Hostirian 2019 SSAE 18 SOC 2

Get the report: Hostirian 2019 SOC 2 Type II

St. Louis, MO  April 21, 2020 – Hostirian, LLC, a provider of technological solutions, announced today that it has successfully completed a System and Organization Controls (SOC) 2® Type II Audit examination for their Colocation Data Center System. Hostirian, LLC retained international business advisory firm Skoda Minotti for its SOC 2® audit work. Hostirian, LLC selected Skoda Minotti after an intensive search based on their reputation as a leading risk advisory and compliance firm.

Ben Osbrach, CISSP, CISA, QSA, CICP, CCSFP, partner-in-charge of Skoda Minotti’s risk advisory group said, “We were excited to work with Hostirian from the very start. They are an intriguing organization delivering high-quality services and their business adds to our growing SOC reporting practice.”

SOC 2® engagements are performed in accordance with the American Institute of Certified Public Accountants’ (AICPA) AT-C 205, Reporting on controls at a service organization based on the trust service principles outlined in the AICPA Guide and reporting on controls at a service organization relevant to security, availability, processing integrity, confidentiality or privacy. The SOC 2® Type II report is performed by an independent auditing firm and is intended to provide an understanding of the service organization’s suitability of the design and operating effectiveness of its internal controls. A service organization may select any or all of the trust service principles applicable to their business and Hostirian chose to report on security. The successful completion of this voluntary engagement illustrates Hostirian’s ongoing commitment to create and maintain a secure operating environment for their clients’ confidential data.

Skoda Minotti’s testing of Hostirian’s controls included examination of their policies and procedures regarding network connectivity, firewall configurations, systems development life cycle, computer operations, logical access, data transmission, backup and disaster recovery and other critical operational areas of their business. Upon completion of the audit, Hostirian received a Service Auditor’s Report with an unqualified opinion demonstrating that their policies, procedures, and infrastructure meet or exceed the stringent SOC 2® criteria.

“The successful completion of our SOC 2® Type II examination audit provides Hostirian’s clients with the assurance that the controls and safeguards we employ to protect and secure their data are in line with industry standards and best practices,” said Ken Cox, CEO.

About – Hostirian, LLC

Hostirian is a wholly-owned company of River City Internet Group, LLC. Hostirian is responsible for various activities related to managing client systems. The types of service offerings available are listed below.

Hostirian’s data centers are located on 11756 Borman Drive, St. Louis, MO 63146 and at 710 N. Tucker, Suite 420, St. Louis, MO 63101. Hostirian’s data centers are 10,000 square feet and 16,000 square feet data operation facilities intended to provide uninterrupted power and service for Hostirian clients. The facilities are designed to greatly reduce client downtime and operate under supervision 24 hours a day, 7 days a week, every day of the year. The data centers currently host, monitor and/or manage user systems located within the two facilities. The colocation model is available to all Hostirian clients and allows Hostirian to act as the client’s server or data warehouse.

The colocation model provides 24 hours a day, 7 days a week, every day of the year on-site live support services for basic reboots, rack or cage space, and power to customer-owned equipment.

About – Skoda Minotti

Skoda Minotti is a Certified Public Accounting Firm based in Cleveland, OH offering a variety of tax, finance, and business advisory services in virtually every area of business. The Risk Advisory practice specializes in SOC Reporting, PCI DSS Compliance, HIPAA Compliance and HITRUST validation, FISMA, NIST, ISO 27001, Vulnerability and Penetration Testing, and other regulatory information security assessments. Staffs in Skoda Minotti’s Risk Advisory hold several industry certifications including Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Qualified Security Assessor (QSA), GIAC Penetration Tester (GPEN), and GIAC Web Application Penetration Tester (GWAPT). For more information about Skoda Minotti’s Risk Advisory Services, please visit skodaminotti.com/risk.

How to Choose the Best Open Source Software

Open source software

Open source software can bring many benefits to businesses.

The term “open source” refers to software that is designed and built to be publicly available, so that people may use, modify or share it as needed. This means that anyone can access and modify the source code – the engine room of the software.

One of the big advantages that draws people to open source software is that it is free. If I can use LibreOffice to create documents and presentations for free, why should I pay for Microsoft Office?

There are actually several advantages and disadvantages to using open source software in your business, so it’s important to weigh these up. If you’re making the decision to go with open source software, do so knowing how to make the best choices. Let’s take a closer look:

Free download: Get our checklist for choosing open source software

The risks and advantages of open source software

Advantages of open source software

  • There are usually no or very few licensing fees. Open source software can also be installed on unlimited machines or devices, as opposed to limits set by licensing agreements.
  • Saves companies time and money by providing software that is ready to use. (You don’t have to spend months creating a proprietary code).
  • Open source means many experienced people have had access to code the software and fix bugs. This can also mean rapid fixes if anything goes wrong – you don’t have to wait for the next release from a software company.
  • You can customize open source software for your own needs. For example, you might create your own plugins or mix and match features to suit.
  • It tends to have good longevity. Anyone can access it so it is evolving continuously to suit current conditions.
  • Any security issues tend to be fixed promptly due to so many people being available to take care of them. (Sometimes you will wait a long time for vulnerabilities in licensed software to be fixed).
Open source software

Disadvantages of open source software

  • Sometimes the GUI (Graphical User Interface – the bit you use on the front-end) is not particularly user-friendly. Many open source software focus on getting some kind of big job done, not so much on the interface.
  • You probably won’t have great support. Licensed softwares often have 24/7 support desks in case you have the need. There are forums for open source software which can be very helpful, but you’re still going to wait.
  • With anyone able to access the source code, there is a chance that some people with malicious intentions might do so, creating security vulnerabilities.
  • If you are reliant on open source software and there is a problem that needs immediate fixing, you may find that you need to pay considerable amounts to developers to get the issue fixed yourself.

