Security Portal: ASP - Application Service Provider or A Security Problem?Mar 27, 2000, 19:41 (0 Talkback[s])
(Other stories by Kurt Seifried)
"There is perhaps no better example of a new Internet business concept that deserves careful scrutiny than the Application Service Provider (ASP) industry. As ASPs rapidly seek to redefine how you procure and use application software, will the security of your data get left behind?"
"The concept behind the ASP model is that rather than purchase application software, servers, hire and train staff, a company may instead "rent" the usage of applications from a company that runs the data center and performs all the traditional IT functions associated with these programs. The cost can range from a fixed contractual fee to a sliding scale to a per transaction agreement. The ASP model can be a compelling argument for many organizations: the ASP fees may be significantly lower than the costs to run the given applications in-house, the organization is one step removed from all the day to day headaches of supporting software and can instead focus on core business competencies."
"Why would anyone choose to be on the leading edge of outsourcing "line of business" applications to an ASP? If this makes absolutely no sense to you, it is probably because you have never had hands-on experience in implementing SAP or Peoplesoft within your company. These applications can be extremely expensive to implement, integrate and manage."
"Successfully growing the ASP industry and enhancing the security of corporate data is a matter of an activist management of the ASP relationship on the part of the client. It is definitely not a "sign the contract and forget about it" relationship. A CIO needs to see the ASP as trustees of the corporate jewels, and must develop high standards for information protection and have clear methods of measurement for compliance."