by FireHost Evangelist on May 25th, 2010
True story – visiting a client one time, our CEO Chris Drake came across a sales guy who had his computer access credentials taped to the palm rest of his laptop. It turns out the company’s entire customer information database was synced to the sales person’s laptop. If he lost it (or if it was stolen) you can only imagine the consequences.
This vision has haunted us ever since. The responsibility of keeping your company’s data safe is one that’s shared by the whole team, and should make them feel empowered. Hacker prevention for companies that store data and/or transact business online isn’t as simple as hiring a secure web host, it’s a 24/7 job that requires good physical and virtual housekeeping from everyone. Luckily, it’s not as tedious, time consuming, or boring as cleaning your actual home, and it doesn’t require you to pat down your employees each time they walk out the door.
Here are five best practices that every one on your team should put into action to keep the company safe from cyber criminals.
#1 Mobile Security
Whether you’re a swanky, MacBook Pro toting executive or a lowly intern who has company email syncing to your phone, you’re responsible for data security when working remotely. Password protecting your mobile devices, and your software, is a ridiculously easy and yet commonly overlooked step that can prevent a world of loss. Password protect everything that your employees work on and access remotely. And we mean everything – mobile phones and laptops, email accounts, VPN connections, and SaaS programs used for business. In addition, don’t store or “remember” passwords for critical services. Require that every employee manually type his or her credentials every time. It’s really not as daunting as it sounds. It takes just a moment to enter a password.
Read the rest of this entry »
Tags: Empower Employees, Physical Security, Protect Personally Identifiable Information, Virtual Security
Posted in: Compliance, Security
by FireHost Evangelist on May 24th, 2010
FireHost has been named as a Top 5 Finalist in the category of Best New Computer Product or Service for 2010 by The American Business Awards (aka Stevie Awards).
Stevie Awards honor American companies and business people from organizations in a variety of industries. The other four nominees have useful, innovate, and very smart products and services that can significantly improve your e-life, so please check them out.
- Data Robotics, Inc’s DroboElite Self-managing iSCSI SAN
- DocuSign’s Mobile Extension enabling users to securely e-sign documents from more than two dozen mobile devices
- Novell’s SUSE Studio for flexible and friendly Linux customization
- Zebra Technologies ZXP Series 8 retransfer printer which produces photo-like images FAST
As you can see, we’ll need your help to out class this year’s very qualified competition. Please help us win by clicking the icon below.
We appreciate your endorsement. The winner will be announced in June.
The full list of finalists from all New Products and Product Management Categories for 2010 is listed on the Stevie Awards website.
Tags: American Business Awards, Best New Computer Product or Service for 2010, Favorite Service of 2010, Peoples Choice Stevie Awards for 2010, Stevie Awards 2010
Posted in: FireHost News, Technology
by FireHost Evangelist on May 19th, 2010
Data encryption seems complicated, and in most cases it lives up to that complexity. This is especially true when encryption requirements go beyond the basics, such as names and passwords, to include highly confidential information like social security numbers, credit card numbers, and protected health information.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of rules that help govern the way credit card information should be handled and protected. Its nomenclature can oftentimes be a bit confusing. So in a short series articles (starting with this one), we’ll break down the most important elements of the PCI DSS as it relates to data encryption.
PCI DSS Requirement 4
Requirement 4.1 of PCI DSS addresses the encryption protocols and instructs any entity that accepts, handles, transmits, or stores credit card data to “use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.”
Let’s start with understanding what information is encrypted per Requirement 4. PCI DSS requires that all cardholder data (specifically the cardholder’s name, the card number, expiration date, and billing address) be encrypted when stored or transmitted.
Here are some common questions and answers about Requirement 4 to help developers navigate through it.
Read the rest of this entry »
Tags: Achieving PCI Compliance, PCI Compliance, PCI Compliant Hosting, PCI DSS Requirement 4
Posted in: Compliance, Technology
by FireHost Evangelist on May 12th, 2010
You may recall, back in March we were nominated as one of the Best Security Solutions for 2010 by the Software and Information Industry Association (SIIA). The news came down today at a special CODiE Awards luncheon in San Francisco that we won – FireHost is officially THE Best Security Solution for 2010!
The entire FireHost team is excited and honored by this recognition. We want to thank the other finalists for providing stiff competition, and we want to appreciate the CODiE Judges for picking us out of the crowd.
We will wear our CODiE badge proudly as we uphold our mission of making a secure web hosting environment available to companies of all sizes.
A list of all 34 CODiE Award Winners from various categories is now listed on the SIIA website.
