Above and Beyond PCI Compliance
In late June 2011, Citigroup reported that $2.7 million was stolen from several hundreds of thousand accounts. Do you think Citigroup was PCI compliant? Yes, Citigroup is PCI Compliant. PCI Compliance does not mean hacker proof. It just means a higher level of security that is intended to hopefully make it harder on hackers to steal, manipulate, deface, or otherwise cause damage to accounts.
What can be done to go above and beyond PCI compliance? What can be done to proactively know if a shared hosting customer has malware or hacks on their site?
Many hosting providers put the burden of security on their hosting customers. Is that the right thing to do? Especially if there are ways to go above and beyond PCI Compliance where the shared hosting provider can actively help their customers have more secure web sites?
Dynamic Net, Inc. takes Internet security very seriously. We believe in being as proactive as possible in providing managed hosting, managed shared hosting, managed VPS hosting, managed dedicated servers, and managed services. What do we do to actively go above and beyond PCI Compliance?
- Every day, we run a report against Google Safe Browsing checking every single domain name that we host to see if Google Safe Browsing is reporting a site we host as being unsafe.
- We continuously monitor each customer’s user area with Linux Malware Detect.
- Every month we check each hosting account for out of date applications; and then notify each customer running out of date applications to work with them on getting their applications upgraded.
If a client’s site is reported as being unsafe via Google Safe Browsing or Norton Safe Web, we then manually verify the results. If the results from Google Safe Browsing and Norton Safe Web are correct, then we notify the client, and work with the client to clean up their site. We also look at how the site became unsafe. Was there an out of date application? A vulnerable application? Could our own security measures be tightened in a way that helps without interfering with other hosting customers, and their clients?
Do you need proactive security for your web sites that go above and beyond PCI Compliance? Contact us for more information.