Archive for March, 2010
by FireHost Evangelist on March 30th, 2010
When you develop Web sites that collect payment via credit card for goods and services sold online, part of your responsibility is to establish and maintain PCI compliance. If followed properly, the Payment Card Industry Data Security Standard (current version 1.2) does a very effective job of providing a safe shopping experience for customers. However, achieving compliance is easier said than done, especially for startups and developers for small online retailers.
After reviewing the 200-plus sub-policies, procedures, activities, and technical nuances that make up the PCI Data Security Standard, most small and startup E-commerce companies will choose to outsource portions of their website operation to third party service providers. In this scenario, each party is independently responsible for maintaining control over compliance for their respective organization. You shouldn’t fall into the trap of assuming that someone else is handling your compliance needs. Everyone involved in your online store is responsible for a piece of the security compliance pie.
Anyone that touches or has access to credit card data in any capacity is responsible for PCI compliance, regardless of their role. This includes the online retailer, the Web application developer, and the hosting provider.
The most important steps every E-Commerce developer should complete as they establish a PCI compliant business:
- Step 1 – Become educated about the payment card industry mandates. Taking the time to become knowledgeable here can go a very long way.
- Step 2 – Identify which portions of the PCI DSS you directly control and which items will be outsourced to third parties (A QSA – Qualified Security Assessor – can help with this step)
- Step 3 – Select service partners that have expertise in protecting personally identifiable information (PII).
- Step 4 – Thoroughly review each service partner’s ROC (report on compliance) to make sure there are no unfulfilled requirements or pending remediations for critical items
(more…)
Tags: PCI Compliance, PCI Compliant Hosting, Secure eCommerce Development, secure managed hosting
Posted in: Compliance | No Comments »
by FireHost Evangelist on March 19th, 2010
All new E-commerce businesses should address one vital question first and foremost: Will you collect and store payment card information on your Web site or offload credit card processing to a PCI Compliant merchant like Paypal? The answer to this question is paramount and should be well thought out when you are planning and developing your E-commerce Web application.
When feasible, outsourcing the storage and handling of credit cards to a trusted, capable, and PCI compliant payment processing provider is the most secure and most budget-friendly course of action. Even when you outsource payment processing (the riskiest piece of running an E-commerce business), you still must ensure your hosting environment can deliver speed and scalability that meets user expectation and includes security measures that protect your shoppers from a damaging hacker encounter.
Here are the tools and services that you should be looking for:
Web Hosting Security Basics – the minimum requirements you need to transact business securely online
Redundant firewall protection — Firewalls help stop cyber attacks before they can penetrate the network perimeter. Having firewalls tuned and working in tandem helps ensure protection for your E-commerce environment.
Web application protection – In addition to traditional firewalls, you’ll need a Web application firewall (we call them WAFs). This technology helps protect E-commerce organizations from application-level attacks like SQL injections and Cross Site Scripting (XSS) attacks. Application-level attacks is where the hacker is attacking the website itself; your contact forms, login boxes, etc. Traditional firewalls are helpless to these kinds of attacks and WAFs are required.
(more…)
Tags: eCommerce, PCI Compliant Hosting, Secure eCommerce Development, Secure Web Hosting
Posted in: Security | No Comments »
by FireHost Evangelist on March 16th, 2010
FireHost believes every business is entitled to protection from malicious hacker schemes. This mantra resonates in every decision we make and drives the daily activities for each and every agent of our organization.
We constantly strive to make enterprise-grade hosting features available for companies of all sizes, and VMWare’s vShield™ capabilities (introduced last summer) have helped fulfill our mission. vShield™ marks a significant advance in virtualization technology by providing a “shared [multi-tenant] computing resource pool, while still maintaining trust and network segmentation of users and sensitive data.”
We quickly realized adding vShield™ to our secure hosting infrastructure would make it possible to package the power and privacy of dedicated servers with cloud-like scalability, and our technology staff has worked tirelessly since the announcement to devise the right solution.
The result of their hard work is an affordable, compliance-ready Secure Server with all the tools necessary to protect your customers’ personally identifiable information (PII) and payment card information from hackers without hiring your own internal IT security staff.
Our new offering combines the best features of Dedicated and Cloud hosting into one, affordable Secure Server. This service is new to the hosting marketplace and unique to FireHost, so we’ve made it easy to compare how our Secure Servers stack up against popular options. “When security and affordability are key factors in your consideration set, we make it an easy decision,” said Chris Drake, CEO and founder.
(more…)
Tags: cloud hosting comparison, compare dedicated hosting, compliance ready hosting, secure servers, vmware vshield
Posted in: FireHost News, Security | No Comments »
by FireHost Evangelist on March 1st, 2010
FireHost is honored to be chosen by CODiE as one of 2010′s Best Security Solutions. “We had to out perform some very qualified competition to get to this point, and we are proud to be recognized among other great companies that have also been chosen as finalists this year,” beams Chris Drake, CEO.
All nominated products and services underwent an intensive review by subject matter experts, analysts, journalists, and others with deep experience in the field. We took the panel of experts thru a guided demo of our Advanced Secure Hosting solution. Collective feedback was positive and all the judges were receptive to our positioning stating FireHost is “a complete solution for hosting servers built with REAL security in mind.” FireHost offers a “well thought out security plan for hosting servers” and provides “best in class” hosting solutions.
We were selected from 785 nominations submitted by 374 companies in 55 categories, and we’re confidently optimistic about the second round of voting which enables SIIA members to determine this season’s award winners. Voting will begin Tuesday, March 2, 2010 and the winners will be announced in May, so wish us luck.
This is the twenty-fifth year The Software & Information Industry Association (SIIA) have recognized excellence in the software, education and information industries through the CODiE Awards program. Visit the CODiE or SIIA websites to learn more about each organization.
Tags: 2010 CODiE Finalist, Best Security Solution, CODiE Awards, secure managed hosting, SIIA, Software and Information Industry Association
Posted in: FireHost News | No Comments »
