent and extended down times, poor support and clients calling us to solve problems we couldn’t fix, we decided to set up our own hosting operation. We’ve been hosting our client sites ever since.
Occasionally, we have a new client who wants to host with a large, cheap, national commodity hosting company. We explain to them why it’s unwise to put their website somewhere with slow load times, poor (or non-existent) support, chronic downtime and/or a value proposition of being the hosting provider whose commercials tease you with a chance to see Danica Patrick and Jillian Michaels naked. They usually see the light and let us host it.
But, lately, we’ve been seeing another growing trend. Clients who proudly tell us they’re going to host the site themselves. The effort is always driven by an internal IT person with one of several predictable motives, none of which include an objective decision to put the site on the best hosting service possible.
If you’re thinking about hosting your own corporate web presence, and have your IT guys insisting that you can, or even should, host it internally, you’ll want to ask them these 8 questions to determine whether that’s the direction to go:
1.) Does your internal hosting solution include guaranteed power backup capabilities?
We’re not talking about a little consumer level APC battery backup, but a system that automatically flips to batteries and/or generators with private fuel contracts that assure your site will remain up without any interruption, even in the event of a power failure that lasts for days. Or weeks.
2.) Are they willing, able and available to provide the service and support a website requires?
That doesn’t mean just 8am-5pm on weekdays. Real website support means someone who is available 24/7/365 to immediately respond to phone calls or emailed issues related to outages and other server problem. It means having those phone numbers and email addresses on every page of your website. It also means a commitment not to let those problems wait till it’s convenient to fix them, but a proficiency, willingness and dedication to restore a crashed server within 20 minutes, no matter when it happens.
3.) Do they understand everything necessary about making a hosting environment PCI-DSS compliant?
This means knowing when to update all the hosting infrastructure-specific packages (OS, Web server, Database, compilers and platforms, SSL handling, etc.) , and understanding what is necessary to protect credit card and other critical personal information.
4.) Are they so confident in their security expertise that they are comfortable providing a potential backdoor to your company’s entire internal network to the world?
There are armies of hackers, crackers, pirates and other miscreants who pride themselves on being superior to your IT people when it comes to web security. They scour the web with bots and spiders to find vulnerable systems they know they can exploit, and when they find them, they tunnel in as far as they can go… not just stopping at your site, but also taking advantage of typical network infrastructure to gain access to your data. All of it. Are your guys absolutely certain that your systems would be safe?
5.) Do they know how to stop or, better yet, prevent a distributed denial of service attack (DDOS)?
The solution to having your site bombarded and overloaded with thousands or millions of hits from IP addresses all over the world is not doing an emergency Google search when it happens to figure out how to make it stop. By the time you find your answer, your site, your server and your network may already be suffering damage from which it might not ever recover.
6.) Does your network connection provide redundancy in its connection to the web?
We’re not talking about dual T-1?s coming in through the same pipe, but rather redundant physical connections from multiple physical entry points to your building, each providing a different path to the Internet backbone to eliminate site outages to portions of the country in the event of a main trunk outage on any one of them.
7.) Does your connection provide the necessary dedicated bandwidth that websites need today?
With thousands of site visitors these days with broadband speeds of 20, 30 or 50 MBPS, one or even two T-1?s aren’t enough.
8.) Is it really worth it to make your company pay more for the development just so you can host it internally?
Your web developers are more efficient when they don’t have to develop your site in an unfamiliar, improperly equipped and potentially misconfigured environment, and have to deal with a server administrator that’s not familiar with their needs. Your cost to develop the site will be more if it’s hosted at your company.
So what if you ask your IT guys the above 8 questions, and they say “yes" or “yes, we can" to all of them? Ask them this one:
9.) Can you do all of this as a budget line item of less than a couple hundred bucks a month?
Even if your IT staff and internal hosting infrastructure is capable of the above, you need to ask yourself if it’s worth the expense. Add it all up. Can you really get all of this for anything close to the couple hundred dollars a month for a virtual dedicated server fully managed by your web development vendor, and even less for a site in a shared hosting environment in the same facility?
The logic is simple. Let your IT people focus on maintaining your internal network infrastructure and security and leave your website hosting to the guys who do it for a living, and have been for a long time. It’s too important to do anything less