One Play Ahead: Trends for Web & App Hosting

A big part of what makes an elite offensive player who he is on the ice is the ability to think the game one-play ahead. Gretzky was less concerned with where the puck was and more with where it was going to be next, along with knowing exactly what he’d do with it once the puck was on his stick. Here at 4GoodHosting, we’re a top Canadian web hosting provider who similarly likes to look ahead at trends is the web and app hosting world that will dictate how we should adapt to best serve our customers.

This blog post is based on data from a comprehensive report from 451 Research, and it gives significant insight on where the marketplace should be within 2+ years. It highlights in particular the meteoric rise in demand for managed web hosting in Canada, and how growth for web and application hosting has slowed predictably in recent years.

That’s not necessarily cause for alarm, though – it just means the plays are slower to develop now. Technology is evolving. All you have to do is take the pulse of your own web or app hosting business. Workloads tend to be moving out of the web and app hosting category, and that’s true of some products as well.

Many are responding by shuffling the IT services deck for data-gathering purposes. More and more service providers are specializing, serving a narrower or niche target market. New service categories are emerging, and we realize that we need to analyze the user preferences of our customers very insightfully right now to see where we can best put the bulk of our services technology to work for you.

Here are the numbers of the report, with three statistical predictions:

  1. As a category, web and app hosting will grow from $18.2 billion in 2015 to $25.8 billion by 2019.
  2. Total hosting revenue will increase at an annualized rate of 15.5%. What’s interesting is that the “balance of power” in terms of revenue drivers has shifted. Managed hosting is growing at a far faster rate than web/app hosting.

Here’s how that 15.5% breaks down:

  • Dedicated hosting should grow about 5.7% per year
  • Shared hosting should grow about 10.4% per year
  • Managed hosting should about 18.7% per year
  1. In market share:
  • Web/app hosting will drop from 36.8% to 28.5%
  • Managed hosting will increase a mammoth 71.5%

Promoted Changes

The evolution of technology has changed the way every business competes. There have been discernible shifts in the way customers function and think about IT, and it necessitates changes to the way folks like us will approach our future moves regarding web and app hosting.

A reduced number of workloads need to be managed as part of service delivery. Internet-based infrastructure is increasingly common these days, and ever greater numbers of enterprise workloads exist in hosted environments. IAAS is gaining a lot of ground with web masters whose workloads previously existed as a dedicated hosting environment or VPS.

Further, certain environments are now considered to be part of managed hosting. Increasing modularity of managed services means more versatility, and it’s timely for a widening range of infrastructure types and applications.

Constant Change

Identifying and understanding trends is a must for hosting providers. As a business in this industry you need to keep your feet moving and have your head on a swivel, again like your anticipating where the play is going and the puck is going to be.

Customers are going to be struggling to find these new IT solutions for their businesses, and we imagine every reputable Canadian web hosting provider is going to be very proactive in responding to the new industry realities.

Promising Predictions

The ever-constant growth of the web for business continues to steam ahead as a whole. 451 Research volunteers that the sector should see an additional $7.5B in revenue each of the next few years. That’s a large pie to be pieced, but those who want a little more of it will have to reinvent their business model and very likely the marketing strategy that goes along with it.

Continued growth for web and app hosting will primarily come from 2 sources:

  • Adding new subscribers to grow your customer base
  • Adding new services you can sell to existing customers

The Appeal of Hybrid Cloud Hosting

Most of you will need no introduction to the functionality and application of cloud computing, but those of who aren’t loaded with insight into the ins and outs of web hosting may be less familiar with cloud hosting and what makes it significantly different from standard web hosting. Fewer still will likely know of hybrid hosting and the way it’s made significant inroads into the hosting market with very specific appeals for certain web users with business and / or management interests.

Here at 4GoodHosting, we’ve done well establishing ourselves as a quality Canadian web hosting provider, and a part of what’s allowed us to do that is by having our thumb on the pulse of our industry and sharing those developments with our customers in language they can understand. Hybrid hosting may well be a good fit for you, and as such we’re happy to share what we know regarding it.

If we had to give a brief overview of it, we’d say that hybrid hosting is meant for site owners that want the highest level of data security along with the economic benefits of the public cloud. Privacy continues to be of a primary importance, but the mix of public and private cloud environments and the specific security, storage, and / or computing capacities that come along with the pairing are very appealing.

What Exactly is the Hybrid Cloud?

