Keep your customers safe while they shop
Your relationship with your customers is built on trust—but a server breach that compromises their private information can quickly ruin that relationship.
You can keep your customers safe by implementing PCI controls and pursuing PCI-DSS compliance. And we can help, with our full range of security solutions for your hosted environment.
“It is probably true to say that without the considerable amount of help from Rackspace we could not have passed the exceptionally stringent PCI audit. Rackspace certainly went above and beyond their remit to ensure that everything was perfect for us.”
Technical Lead, Oyster Card
Discover the 12 requirements of PCI-DSS compliance in our PCI Compliance in the Rackspace Hybrid Cloud whitepaper.
How PCI-DSS and Rackspace can help
The Payment Card Industry Data Security Standard (PCI-DSS) prescribes controls that help protect your customers’ data—not just credit card data. Implementing PCI-DSS controls can help your customers spend confidently. Let us help by providing you with infrastructure and services to assist you in addressing your requirements. You can use Rackspace products and services to:
We can help you assess your hosted environment and recommend solutions to help you meet your security and compliance requirements.
We implement security controls that help you meet your requirements.
Monitor your security environment:
We help you implement the changes you require.
PCI controls for your dedicated environment
You will need to enforce these 12 requirements from the PCI-DSS standard. Here’s how we can help with each requirement.
|You must implement the following PCI controls:||Rackspace can help by providing:|
|Install and maintain a firewall configuration to protect cardholder data||
Rackspace Managed Firewalls provide the highest level of security, earning ICSA Firewall and IPsec certification and Common Criteria EAL4 evaluation status. Working with a Rackspace Security Engineer, you establish and are the sole owner of the set of rules that defines unwanted traffic. Based on this set of rules, information that is sent to your server is inspected and then filtered.
|Do not use vendor-supplied defaults for system passwords and other security parameters||
Vulnerability Assessment Services
Alert Logic’s Threat Manager is a cloud-powered vulnerability assessment and intrusion detection service to defend and protect systems against internal and external threats.
|Protect stored cardholder data||Not applicable — you must implement this requirement|
|Encrypt transmission of cardholder data across open, public networks||
Installation and renewal service for six certificates from the two leading and most trusted names in the industry, VeriSign® and thawte™. Extended Validation (EV), Organization Validated (OV), and Domain Validated (DV) SSL certificates available.
|Use and regularly update anti-virus software or programs||
Fully managed anti-virus solution offers proactive, sustained protection against viruses, worms, Trojans, spyware, and other malware for Windows or Linux servers. Features Behavioral Genotype Protection™ for zero-day protection by proactively identifying malicious code on file servers and deleting it before it executes or reaches endpoint computers on your network.
|Develop and maintain secure systems and applications||
Web Application Firewall
Leverages industry-leading SecureSphere® & ThreatRadar technology from Imperva, the leader in web application security. The Rackspace WAF Service is fully supported by our Professional Services Team who deploys, tunes, profiles, troubleshoots, and manages your device. Service also includes re-tuning your web application firewall as you make changes to your application.
|Restrict access to cardholder data on a need-to-know basis||
Managed Active Directory
Rackspace Managed Servers with Intensive® Proactive Support include customized Active Directory management services.
|Assign a unique ID to each person with computer access||
Backed by industry-leading RSA SecurID technology, with a 20-year history of outstanding performance and innovation and a team of Rackspace CCSP- and RSA-certified professionals to fully manage your dedicated RSA SecurID appliance and tokens. Each RSA Authenticator token automatically generates a unique password every 60 seconds. Two-factor authentication using a unique PIN and the authenticator token password offers a more reliable level of user authentication than reusable passwords alone.
|Restrict physical access to cardholder data||
Data Center Security
Rackspace data centers are PCI-DSS and Safe Harbor compliant in addition to having SSAE16 Type II, SOC1, SOC2 (Security and Availability Only), and SOC3 audits on file for all data center facilities. Specific policies exist to both prevent unauthorized physical access, damage, and interference to our organization’s premises and information and to confirm that only approved users are granted access to appropriate systems and resources.
|Track and monitor all access to network resources and cardholder data||
The Alert Logic Log Manager™ automatically aggregates, normalizes, and stores log data from your environment to simplify log searches, forensic analysis, and report creation through real-time or scheduled analysis. LogReview, a service enhancement to Log Manager, provides daily event log monitoring and review by a team of Alert Logic security professionals.
|Regularly test security systems and processes||
The Alert Logic Threat Management™ system monitors your Rackspace environment, detecting external and internal threats. When it detects an incident, Alert Logic’s ActiveWatch service provides expert guidance from its security operations center (SOC), staffed around the clock by Alert Logic security analysts. Integrated vulnerability scanning helps you identify possible points of entry and correct them, and assists you with meeting regulatory compliance requirements.
|Maintain a policy that addresses information security for all personnel||Not applicable — you must implement this requirement|
Remember that simply hosting with Rackspace doesn’t automatically make you PCI-compliant. And while technologies can help in your efforts toward PCI compliance, tools like Firewalls, Intrusion Detection Systems and Log Management appliances are only as effective as the people and processes in place to install and manage them.
We can work with you to build a framework for outlining and managing the process and technology requirements of PCI-DSS.
PCI and your cloud environment
When you host your environment with Rackspace, you may also sign up with a separate payment processor who provides tokenization—replacing credit card data with meaningless numbers or “tokens”. When you accept a payment, non-PCI data routes to your Rackspace-hosted environment, while the tokenized credit card data routes to your payment processor.
Since your customers’ credit card data does not route to your Rackspace hosted infrastructure—only the payment processor—your Rackspace environment stays out of the scope of your PCI requirements.
Learn more about Security at Rackspace
Learn how we can support your online store