Internap Achieves Compliance with New PCI Data Security Standard

Kelvion New Plate Heat Exchanger

Internap’s managed hosting and colocation services now meet the compliance requirements for PCI DSS v.3.1, the latest security standard from the PCI Council. It means that Internap is offering ecommerce and physical retail customers the most secure infrastructure environment possible for storing, processing or transmitting cardholder data.

internap-bare-metal-iaas“As retailers and businesses see exponential growth from ecommerce, the cyber attacks against the underlying payment systems are also increasing in their sophistication,” said Satish Hemachandran, senior vice present and general manager, Cloud and Hosting, Internap. “Infrastructure providers serving this industry have a customer obligation to ensure service offerings are brought into compliance with the latest PCI security standard as quickly as possible. Global retailers depend on Internap‘s infrastructure to keep their sensitive customer data secure as they scale their businesses, and we prioritized achieving PCI DSS 3.1 compliance in a very short timeframe to meet our customers’ needs.”

Independent IT compliance firm Coalfire conducted the PCI DSS 3.1 audit of Internap’s managed hosting and colocation solutions. Criteria for infrastructure providers to meet PCI DSS compliance include:

  • A SOC 2 compliant physical data center with security controls to protect the physical assets (firewalls, routers, switches and servers) of the hosting customer’s environment.
  • Management of administrative user accounts that include service accounts, root, administrator and other system-level administrative (privileged-user) accounts.
  • Installation, configuration, administration and maintenance of firewalls and network router equipment, and the deployment of customer-specific rules for Internap to implement.
  • Anti-virus administration at the operating system level, to ensure that the services operating within the customer’s managed server environment are free from viruses.
  • Backup and recovery of operating system environments, customer data repositories, as well as system and security device configurations.

“Ecommerce companies are all too aware of the frequency of cyber attacks against their industry and require storage and data management systems with sophisticated data management mechanisms to protect customer information,” said Tim Russell, vice president, Product Management, NetApp. “A long-time NetApp partner, Internap leverages clustered Data ONTAP to provide robust data protection for their managed hosting customers’ data. We are excited to support Internap‘s solutions for the ecommerce industry and are very pleased that the company moved quickly to meet the newest PCI data security standard.”