This combination of private and public cloud services communicate via encrypted technology that allows for data and / or app portability, consisting of three individual parts; the public cloud / the private cloud / a cloud service and management platform.

Both the public and private clouds are independent elements, allowing you to store and protect your data in your private cloud while employing all of the advanced computing resources of the public cloud. To summarize, it’s a very beneficial arrangement where your data is especially secure but you’re still able to bring in all the advanced functionality and streamlining of processes that come with cloud computing.

If you have no concerns regarding the security of your data, you are; a) lucky, and b) likely to be quite fine with a standard cloud hosting arrangement.

If that’s not you, read on…

The Benefits of Hybrid Clouds

One of the big pluses for hybrid cloud hosting is being able to keep your private data private in an on-prem, easily accessible private infrastructure, which means you don’t need to push all your information through the public Internet, yet you’re still able to utilize the economical resources of the public cloud.

Further, hybrid hosting allows you to leverage the flexibility of the cloud, taking advantage of computing resources only as needed, and – most relevantly – also without offloading ALL your data to a 3rd-party datacenter. You’re still in possession of an infrastructure to support your work and development on site, but when that workload exceeds the capacity of your private cloud, you’re still in good hands via the failover safety net that the public cloud provides.

Utilizing a hybrid cloud can be especially appealing for small and medium-sized business offices, with an ability to keep company systems like CRMS, scheduling tools, and messaging portals plus fax machines, security cameras, and other security / safety fixtures like smoke or carbon monoxide detectors connected and working together as needed without the same risk of web-connection hardware failure or security compromise.

The Drawbacks of Hybrid Clouds

The opposite side of the hybrid cloud pros and cons is that it can be something of a demanding task to maintain and manage such a massive, complex, and expensive infrastructure. Assembling your hybrid cloud can also cost a pretty penny, so it should only be considered if it promises to be REALLY beneficial for you, and keep in mind as well that hybrid hosting is also less than ideal in instances where data transport on both ends is sensitive to latency, which of course makes offloading to the cloud impractical for the most part.

Good Fits for Hybrid Clouds

It tends to be a more suitable fit for businesses that have an emphasis on security, or others with extensive and unique physical data needs. Here’s a list of a few sectors, industries, and markets that have been eagerly embracing the hybrid cloud model:

  • Finance sector – the appeal for them is in the decreased on-site physical storage needs and lowered latency
  • Healthcare industry – often to overcome regulatory hurdles put in place by compliance agencies
  • Law firms – protecting against data loss and security breaches
  • Retail market – for handling compute-heavy analytics data tasks

We’re fortunate that these types of technologies continue to evolve as they have, especially considering the ever-growing predominance of web-based business and communication infrastructures in our lives and the data storage demands and security breach risks that go along with them.

3 Years Left: Flash’s Shelf Life Drawing to a Close in 2020

Video content has become so standard in every aspect of the digital world, from news to sports to commercial videos for business and many more examples of where you’ve been able to watch video from your computer or smartphone over the last nearly 20 years in much the same way you were only able to do so with a TV prior to that. Behind that capability was Adobe, and their much-heralded and long-ubiquitous Flash plug-in multimedia player. It’s been a staple for pretty much every device since it emerged in the late 1990s, but now it seems it seems its working life is drawing to a close.

Here at 4GoodHosting, we take pride in being a top Canadian web hosting provider and we believe that a small part of what gives us that distinction is in being in touch with all the reaches of the industry within which we operate. Given that dynamic multimedia content delivery is an important component of many of the websites we host, we feel this is a relevant topic for our blog this week.

Adobe has announced that it will stop updating and distributing Flash by the end of 2020. That’s right, the 2-decade long reign of the most commonplace media player will finally come to an end. Until that time, Adobe will continue to partner with Apple, Mozilla, Microsoft, and Google to offer security updates – including patches – in their browsers but no new Flash features will be forthcoming. The 20 year run as the undisputed ‘go-to’ guy for video within web browsers has been an impressive one, but one can’t deny that Flash and its more outdated versions have become prime targets for hackers because of the extent of its distribution and inherent security vulnerabilities which unfortunately allowed intrusion far too easily very often.

Flash’s Legacy

As mentioned, Flash emerged in the late 1990s, and its popularity was firmly cemented with Microsoft’s Internet Explorer becoming the default browser in Windows. Quickly leaving low resolution GIFs or blinking text behind, Flash allowed designers and developers to make web-based video, and animated, interactive content that could play on any computer or within any browser. Flash has been a website thoroughbred ever since, making it easy to play online games, stream radio station music and – perhaps most importantly for many of us – watch YouTube videos. It has also let people build features like photo galleries, and allowed a whole array of multimedia applications to be implemented, like using webcams for video chat!

