One in four application service providers (ASPs) have sub-par security, lacking fundamentals such as user authentication, virus protection, network security and firewall services, according to a recent survey by research organisation IDC. These factors are integral elements of a security plan and are quite necessary to be considered by players in the market.
While the majority of respondents seem to have the basics down, there are still ASPs offering customers access to applications in an unprotected environment. The IDC survey covered players in the US and Asia, including Singapore.
"Businesses understand that a breach in security could result in severe financial losses, never mind the damage to a company's reputation. It is up to the ASP to stay on top of these security systems in order to stay in the game," said Jessica Goepfert, program manager with IDC's ASP and application management services research program.
In response to the IDC findings, Leong Han Kong, chairman of the ASP/IDC Alliance Chapter (AAC) said, "We are concerned that this report will give the Singapore market an undeserved negative impression of the ASP industry."
To this end, the AAC said that it is working very closely with the Infocomm Development Authority of Singapore (IDA) to ensure that the Singapore ASP industry maintains healthy service levels. To that end, it is championing initiatives to add to a framework of service level agreements which extends to insurance programs.
In addition, the AAC said that it "encourages end users to conduct due diligence to check on the level of security that their ASPs are able to provide and to incorporate the roles and obligations of both parties into the service level agreements.
Wong Wai Meng, chief operating officer of ASP iaspire, said, "Every organisation's security needs are different. A credible ASP will advise potential customers on the type of applications needed and the appropriate level of security."
Meanwhile, the ASP market is crowded and undergoing healthy consolidation while still welcoming new entrants. These ASPs are at different points in their life cycle and may each take a unique approach to attacking the market opportunity, said IDC.
Program manager of IDC's Asia Pacific IT Services Research David Yew said, "The truth is that enhanced security is often a benefit of signing with an ASP because chances are that the ASP offers more security than its customers and prospects could afford to deploy on their own. Still, it is up to the service provider to offer the level of security that their customers want, although some ASPs may have to consider factors such as cost and capability."