This article looks at a major risk of self-hosting that is sometimes neglected, until it's too late: who is keeping your platform up-to-date?
The Reality of Self-hosting
You might be thinking of hosting your own forum. Of course there are some benefits to this approach, such as retaining total control of your systems. You might even be happy not to have a monthly subscription payment. Unfortunately, along with this total flexibility you also have total responsibility. When you self-host you have no choice but to stay on top of the updates, patches and fixes for your community software. When you host in the cloud, a provider can continually push out tweaks, updates and patches, keeping your forum safe and secure. A provider of a cloud solution owns that task. Who owns it in your organization? Is there someone staying up to date with the latest code from vBulletin or PHPBB? Do they have the time to test, deploy and fix your forum with the latest patches? Can your organization afford the downtime?
Facts of Self-Hosted
Unfortunately recent news is full of reports of communities that have been hacked or compromised. In most cases, the root cause ends up being an out-dated self-hosted piece of software that the company was negligent in updating. The sad truth is that many of these disasters could have been averted by a simple fix that wasn't applied in a timely manner. Why does this happen? Human nature. After a couple of months (or years) when the shine of a new community wears off, someone down the line gets lax in updating the software. Any software can be hacked, but to keep the risk low you have to stay on top of patching and updating your software. By going with a hosted solution, you reduce the risk of complacency.
When Self Hosting Makes Sense
This is not meant to be an attack on self-hosting. We also offer a self-hosted product and in the past I have self-hosted several forums, but I would only do so for personal projects. I would never self-host a business critical community. When you are talking about a brand, a major company with thousands or millions of members, it's a whole other story. There can be no greater PR disaster than having your community hacked and your users information compromised, because someone on your team did not update your software.
I also fully understand the ethos of self-hosting and why you want to keep your data on your servers. On the other hand, many of these arguments are rooted in a false sense of security and the fallacy that self hosting is safer. The reality is that this is not 1999. Times have changed and cloud applications surround us, from Gmail to Dropbox. There are all kinds of data now hosted securely in the cloud and that's not a bad thing. Just as you are an expert in your field, providers of hosted solutions pride themselves on being experts in hosting applications. Why not trust an expert to do what they know how to do, while you focus on selling and servicing your customers? Cloud solutions also reduce total cost of ownership (TCO) by removing the burden of maintenance for your internal IT teams, freeing them up to be smaller, or to focus elsewhere. Going with a cloud solution simply makes more sense.
It's never too late to go hosted. We have helped many customers migrate and transition seamlessly from vBulletin, PHPBB, IPB and a number of proprietary solutions. We know there are some who still prefer to run it on their own servers, but what do you think? Have you experienced a self-hosted nightmare? Who owns your self-hosted solution? How do you handle staying up to date?