So while it is indeed on its way out, we should celebrate Flash’s legacy, and that being one of a profound and positive impact on further creative content initiatives on the web in an era where content had become king.

A Slow, Lengthy Demise

Flash loaded content in a web browser and ensured that the content looks and behaves identically for anyone who loads it, independent of what type of browser or computer they were using to access it. Nowadays, however, we’re fortunate to have advancing technologies that are capable of running natively in web browsers. Having unilateral and wide-sweeping plug-in requirements has become a liability.

The earliest sign that Flash was inevitably going to be phased out came in 2004, when Mozilla, Apple and Opera Software came together to form a group promoting advance core technologies for HTML that would consolidate the building of websites. They wanted industry standards as opposed to proprietary softwares, but the world web consortium didn’t give them much of an audience.

The first death knell really came in 2007, when Apple decided not to support Flash in the newly introduced iPhone. Mobile web was rising to prominence and the fifth version of HTML was promising to replace some of the functionality Flash provided, and as a result developers began moving away from Flash and toward HTML5 and JavaScript.

Indeed, it wasn’t long before HTML5 became the new standard. Rather than use Flash, Apple adopted HTML5, CSS and JavaScript due to the fact that all were open standards that web browsers could build on. Flash still remained integral to the web and was used to create native apps for iOS, but here ten years later even video streaming sites such as YouTube, Dailymotion and Vimeo have made HTML5 their default video player.

What To Expect in 3 Years?

Safari: Apple’s Safari has blocked Flash from running since 2016, but it’s possible to re-enable it on websites that offer a download of Flash.

Chrome: Chrome began asking permission to run Flash on some websites since 2015, and it’ll likely continue to do so, perhaps even more frequently. From the close of 2016, Flash is allowed by default on 10 websites only, including its own YouTube, Facebook, Twitter and Amazon. It’s stated it will disable Flash by default come 2019.

Firefox: This browser will ask you specifically regarding the sites for which you want to enable Flash, but it will also disable Flash altogether by default in 2019. There will, however, be lingering support in Firefox’s Extended Support Release through the end of 2020.

Edge: Microsoft’s newer browser uses a click-to-play option for when you want to run Flash on a website, and this will continue through mid-2018. Following that Edge will be more aggressive about requiring you to authorize Flash, plus in 2019 Microsoft will disable Flash by default, and disable it entirely by the end of 2020.

Facebook: Facebook is home to a large number of Flash-based games, including FarmVille and Words with Friends, which will continue to run on Facebook via Flash until the end of 2020. Nothing more is known regarding this at this time.

The folks at Adobe, meanwhile, have renamed the software for making Flash – Flash Professional CC – to Animate CC, which will be, according to them, the “premier web animation tool for developing HTML5 content.” Adobe is also strongly suggesting that developers migrate their content to open formats like HTML5, WebGL and WebAssembly.

HTML5 has slowly and surely replaced Flash Player as a viable alternative for delivering content on the web. Most browser vendors have integrated functionalities once provided by plugins now directly integrated into the browsers themselves, and with HTML5 built into most of the big name browsers already there is the convenience of no need to install anything to use it.

In the big picture of things, no one should be too distraught over the demise of Flash. Instead we should be eager to see how Adobe plans to usher in the next era of digital content creation.

Seven Steps to a Reliably Secure Server

In a follow up to last week’s blog post where we talked about how experts expect an increase in DDoS attacks this year, it makes sense for us to this week provide some tips on the best way to secure a server. Here at 4GoodHosting, in addition to being a good Canadian web hosting provider we also try to take an interest in the well being of clients of ours who are in business online. Obviously, the premise of any external threat taking them offline for an extended period of time will endanger the livelihood of their business, and as such we hope these discussions will prove valuable.

Every day we’re presented with new reports of hacks and data breaches causing very unwelcome disruptions for businesses and users alike. Web servers tend to be vulnerable to security threats and need to be protected from intrusions, hacking attempts, viruses and other malicious attacks, but there’s no replacing a secure server with its role for a business that operates online and engages in network transactions.

They tend to be the target because they are many times all too penetrable for hackers, and add to that the fact they’re known to contain valuable information. As a result, taking proper measures to ensure you have a secure server is as vital as securing the website, web application, and of course the network around it.

