Application Service Providers

Stephen Culver

Emerging Technologies

Professor Layton

July 3, 2003

Table of Contents

Introduction… … … … … … … … … … 3

What is an application service provider and what do they do?… … … 3

Application and Infrastructure Services… … … … … … 3

Benefits of Application Service Providers… … … … … … 4

Drawback of Application Service Providers… … … … … 5

Technical concerns regarding ASPs… … … … … … 6

Choosing an Application Service Provider… … … … … … 8

Current state of the ASP industry & its future… … … … … 9

Conclusion… … … … … … … … … … 9

Webliography… … … … … … … … … 10
Introduction

Application hosting is a quickly growing industry as more and more companies begin to outsource the design and implement of their business management systems. This report will define what exactly application service providers (ASPs) do, list and describe the categories of ASPs, discuss the benefits as well as draw backs of ASPs, describe concerns that companies have with regard to using ASPs, and the current state of ASPs and their.

What is an Application Service Provider (ASP) and what do they do?

Application Service Providers are companies that host applications on their systems that companies can access via VPN or WAN (Wide Area Network) connections to manage various aspects of their business. ASPs buy applications, install them on their servers, manage them, support them, and provide access to these applications often for a fee.

Application and Infrastructure Services

Application Service Providers are classified into two categories: application services and infrastructure services. ASPs that fall into the application service category host applications for such things as email, office productivity suites, intranets and extranets, as well as applications for business departments such as Human Resources and Accounting. ASPs that fall into the infrastructure services category host more robust applications that are used for such things as customer service, inventory, processing of orders placed online, and data storage among others. Infrastructure is commonly referred to as “‘end-to-end’ applications because they encompass a complete procedure, such as a manufacturing process” (Booth, 2001, Internet).

Benefits of Application Service Providers

Application Service Providers have become an increasingly attractive option for companies that are looking to outsource certain aspects of their business and cut costs. Companies can reduce costs by having an ASP host and manage business applications rather than bear the costs of developing such applications, hosting, and managing them on their own. Companies will also be able to implement solutions provided by an ASP much faster because these solutions are pre-developed and can be quickly customized. Company systems will be free of storage hungry applications and network bandwidth will not be adversely affected.

ASPs provide other benefits such as improved accessibility of applications. Companies that have offices in various locations can be assured that their employees can access the necessary applications wherever they are, as long as they have access to the Internet. ASPs, as stated earlier, can benefit companies because the solutions they provide can be implemented much faster than those that are developed in-house. In-house applications typically take upwards of a year to develop and employ, thus increasing the total cost of the solution. Corporate I.T. departments benefit from not having to implement and manage complex enterprise applications and being able to concentrate on the management of the corporate network and systems, as well as working on ways to improve the way the company uses technology and implement new technologies.

Drawbacks of Application Service Providers

The benefits of ASPs outweigh the drawbacks, but the fact remains that there are some drawbacks that need to be considered. The key drawback is that companies simply cannot be sure whether an ASP that they choose will be around next year or even next month. The ASP industry is continuously consolidating and some of the smaller providers are either being swallowed up by their larger rivals or are going out of business altogether. Application availability has been a problem and continues today, but to a lesser extent than in previous years. ASP utilization can also increase the possibility of system failure because ASPs become a layer of complexity all by themselves.

Technical concerns regarding ASPs

Security is a major concern for Application Service Providers. TriActive, Incorporated identifies five (5) security related concerns: physical security of data, owership of data within the ASP’s Network Operations Center (NOC), accessibility of the data at the NOC, security of the Internet connection between the ASP and customer, and accessibility of the customer’s network by the ASP.

Physical security of a customer’s data is extremely important. Customer data is housed in storage equipment that is not located in the customer’s data center. The storage equipment is located in the ASP’s NOC, which has tightly controlled access. Companies should always make sure that an ASP has a strict policy in place for authorizing access to customer data and equipment. Emergency contingencies should also be in place should a fire or some other disaster occur at the NOC. Customer data should be regularly backed up and the backup copies should not be located on the same premises as the NOC.

Internet connection security is also a major concern. The ASP and customer should jointly ensure that their systems are protected from outside unauthorized access and potentially malicious activity. TriActive, Inc., recommends that ASPs “deliver a solution that either enters through the customer firewall or they should provide a custom VPN solution” (TriActive, 2003, Internet). TriActive goes on to state that VPNs are becoming the solution of choice. VPNs offer a single method of accessing data from the ASP and eliminate the need for the customer to make changes to their firewall in order to accommodate multiple methods of accessing data by their employees.

