I have created a site for any small company using .asp. I have setup my very own machine with IIS 7.5, SqlServer Express, etc. We wish to run it on the devoted server. The hosts I have investigated give a devoted server, and essentially allow the user have full use of it, and supply without any technical support. As I am confident I'm able to obtain the site ready to go, I've got a couple of concerns:

1) I am no professional Web Admin

2) I am no security expert

While I have placed lots of safety measures in to the site with different couple of articles (placing important variables within an encoded part of web.config, encrypting sensitive information within the database, SSL where necessary, etc), I am concerned there might be other weaknesses that i'm simply unaware of. The company is going to be utilizing PayPal for financial transactions, and can store no payment information.

Our purpose behind the devoted server is the fact that we want to utilize a cloud-based server that's very scalable just in case we have to grow easily.

What exactly are your ideas?