Tags: 2010 CODiE Finalist, Best Security Solution, CODiE Awards, secure managed hosting, SIIA, Software and Information Industry Association
Posted in: FireHost News, Security
by FireHost Evangelist on May 4th, 2010
FireHost has been nominated “Favorite Service” for 2010 by The American Business Awards, and we need your help to win!
We understand that your time is precious, so we’ll cut to the chase. If FireHost is your Favorite Service of 2010, please cast a vote. It’s easy. You’re only four quick clicks away.
- Click here to visit the Stevie Awards voting page.
- Type “D532H” into the box right of Vote with Short Code.
- Click submit.
- Register your vote (shhh! we won’t tell if you use a fake email address), and you’re done.
The Stevie Awards were created in 2002 to honor and generate public recognition of the achievements and positive contributions of organizations and business people in America. The competition pits firms of similar size and industry against one other in “weight classes” of sorts, so small and medium-size companies have the same exposure and opportunity to be recognized as a Fortune 100 company.
“We’re proud to be considered as a Favorite Service of 2010. FireHost is committed to providing the highest service levels and innovative hosting solutions to our customers. If you feel we’re living up to that promise, now’s your chance to tell the world,” said Chris Drake, CEO in an open invitation to current clients and business associates. “The past Stevie Award winners and finalist are all amazing companies. We’d be proud to have this association with them.”
The full list of winners and finalists from last year include innovative companies like LifeLock, Citrix Online, WhiteHat Security, and YouSendIt to name a few.
Tags: Favorite Service of 2010, Peoples Choice Stevie Awards for 2010, Stevie Awards 2010
Posted in: FireHost News
by FireHost Evangelist on April 6th, 2010
Imagine waking up tomorrow and having your water cut off. It would be annoying to deal with, but not devastating. Life goes on. But what if you didn’t have electricity? Definitely inconvenient. You can’t turn on a lamp or watch TV, but at least your iPhone works. You could still access the information superhighway, so all is well.
Now envision how you would feel if you woke up one morning and your website wasn’t working at all. It doesn’t load or the homepage has been replaced with an offensive message — or even a warning from Google that this site is no longer secure. That’s right, you’ve been hacked and your website has been kicked off Google.
Think this can’t happen to you? It’s actually not uncommon. It happens to small businesses every day when their website gets attacked one too many times for Google’s liking. Mberry, a small business based in Tempe, Arizona, is one of those businesses. This innovative company that sells the very cool, very fun “mberry” tablets that make everything you eat taste oh so sweet for 30 minutes. Mberry had a rather sour experience when their site was banned from Google.
Mberry’s saga started about a year ago when their site was hacked – not once, not twice, but three times in two months. They rely on their site as a main portal for their revenues. Having their site down multiple times going through the process of getting it cleaned up and back online was costly, annoying and damaging to their brand. But it wasn’t until they got the boot from big daddy Google, that things really got much worse.
Read the rest of this entry »
Tags: Kicked Off Google, mBerry, Secure Web Hosting, Website Hacking, Website Protection
Posted in: Security, Web Hosting
by FireHost Evangelist on March 30th, 2010
When you develop Web sites that collect payment via credit card for goods and services sold online, part of your responsibility is to establish and maintain PCI compliance. If followed properly, the Payment Card Industry Data Security Standard (current version 1.2) does a very effective job of providing a safe shopping experience for customers. However, achieving compliance is easier said than done, especially for startups and developers for small online retailers.
After reviewing the 200-plus sub-policies, procedures, activities, and technical nuances that make up the PCI Data Security Standard, most small and startup E-commerce companies will choose to outsource portions of their website operation to third party service providers. In this scenario, each party is independently responsible for maintaining control over compliance for their respective organization. You shouldn’t fall into the trap of assuming that someone else is handling your compliance needs. Everyone involved in your online store is responsible for a piece of the security compliance pie.
Anyone that touches or has access to credit card data in any capacity is responsible for PCI compliance, regardless of their role. This includes the online retailer, the Web application developer, and the hosting provider.
The most important steps every E-Commerce developer should complete as they establish a PCI compliant business:
- Step 1 – Become educated about the payment card industry mandates. Taking the time to become knowledgeable here can go a very long way.
- Step 2 – Identify which portions of the PCI DSS you directly control and which items will be outsourced to third parties (A QSA – Qualified Security Assessor – can help with this step)
- Step 3 – Select service partners that have expertise in protecting personally identifiable information (PII).
