Even though with virtual private server/VPS hosting “your” server is virtual, there’s still a physical server element in the mix. Where that physical server is located, and the security around it, is vitally important. You might not be able to find this information easily (or at all!) on your web host’s website. It might be for security purposes, an oversight, or simply because the host doesn’t think clients care to know. However, you should be clued in when you ask directly. Know where your physical server is located, the risks in that area, and what kind of security measures your host has taken.
There’s no completely safe place for a physical server, but of course some regions are safer than others. For example, you don’t want a physical server in a place prone to natural disasters or with a high rate of theft and burglary. In some cases, especially with very small web hosts, the server might be sitting in someone’s living room. Security measures need to be taken, even if the end result isn’t on par with Fort Knox. Ultimately, your host should be happy to share what steps they’ve taken and they should be proud of their security.
Letting the Pros Handle It
Sometimes, a web host will place their servers in a third party data center. This offers much more security than they could manage on their own. Still, you need to know which data center it is and that there’s adequate protection in place. Some data centers offer tours (though not of the most vulnerable areas), and if you’re ever in the neighborhood it can be reassuring to see where your server actually rests. Whether your web host manages security themselves or relies on a third party data center to do it, you deserve to be in the know.
Of course, physical security is just one part of the puzzle. The vast majority of breaches happen remotely from hackers and cybercriminals. How your host keeps you safe via password changes, firewalls, anti-viral software, and the like is usually more important. Those kinds of breaches are much more common than something like a burglary or a tornado. If you go with a managed hosting plan, you’re trusting your host to keep you safe. Make sure they keep up their end of the bargain.
There’s also the option of unmanaged hosting, which means you’ll largely be taking care of the intangible security measures yourself. However, unless you flat-out purchase a dedicated server, you’re still entrusting the physical safety of a server to someone else. This is a partnership that requires transparency and communication for you to both get a win. If you don’t trust your host, whether it’s because of poor communication or a bad customer service experience, why are you trusting them with your website, security, and business?
Shopping around for web hosts can seem like a daunting task, but it shouldn’t be. When comparison shopping, make sure security is one of your top priorities. Otherwise, there’s no telling who has your back.