On the surface, an application service provider (ASP) seems like an attractive proposition. Instead of having a box in the office, you simply connect to the ASP's box, available 24 hours a day, seven days a week. The ASP does all the tricky stuff like backups and installing upgrades – you just use it.
But despite the hype, I have reservations. There are suggested benefits, such as reduced maintenance costs, which don't hold up under closer inspection, while internet- or phone-based delivery of updates makes it possible for traditional systems to be updated quickly. It might create a false sense of security, because the tricky bit – broker software – is elsewhere.
To connect to an ASP, you typically need an internet connection networked out to staff. That means putting in the same complex Windows NT network you'd need for a fourth-generation system.
Because the box is connected to the internet, security races up the list of priorities. You will need to install the latest patches and server upgrades to keep prying eyes out – in fact, you will need to maintain the Windows environment almost as if it had a system installed on it.
You will also need a robust form of authentication, so the ASP can tell it really is you trying to log on. If all you need is a user ID and password, and can log on from any computer (including a pound-an-hour internet cafe), then anyone could potentially log in.
The data that flies between you and the ASP should be encrypted. Data tends to take a “scenic route”, which makes it open to inspection by anyone who knows how to look. This was used to break the Visa file formats in the late 1990s and is still used to intercept email.
At the ASP, security extends beyond technology and in to the realms of staff and software quality management. If the company has a high staff turnover, it might indicate a hostile working culture and an environment that could be a breeding ground for disgruntled employees to plant “nasties” in the software. Poor software quality will lead to bugs leaking out or mistakes such as Red Hat experienced, when it left back doors in to its version of Linux.
Ultimately, the ASP offers an alternative to traditional ways of obtaining access to software. However, with maintenance costs still present and the need to ensure an exceptional level of security, ASPs must be looked at closely before signing on the dotted line.