Your first decisions to evaluate are the server, OS and web server you’ll choose to collectively function as server you hope will be secure, and then the kind of services that run on it. No matter which particular web server software and operating system you choose to run, you must take certain measures to increase your server security. For starters, everyone will need to review and configure every aspect of your server in order to secure it.

It’s best to maintain a multi-faceted approach that offers in-depth security because each security measure implemented stacks an additional layer of defence. The following is a list we’ve assembled from many different discussion with web development and security experts that individually and collectively will help strengthen your web server security and guard against cyberattacks, stopping them essentially before they even have the chance to get ‘inside’ and wreak havoc.

Let’s begin;

  1. 1. Automated Security Updates

Unfortunately, most vulnerabilities come with a zero-day status. Before you know it a public vulnerability can be utilized to create a malicious automated exploit. Your best defence is to keep an eye ALWAYS on the ball when it comes to receiving security updates and having them put into place. Now of course your eye isn’t available 24/7, but you can and should be applying automatic security updates and security patches as soon as they are available through the system’s package manager. If automated updates aren’t available, you need to find a better system – pronto.

  1. Review Server Status and Server Security

Being able to quickly review the status of your server and check whether there are any problems originating from CPU, RAM, disk usage, running processes and other metrics will often help pinpoint server security issues with the server in a much faster period of time. In addition, ubiquitous command line tools can also review the server status. Each of your network services logs, database logs, and site access logs (Microsoft SQL Server, MySQL, Oracle) present in a web server are best stored in a segregated area and checked with regularity. Be on the lookout for strange log entries. Should your server be compromised, having a reliable alerting and server monitoring system standing guard will prevent the problem from snowballing and allow you to take strategic reactive measures.

  1. Perimeter Security With Firewalls

Seeing to it you have a secure server means involves the installation of security applications like border routers and firewalls ready and proven effective for filtering known threats, automated attacks, malicious traffic, DDoS filters, and bogon IPs, plus any untrusted networks. A local firewall will be able to actively monitor for attacks like port scans and SSH password guessing and effectively neutralize their threat to the firewall. Further, a web application firewall helps to filter incoming web page requests that are made for the explicit purpose of breaking or compromising a website.

  1. Use Scanners and Security Tools

Fortunately, we’ve got many security tools (URL scan, mod security) typically provided with web server software to aid administrators in securing their web server installations. Yes, configuring these tools can be a laborious process and time consuming as well – particularly with custom web applications – but the benefit is that they add an extra layer of security and give you serious reassurances.

Scanners can help automate the process of running advanced security checks against the open ports and network services to ensure your server and web applications are secure. It most commonly will check for SQL injection, web server configuration problems, cross site scripting, and other security vulnerabilities. You can even get scanners that can automatically audit shopping carts, forms, dynamic web content and other web applications and then provide detailed reports regarding their detection of existing vulnerabilities. These are highly recommended.

  1. Remove Unnecessary Services

Typical default operating system installations and network configurations (Remote Registry Services, Print Server Service, RAS) will not be secure. Ports are left vulnerable to abuse with larger numbers of services running on an operating system. It’s therefore advisable to switch off all unnecessary services and then disable them. As an added bonus, you’ll be boosting your server performance by doing this with a freeing of hardware resources.

  1. Manage Web Application Content

The entirety of your web application or website files and scripts should be stored on a separate drive, away from the operating system, logs and any other system files. By doing so it creates a situation where even if hackers gain access to the web root directory, they’ll have absolutely zero success using any operating system command to take control of your web server.

  1. Permissions and Privileges

File and network services permissions are imperative points for having a secure server, as they help limit any potential damage that may stem from a compromised account. Malicious users can compromise the web server engine and use the account in order to carry out malevolent tasks, most often executing specific files that work to corrupt your data or encrypt it to their specifics. Ideally, file system permissions should be granular. Review your file system permissions on a VERY regular basis to prevent users and services from engaging in unintended actions. In addition, consider removing the “root” account to enable login using SSH and disabling any default account shells that you do not normally choose to access. Make sure to use the least privilege principle to run specific network service, and also be sure to restrict what each user or service can do.

Securing web servers can make it so that corporate data and resources are safe from intrusion or misuse. We’ve clearly established here that it is about people and processes as much as it is about any one security ‘product.’ By incorporating the majority (or ideally all) measures mentioned in this post, you can begin to create a secure server infrastructure that’s supremely effective in supporting web applications and other web services.