Open source software can be a time and money saver, but not without potential risk Click To Tweet

Tips for choosing open source software

If you’ve decided to go for open source software, or any other kind of software, the first thing we would do is make a list of all of your requirements that need to be met. This will help you to choose or eliminate options. Does it already have, or can you add the features that you need?

Once you have a short list of open source software options, here are a few things we would look for:

The track record or reputation of whoever is behind it

What do reviews say about the software? Who founded it and what is their background? Do they have a good track record for keeping open source projects going?

Sometimes people offload their open source projects or simply cease to work on them. That might be fine with you if you have the expertise to keep it going, but you will probably find all upkeep is now on you.

One clue that the software will probably be available and maintained into the future is if a company has developed a tool for in-house use, then opened it up. If they’re still using it in-house, then it’s probably here for the longer-term.

The security protocols and vulnerabilities

Look for regular updates to the software – what version is running and how long has it been going? Look for the last stable version. There is virtually no software that is without bugs, so if Version 1.0 is still in use a few months after launch, there’s a good chance that issues aren’t being picked up, or at least aren’t being fixed.

You’re looking for clear evidence of ongoing effort, that is, unless you’re quite happy to pick up the package as-is and deal with any bugs in-house. Given that you can access the source code, this option is available to you.

Your company has the skill set to deploy and maintain the software

One of the cons of open source software is that you don’t usually have readily-available support. You can turn to forums, but there is no one there waiting to answer support questions, unlike licensed, proprietary software.

This means that open source software is best deployed in a company that has the available skill set to maintain it themselves. What if you were reliant on the software for critical activities in your business? You need to have any issues fixed as soon as possible.

There are active communities

If a software is popular and has active communities around it, then it will be more likely that it is maintained. You’ll find that if it’s not the original developers, other groups of core users will take over maintenance.

You’re looking for regular contributors – if the software has not been updated in a long time, then there’s a good chance it’s about to die.

An active support community is also a very good sign. Look at popular open source software such as WordPress (which now powers at least 30% of websites) – there are huge communities around it and constant flow of information. While your choice of software might not be as big, you still need to see an engaged community.

Good documentation and clean coding

It’s always helpful to have clear documentation to help with implementing and maintaining the software. Documentation is also a good sign that the software project is being taken seriously and is intended to continue.

You should also examine the code base for the software (or get someone with the right experience to check it). You’re looking for clean coding that has clearly been well thought-out. This is a good indication that seasoned professionals are behind the software and that it has the potential to be maintained in-house.

Open source software

Have an open source policy

If your company is going to use open source software, it’s a good idea to implement an open source policy. This helps to ensure that everyone understands how and when open source software is to be used. Having a policy helps you to maximize the benefits of open source software by enabling employees to use it effectively.

Your policy for open source software should also tackle how you will minimize any associated risk. Companies are often concerned with the implications, should anything go wrong with the software. You might include a risk assessment, using some of the key disadvantages outlined here as a starting point.

You should also clearly identify key stakeholders and outline your strategy for how open source software is selected, used and maintained. Make sure you have buy-in from all key stakeholders.

Get our checklist for choosing open source software here

Final thoughts

Open source software can be a real gift to businesses, helping them to save into the hundreds of thousands of dollars, and a whole lot of time on proprietary development. Open source gives you access to all sorts of features and to improvements made by developers from all over the world.

Of course, the nature of open source means that it also comes with risks. It’s important to weigh up the risks and benefits, and establish criteria for assessing possible software choices. Lastly, establish a policy for open source software in your company. This helps to ensure orderly selection, implementation and maintenance.

Want a Hands-Off Website? Here’s What You Need to Manage for Success

Hands-off website

Many of our clients see the appeal of a hands-off website.

You’ve got a lot of other activities to get through in the running of your business, and you don’t want your website to be another task on the pile. There are many different maintenance requirements that go into a website, and you don’t want to do any of them yourself.

This makes a lot of sense – a fully-managed website allows you to get on with the business of doing business. However, there are some important things you’ll need to manage to make sure your website is a success.

Having a fancy website won’t automatically mean that people turn up. You have to be savvy about marketing and messaging, which are things that your website hosting company do not usually do for you.

Here are some things to consider for your website:

Claim local business listings online – get our quick guide here

Your messaging

Did you know it takes about 50 milliseconds for visitors to your website to form an opinion of it? Within that flash of time, they want to be able to grasp what your site is about and whether your business might be of interest to them.