- Step 4 – Thoroughly review each service partner’s ROC (report on compliance) to make sure there are no unfulfilled requirements or pending remediations for critical items
Read the rest of this entry »
Tags: PCI Compliance, PCI Compliant Hosting, Secure eCommerce Development, secure managed hosting
Posted in: Compliance
by FireHost Evangelist on March 19th, 2010
All new E-commerce businesses should address one vital question first and foremost: Will you collect and store payment card information on your Web site or offload credit card processing to a PCI Compliant merchant like Paypal? The answer to this question is paramount and should be well thought out when you are planning and developing your E-commerce Web application.
When feasible, outsourcing the storage and handling of credit cards to a trusted, capable, and PCI compliant payment processing provider is the most secure and most budget-friendly course of action. Even when you outsource payment processing (the riskiest piece of running an E-commerce business), you still must ensure your hosting environment can deliver speed and scalability that meets user expectation and includes security measures that protect your shoppers from a damaging hacker encounter.
Here are the tools and services that you should be looking for:
Web Hosting Security Basics – the minimum requirements you need to transact business securely online
Redundant firewall protection — Firewalls help stop cyber attacks before they can penetrate the network perimeter. Having firewalls tuned and working in tandem helps ensure protection for your E-commerce environment.
Web application protection – In addition to traditional firewalls, you’ll need a Web application firewall (we call them WAFs). This technology helps protect E-commerce organizations from application-level attacks like SQL injections and Cross Site Scripting (XSS) attacks. Application-level attacks is where the hacker is attacking the website itself; your contact forms, login boxes, etc. Traditional firewalls are helpless to these kinds of attacks and WAFs are required.
Read the rest of this entry »
Tags: eCommerce, PCI Compliant Hosting, Secure eCommerce Development, Secure Web Hosting
Posted in: Security
by FireHost Evangelist on March 16th, 2010
FireHost believes every business is entitled to protection from malicious hacker schemes. This mantra resonates in every decision we make and drives the daily activities for each and every agent of our organization.
We constantly strive to make enterprise-grade hosting features available for companies of all sizes, and VMWare’s vShield™ capabilities (introduced last summer) have helped fulfill our mission. vShield™ marks a significant advance in virtualization technology by providing a “shared [multi-tenant] computing resource pool, while still maintaining trust and network segmentation of users and sensitive data.”
We quickly realized adding vShield™ to our secure hosting infrastructure would make it possible to package the power and privacy of dedicated servers with cloud-like scalability, and our technology staff has worked tirelessly since the announcement to devise the right solution.
The result of their hard work is an affordable, compliance-ready Secure Server with all the tools necessary to protect your customers’ personally identifiable information (PII) and payment card information from hackers without hiring your own internal IT security staff.
Our new offering combines the best features of Dedicated and Cloud hosting into one, affordable Secure Server. This service is new to the hosting marketplace and unique to FireHost, so we’ve made it easy to compare how our Secure Servers stack up against popular options. “When security and affordability are key factors in your consideration set, we make it an easy decision,” said Chris Drake, CEO and founder.
Read the rest of this entry »
Tags: cloud hosting comparison, compare dedicated hosting, compliance ready hosting, secure servers, vmware vshield
Posted in: FireHost News, Security
by FireHost Evangelist on March 1st, 2010
FireHost is honored to be chosen by CODiE as one of 2010′s Best Security Solutions. “We had to out perform some very qualified competition to get to this point, and we are proud to be recognized among other great companies that have also been chosen as finalists this year,” beams Chris Drake, CEO.
All nominated products and services underwent an intensive review by subject matter experts, analysts, journalists, and others with deep experience in the field. We took the panel of experts thru a guided demo of our Advanced Secure Hosting solution. Collective feedback was positive and all the judges were receptive to our positioning stating FireHost is “a complete solution for hosting servers built with REAL security in mind.” FireHost offers a “well thought out security plan for hosting servers” and provides “best in class” hosting solutions.
We were selected from 785 nominations submitted by 374 companies in 55 categories, and we’re confidently optimistic about the second round of voting which enables SIIA members to determine this season’s award winners. Voting will begin Tuesday, March 2, 2010 and the winners will be announced in May, so wish us luck.
This is the twenty-fifth year The Software & Information Industry Association (SIIA) have recognized excellence in the software, education and information industries through the CODiE Awards program. Visit the CODiE or SIIA websites to learn more about each organization.
Tags: 2010 CODiE Finalist, Best Security Solution, CODiE Awards, secure managed hosting, SIIA, Software and Information Industry Association
Posted in: FireHost News
