If you would like to view a local version of our website, please click the link below...

Support: 1-800-961-4454
Sales: 1-800-961-2888

Keep your customers safe while they shop

Your relationship with your customers is built on trust—but a server breach that compromises their private information can quickly ruin that relationship.

You can keep your customers safe by implementing PCI controls and pursuing PCI-DSS compliance. And we can help, with our full range of security solutions for your hosted environment.

“It is probably true to say that without the considerable amount of help from Rackspace we could not have passed the exceptionally stringent PCI audit. Rackspace certainly went above and beyond their remit to ensure that everything was perfect for us.”
Aingaran Somaskandarajah
Technical Lead, Oyster Card

Discover the 12 requirements of PCI-DSS compliance in our PCI Compliance in the Rackspace Hybrid Cloud whitepaper.

Download the whitepaper

How PCI-DSS and Rackspace can help

The Payment Card Industry Data Security Standard (PCI-DSS) prescribes controls that help protect your customers’ data—not just credit card data. Implementing PCI-DSS controls can help your customers spend confidently. Let us help by providing you with infrastructure and services to assist you in addressing your requirements. You can use Rackspace products and services to:



Plan

Plan

We can help you assess your hosted environment and recommend solutions to help you meet your security and compliance requirements.

Do

Do

We implement security controls that help you meet your requirements.

Check

Check

You can use these services to monitor your security controls and hosted environment:

  • Vulnerability assessment
  • Penetration testing
  • Threat management
  • Log management

Act

Act

We help you implement the changes you require.

PCI controls for your dedicated environment

You will need to enforce these 12 requirements from the PCI-DSS standard. Here’s how we can help with each requirement.



You must implement the following PCI controls: Rackspace can help by providing:
Install and maintain a firewall configuration to protect cardholder data

Managed Firewall

Rackspace Managed Firewalls provide the highest level of security, earning ICSA Firewall and IPsec certification and Common Criteria EAL4 evaluation status. Working with a Rackspace Security Engineer, you establish and are the sole owner of the set of rules that defines unwanted traffic. Based on this set of rules, information that is sent to your server is inspected and then filtered.

Learn more

Do not use vendor-supplied defaults for system passwords and other security parameters

Vulnerability Assessment Services

Alert Logic’s Threat Manager is a cloud-powered vulnerability assessment and intrusion detection service to defend and protect systems against internal and external threats.

Learn more

Protect stored cardholder data Not applicable — you must implement this requirement
Encrypt transmission of cardholder data across open, public networks

SSL Certificates

Installation and renewal service for six certificates from the two leading and most trusted names in the industry, VeriSign® and thawte™. Extended Validation (EV), Organization Validated (OV), and Domain Validated (DV) SSL certificates available.

Learn more

Use and regularly update anti-virus software or programs

Managed Anti-virus

Fully managed anti-virus solution offers proactive, sustained protection against viruses, worms, Trojans, spyware, and other malware for Windows or Linux servers. Features Behavioral Genotype Protection™ for zero-day protection by proactively identifying malicious code on file servers and deleting it before it executes or reaches endpoint computers on your network.

Download PDF

Develop and maintain secure systems and applications

Web Application Firewall

Leverages industry-leading SecureSphere® & ThreatRadar technology from Imperva, the leader in web application security. The Rackspace WAF Service is fully supported by our Professional Services Team who deploys, tunes, profiles, troubleshoots, and manages your device. Service also includes re-tuning your web application firewall as you make changes to your application.

Download PDF

Restrict access to cardholder data on a need-to-know basis

Managed Active Directory

Rackspace Managed Servers with Intensive® Proactive Support include customized Active Directory management services.

Learn more

Assign a unique ID to each person with computer access

Two-Factor Authentication

Backed by industry-leading RSA SecurID technology, with a 20-year history of outstanding performance and innovation and a team of Rackspace CCSP- and RSA-certified professionals to fully manage your dedicated RSA SecurID appliance and tokens. Each RSA Authenticator token automatically generates a unique password every 60 seconds. Two-factor authentication using a unique PIN and the authenticator token password offers a more reliable level of user authentication than reusable passwords alone.

Download PDF

Restrict physical access to cardholder data

Data Center Security

Rackspace data centers are PCI-DSS and Safe Harbor compliant in addition to having SSAE16 Type II, SOC1, SOC2 (Security and Availability Only), and SOC3 audits on file for all data center facilities. Specific policies exist to both prevent unauthorized physical access, damage, and interference to our organization’s premises and information and to confirm that only approved users are granted access to appropriate systems and resources.

Learn more

Track and monitor all access to network resources and cardholder data

Log Management

The Alert Logic Log Manager™ automatically aggregates, normalizes, and stores log data from your environment to simplify log searches, forensic analysis, and report creation through real-time or scheduled analysis. LogReview, a service enhancement to Log Manager, provides daily event log monitoring and review by a team of Alert Logic security professionals.

Learn more

Regularly test security systems and processes

Threat Management

The Alert Logic Threat Management™ system monitors your Rackspace environment, detecting external and internal threats. When it detects an incident, Alert Logic’s ActiveWatch service provides expert guidance from its security operations center (SOC), staffed around the clock by Alert Logic security analysts. Integrated vulnerability scanning helps you identify possible points of entry and correct them, and assists you with meeting regulatory compliance requirements.

Learn more

Maintain a policy that addresses information security for all personnel Not applicable — you must implement this requirement


Remember that simply hosting with Rackspace doesn’t automatically make you PCI-compliant. And while technologies can help in your efforts toward PCI compliance, tools like Firewalls, Intrusion Detection Systems and Log Management appliances are only as effective as the people and processes in place to install and manage them.


We can work with you to build a framework for outlining and managing the process and technology requirements of PCI-DSS.

PCI and your cloud environment

When you host your environment with Rackspace, you may also sign up with a separate payment processor who provides tokenization—replacing credit card data with meaningless numbers or “tokens”. When you accept a payment, non-PCI data routes to your Rackspace-hosted environment, while the tokenized credit card data routes to your payment processor.


Since your customers’ credit card data does not route to your Rackspace hosted infrastructure—only the payment processor—your Rackspace environment stays out of the scope of your PCI requirements.


Learn more about Security at Rackspace

Learn how we can support your online store

Contact Us

Racker Powered
©2014 Rackspace, US Inc.