Messaging is something that you need to come up with for your business unless you’re also planning on hiring a separate marketing firm to take care of it (even then, they need to know what you’re trying to achieve in order to formulate the right messages!).

A common mistake that businesses make on their websites is trying to have a catchy slogan or interesting design, but not sending a clear message. Website visitors need to know what you do and who you do it for very quickly; otherwise, they may give up and leave.

Great homepage messaging considers the target audience and includes a value proposition for them. This means that you communicate with visitors how what you do or what you sell can make a positive impact on their lives.

You will need to work with your web host to ensure that your website displays the clear messaging that you want to communicate. It’s a good idea to define who your target audience is first, then come up with a few ways to communicate with them. Take a look at websites that do this successfully – for example, in the screenshot below, Evernote does a great job of stating exactly what they do succinctly and immediately.

Make sure your website messaging is clear to visitors Click To Tweet

Your content

Besides the messaging for your website, you need to look deeper at the rest of the content you will provide. Most web hosts will manage the website and put up content for you, but they won’t create the content themselves. You will need to either produce it yourself or hire a content strategist to do it for you.

Why does content matter so much? For starters, it can help to show your company in a good light. Your content can demonstrate your expertise and (should) deliver value for your target audience. When people gain something of value, they also start to trust your business and consider using your services.

Secondly, website content helps with SEO (Search Engine Optimization) for your website. Basically, the better-optimized your website is, the better it does in terms of search engine ranking. This means that when people type in a search term that is related to your business in Google, your website features somewhere in the results. It takes time to rank highly in results, but having good quality, relevant content helps.

What is “quality content?”

What exactly does “good quality” and “relevant” mean? Your content should answer to the needs of your target audience and be relevant to your business. For example, there would be no point in producing content on an irrelevant topic just because that topic is popular. If your website is for an accountancy service and you’re trying to game the system by putting up “funny cat pictures” it can come back to bite you in the form of being penalized by Google.

Google and the other search engines aim to deliver a quality experience to their users. This means that they want to display the most relevant results first. If you are an accountancy service, something like “how to prepare your small business for tax season” would be much more relevant, and needed by your clients. It’s much better for your business to attract qualified traffic too!

Of course, you can also look at the overall quality of the written content. The best content is technically well-written and delivers an actionable or thought-provoking message, without resorting to writing fluff. Consistency is also important, in terms of tone, quality and frequency, especially if you are producing a blog.

Many business owners look at this and say, “but I don’t have time, I want a hands-off website without having to commit to the content.” If this is you, then it is possible to outsource your content, but you’ll still want to ensure that your messaging and business goals are at the heart of it. You can then get your content person to work directly with your fully-managed web host.

Your marketing

“Build it and they will come” is not a theory that usually works with websites! You still need to work on the marketing side to make sure you get traffic and make your website a success.

A managed website does not include the marketing of that website. This is something that you will need to manage to make your website worthwhile. If you are a bricks-and-mortar operation, then that probably involves online and offline advertising methods.

Here are some examples:

Online marketing

  • Build an email list and regularly send out a newsletter or updates.
  • Setup pages on social media – be active with posting and engaging.
  • Consider paid advertising online. For example, Facebook, Twitter, Amazon or Google advertising.
  • Claim your business listing on local directory sites (such as Yelp and Yellow Pages).
  • Use content marketing – create blog posts, guest post on other websites or syndicate content.
  • Join your local Chamber of Commerce to be featured in their local directory.
Get our quick guide to claiming local listings here

Offline marketing

  • Include your website on business cards and brochures.
  • Sponsor local events.
  • Take out paid advertising in newspapers or magazines.
  • Send out direct mail campaigns.

Testing your website

How do you know which messaging or website layout gets the best results? How do you know overall whether your website is a success?

You can clearly define your target audience, make website layout and feature decisions, and ensure that your messaging and marketing activities seem to be a good fit, but you won’t really know unless you test out different elements of your website.

A/B testing is the most basic form of testing a website. It involves pitting one version (A) against another version (B) and checking if one does significantly better than the other. For example, you might test out headlines, calls to action, web copy, sign-up forms, your checkout flow, layout… there are a huge number of things you can test, so it’s a matter of focusing on what you think might get you the best uplift.

This doesn’t sound very “hands-off” does it? Fortunately, A/B testing is another thing you can outsource. Why would you bother with it? Because optimizing your website can make a huge difference to the results you get. For example, you might find that people weren’t checking out as often due to a long or difficult checkout flow. Testing a different flow may bring better results.

If you do decide to outsource A/B testing, one thing you will need to contribute is your goals for the site. This helps to focus the testing on the areas most likely to impact those goals. You can then work with your web hosting company to make any changes.

Final thoughts

A hands-off website is the ideal situation for many businesses, but it’s important that you still partake in some activities that help your website to be more successful.

When you’re having your site fully managed, you can expect a website that operates well, is designed attractively and has requested changes made by your host. You will still need to get the tasks done that help to draw traffic to your website.

Some of these may be outsourced too, but it’s worth thinking about so that you make the most of your website investment. How will you achieve your desired website goals?