If you don’t get the right answer to this question, your software project could be in danger!

Peter Tylee 9 Sep 2022



This is the next article in our series on the ‘Technical Questions To Ask Your Software Development Partner’. This series of articles is aimed at educating business owners with questions to ask external vendors, internal candidates and external contractors before contracting them to develop software.

How will your custom software development partner handle software hosting, security and maintenance?

That question should be thought about AFTER the software is developed, right?


If you do not think about this question at the START of the project, then there's no guarantee that you'll have the correct architecture or anything in place in order to handle scaling.

Hosting & Scaling


Hosting is predominantly about SCALING and to what extent your application needs to scale. If you've got an application that you're expecting to have increased load on and you don't have it hosted somewhere that's scalable, then it's not going to work. For the vast majority of cases, people deploy things to the cloud so they offload that whole infrastructure problem onto Google, Microsoft, and Amazon or whoever else and just focus on the actual development of the application itself.



According to TechJury.net, globally, 30,000 websites are hacked every day. 64% of companies worldwide have experienced at least one form of a cyber-attack. There are a lot of ways that that can happen:

  • cross-site scripting attacks
  • man-in-the-middle attacks
  • cross-site request forgery attacks
  • SQL injection attacks.

A segue on security…

A long, long time ago. I was in charge of a pretty small development department that had a student that was fresh out of university. He was really enthusiastic and he went off and developed something on a special assignment from the CEO of this little company. And he put something together and he was really, really proud of it. And then he said, "Hey, this is what I've done". I went and took a look at it and, sure enough, it's pretty clear to see that if you manipulated even just the query string in the URL, you could put in some SQL server commands there and ultimately have full control of this database. I could delete it if I wanted. He learned a lesson, so he said, “Wow! That's really super easy to do!” I was like, “Hmm. Yes, it is.”

If you do not have a development partner who has some kind of security awareness and builds that in from day one then you're going to find yourself with problems. It’s difficult to identify exactly what to look for in their answer to the question about security, but you would want to see that they've got a security plan and some kind of experience with security. You can always ask them which industries they've worked in. A really good one to look out for is banking. If they've done anything in the banking space, then you can be pretty sure that they're on top of security. Essentially, look for some kind of reassurance that they have an awareness of security.

Maintenance plan


Consideration of maintenance really starts with application architecture. If you don't get the architecture right, it's going to be difficult to maintain the application.

*How is it going to capture errors and exceptions? *

How is it going to notify people of those errors?

*What kind of proactive monitoring are you going to have of your infrastructure and your application? *

If you're not doing proactive monitoring, how are you going to know it's broken?

Are you going to wait until the users call and say, "Hey, this isn't working. I'm trying to log in. And it doesn't work"? That's not the best approach to keeping things running and having observability.

Observability is: if you've got a system that's just one “big black box” and you can't see inside it, you don’t know what happens. You've got user details going in one side and money coming out of the other. Now if something goes wrong inside that black box, how are you going to see it? How are you going to debug it? How are you going to support it? All of these things factor into what I would call a maintenance plan.

The Takeaway

At the start of the project, when you ask your software development partner how they will handle software hosting, security and maintenance, look for confident and detailed explanations of hosting plans for scalability, security considerations built-in, and a well-thought-out maintenance plan.

If you’ve got a software project idea that you’d like to discuss, CLICK HERE to book a time for a scoping call to run through your idea.



Written by

Peter Tylee

Call us

+61 2 4063 1115

Email us



Connect with us

© 2022 GistLens Pty Ltd.   ABN: 85 632 037 024.

We help turn big ideas into beautiful digital products and experiences.