For the second year in a row Internap volunteered to have its data centers audited for the PCI DSS compliance by a PCI Qualified Security Assessor (QSA). The result of this audit is a PCI ROC, a Report on Compliance that covers Internap’s managed hosting and the dedicated private cloud environment.
Why does Internap care about PCI DSS? Because we care about the security of our customers’ sensitive business data…
Some of Internap’s clients are required by major payment card companies to be PCI DSS compliant. Therefore Internap developed a secure data center managed hosting environment and a suite of security service offerings that address many of the PCI related service needs of our clients.
How does Internap help its clients with their PCI DSS needs?
The PCI DSS standard includes 12 requirements for businesses that store, process or transmit payment cardholder data (CHD). These requirements, which are listed below at an overview level specify the framework for a secure CHD environment.
It’s important to note that no one managed solution vendor addresses all twelve requirements and their sub-requirements to the fullest and that responsibility for passing the PCI DSS audit ultimately falls to the hosting customer that processes, stores and/or transmits the CHD. However, the following are examples of functions that are defined as the responsibility of Internap in the management of networks and operating systems that address some of our customers’ PCI DSS needs:
- A SOC 2 compliant physical data center with security controls to protect the physical assets (firewalls, routers, switches, and servers) of the hosting customer’s environment.
- Management of administrative user accounts that include service-accounts, root, administrator and other system-level administrative (privileged-user) accounts.
- Installation, configuration, administration and maintenance of firewalls and network router equipment, and the deployment of baseline firewall and router rules (configurations) for which the customer would request its business-specific rules for Internap to implement.
- Network bandwidth to/from the Internet, or customer provisioned private line networks into the provisioned customer environment.
- Anti-virus administration at the operating system level, to ensure that the services operating within the customer’s managed server environment are free from viruses.
- Baseline backup and recovery of operating system environments, customer data repositories, as well as system and security device configurations.
- Operating System (OS) patch management services.
- Intrusion detection, prevention and log management services.
- 24/7 service support (SOC).
Internap represents the best available data center environment to provide better protection of our clients’ applications that deal with CHD. Internap also presents an opportunity for its customers to leverage managed security services tailored to the PCI DSS compliance for better protection of their sensitive business data – and to address compliance with other standards and regulations. Please contact your solutions engineer (SE) with any questions regarding Internap’s PCI DSS managed hosting environment.