Data security is without question extremely important. Application Service Providers, under normal circumstances, should NOT have access privileges to use customer data. The ASP stores the data, maintains the storage equipment and applications, and makes routine backups. Personnel responsible for carrying out the previous duties will have access to customer data, but do not have authorization to review, manipulate, or in any way use the data for any purpose. The customer retains ownership of the data in full.

Application Service Providers are implementing varying forms of authentication to ensure that the security of customer data is not breached. Shared Medical Services is an ASP that has implemented a system that requires customers to use a token to login to the system. The token cycles every 60 seconds and is backed up by a firewall that provides added protection from unauthorized access. Shared Medical Services also offers dedicated servers to customers who require even greater security. Dedicated servers are more secure than shared servers because dedicated servers are used only be a single organization.

Security should be the first priority for ASPs and their customers when they begin discussing the terms of their service agreement. The service agreement should take the form of a Service Level Agreement (SLA), the SLA states exactly what the responsibilities of the two parties are. The SLA should clearly state what forms of security the ASP provides and who will have access to customer data. The SLA should also describe how and when the Application Service Provider makes backup copies of the customer’s data. The Service Level Agreement also details pricing for the service and specifies performance and compliance expectations.

Choosing an Application Service Provider

Michael Booth, director of global marketing and research for CompTIA, provides the following guidelines to following when selecting an ASP:

§ Inquire about what methods of security the ASP provide to protect your data.

§ What contingencies are in place for recovering data should a system failure occur?

§ At what intervals will the ASP review performance, and will the customer have access to the performance reviews?

§ What standards of system uptime, availability, bandwidth, and redundancy does the provider have?

§ What procedures are in place to record, report, and resolve technical issues?

§ What procedures does the ASP follow to hire, train, and keep their professionals?

§ Is the ASP financially sound, and how do they plan to attain and retain profitability in the future?

§ How long will it take for the ASP to get the application ready for service?

§ Will technical support consultants be able to respond in a timely manner when problems arise?

§ Does the negotiated Service Level Agreement (SLA) benefit the ASP and the customer?

§ Make sure the SLA contains language that is not confusing; the language must be clear and very specific.

§ Will the ASP provide a risk-free trial to the customer, and if things do not work out allow the customer to walk away?

Current state of the ASP industry & its future

The ASP industry has not grown to the extent that was expected a few years ago. Companies have been more reluctant to use ASPs due to concerns such as application availability, costs involved, and most importantly, security. IStart, an ASP resource website based in New Zealand, cites a survey from the Aberdeen Group that indicated that world-wide ASP sales would increase “at a 52 per cent compound annual growth rate through to 2005 with spending increasing from $US3 billion to $US 16.1 billion over the next four years” (iStart, 2003, Internet).

Conclusion

Application Service Providers provide application hosting for applications that range from email, to Intranets/Extranets, productivity suites, to applications for inventory management, human resources, and marketing. ASPs host the applications on equipment in their Network Operations Center (NOC) and the customer has access to the applications via the Web, extranet, or VPN. Companies from a variety of industries are gradually switching to ASPs to host enterprise applications because ASPs can provide a solution that can be quickly setup and are cheaper than anything that the customer could develop in-house. Technical concerns include physical security of customer data, security of Internet connection between the ASP and customer, and access to customer data. Overall, Application Service Providers can develop solutions that can be implemented fairly quickly and that help companies reduce costs. ASPs do have drawbacks, but it is widely believed that the benefits outweigh the drawbacks.

Webliography

Booth, Michael. “The ABCs of ASPs.” EbizQ 28 Jan 2002.

EbizQ. 24 June 2003 <http://b2b.ebizq.net/asp/booth_1.html>

TriActive, Inc. “Security and Service Providers.” TriActive, Inc. Mar 2003.

TriActive, Inc. 24 June 2003. <http://www.triactive.com/demo/whitepapers/pdfs/WP_Security_ServiceProviders.pdf>

Sweeney, Terry. “ASPs Answer The Security Question.” Information Week. 5 June 2000.

Information Week. 20 June 2003. <http://www.informationweek.com/789/asp.htm>

Holohan, Meghan. “Application Service Providers.” Computer World. 11 Sept 2000.

Computer World. 21 June 2003. <http://www.computerworld.com/softwaretopics/software/story/0,10801,49858,00.html>

IStart Limited. “Application Service Providers.” IStart. 2003.

IStart Limited. 20 June 2003.

<http://www.istart.co.nz/ASP-application-service-provider.htm>

ANANTA Corporation. “ASP Benefits.” ANANTA Corporation. 2001.

ANANTA Corporation. 19 June 2003.

<http://www.ananta.ca/ASP%20-%20benefits.asp>