Internap | Intelligent IT Infrastructure solutions that deliver unmatched performance and platform flexibility

Managed Hosting

Intelligent IT Infrastructure solutions that deliver unmatched performance and platform flexibility

PCI-DSS Compliant Hosting

Regulatory issues and security concerns are a reality for companies today. Protecting your data, as well as the data of your customers, is of utmost importance.

Why Data Protection is so Important

Between January 2012 and mid-January 2013, 2,644 data breach incidents were recorded.
The 2,644 incidents represent a 117.3% increase over the previous high mark recorded in 2011.
More than 267 million records were exposed between January 2012 and mid-January 2013.

-February 2013 Data Breach Quickview Report by Risk Based Security and Open Security Foundation

Internap’s Custom Hosting and Private Cloud environments are audited by PCI Qualified Security Assessor (QSA) on a yearly basis to ensure that we are meeting a preponderance of the Payment Card Industry Data Security Standards (PCI-DSS) for protecting personally identifiable data. All of Internap’s data centers’ also conform to AICPA-developed SOC2 criteria, meaning our facilities’ security controls, environmental controls, and operational procedures are regularly reviewed and tested by an independent certified auditor to validate that our their controls and processes are designed appropriately and operating effectively to suitably protect and safeguard customers’ equipment and data.

Partnering with Internap to achieve PCI compliance can reduce compliance costs, increase security and decrease the time it takes to obtain your own Report on Compliance (ROC).

Keeping Your Customers’ Data Safe

The Payment Card Industry Data Security Standard (PCI-DSS) prescribes 12 requirements that can help protect your customers’ data—not just credit card data. Here’s how we can help you meet each of these requirements:

PCI DSS
Requirements
How We Can
Help You
What You Need
to Do
1 Install and maintain a firewall configuration to protect cardholder data • Managed network firewall
• File integrity monitoring
• Ensure segmentation of card holder data environment.
• Review firewall rules semi-annually
2 Don’t use vendor-supplied defaults for system passwords and other security parameters • Internal vulnerability scanning
• VPN service
• Scan vendor supplied passwords
• Create demilitarized zone (DMZ)
• Restrict use of mobile devices
3 Protection of card holder data N/A • Encrypt card holder data
• Encrypt databases
• Secure disposal of media
4 Encrypt transmission of cardholder data across open, public networks • VPN Service
• Managed network firewall
• Web application firewall
• Intrusion detection and prevention system
• SSL certificates
• Encrypt transmission of card holder data across open public networks
5 Use and regularly update anti-virus software programs • Internal vulnerability scanning
• File Integrity monitoring
• Log management

• Anti-virus
• Ensure anti-virus is deployed and continuously patched
6 Develop and maintain secure systems and applications • Internal and external PCI vulnerability scanning
• Web application firewall
• Patch management service
• Secure access to applications and card holder data
7 Restrict access to cardholder data on a need-to-know basis • VPN service
• Managed network firewall
• Security Operations Center work flow change request process
• Secure application & encryption
8 Assign unique ID to each person with computer access • Multifactor authentication
• VPN Service
• Managed network firewall
• Security Operations Center work flow change request process
• Conduct multifactor authentication
9 Restrict physical access to cardholder data • Physical data center security
• SOC2 data center processes and auditing
• Protect card holder data
10 Track and monitor all access to network resources and cardholder data • Log management
• File integrity monitoring
• Protect card holder data
11 Regularly test security systems and processes • Internal and external vulnerability scanning
• File integrity monitoring
• Intrusion detection and prevention system
• Conduct internal and external penetration testing
• Provide wireless Intrusion detection and prevention
12 Maintain a policy that addresses information security for all personnel • Monitoring service • Conduct internal and external penetration testing

We can work with you to identify PCI compliance gaps and construct a plan for meeting the process and technology requirements of PCI-DSS. Get started by contacting us today.