Internap Achieves Compliance with New Payment Card Industry Data Security Standard
Managed hosting and colocation services meet PCI DSS v3.1 requirements, ensuring retailers handling sensitive payment data for ecommerce sites and brick-and-mortar locations are using highly secure infrastructure environments
ATLANTA – January 13, 2015 – Internap Corporation (NASDAQ: INAP), a provider of high-performance Internet infrastructure services, today announced that the company’s managed hosting and colocation services meet the compliance requirements for PCI DSS v.3.1, the latest security standard from the PCI Council. As one of the first infrastructure providers to meet PCI’s updated standard, Internap is offering ecommerce and physical retail customers the most secure infrastructure environment possible for storing, processing or transmitting cardholder data.
According to Adobe’s Digital Index, consumers spent $11 billion on online shopping between Thanksgiving Day and Cyber Monday in 2015, a 15 percent year-over-year increase. Amidst this rise in payment transactions, protecting cardholder data is of the utmost importance for maintaining positive customer relationships and minimizing data breach costs. Internap has a demonstrated history of providing infrastructure solutions that are PCI DSS compliant and taking steps to quickly ensure that its infrastructure remains compliant when the PCI Council adjusts security requirements to address changes in the cyber threat landscape.
“As retailers and businesses see exponential growth from ecommerce, the cyber attacks against the underlying payment systems are also increasing in their sophistication. Infrastructure providers serving this industry have a customer obligation to ensure service offerings are brought into compliance with the latest PCI security standard as quickly as possible,” said Satish Hemachandran, senior vice present and general manager, cloud and hosting, at Internap. “Global retailers depend on Internap’s infrastructure to keep their sensitive customer data secure as they scale their businesses, and we prioritized achieving PCI DSS 3.1 compliance in a very short timeframe to meet our customers’ needs.”
“Since ensuring the safety of our customer data is always a priority, security was a top consideration in choosing an infrastructure provider,” said James Gurney, vice president of technical operations ownerIQ. “Internap’s continued commitment to advanced data security and compliance standards makes them an excellent provider for ownerIQ.”
Independent IT compliance firm Coalfire conducted the PCI DSS 3.1 audit of Internap’s managed hosting and colocation solutions. Criteria for infrastructure providers to meet PCI DSS compliance includes:
- A SOC 2 compliant physical data center with security controls to protect the physical assets (firewalls, routers, switches and servers) of the hosting customer’s environment.
- Management of administrative user accounts that include service accounts, root, administrator and other system-level administrative (privileged-user) accounts.
- Installation, configuration, administration and maintenance of firewalls and network router equipment, and the deployment of customer-specific rules for Internap to implement.
- Anti-virus administration at the operating system level, to ensure that the services operating within the customer’s managed server environment are free from viruses.
- Backup and recovery of operating system environments, customer data repositories, as well as system and security device configurations.
“Ecommerce companies are all too aware of the frequency of cyber attacks against their industry and require storage and data management systems with sophisticated data management mechanisms to protect customer information,” said Tim Russell, vice president, product management at NetApp. “A long-time NetApp partner, Internap leverages clustered Data ONTAP to provide robust data protection for their managed hosting customers’ data. We are excited to support Internap’s solutions for the ecommerce industry and are very pleased that the company moved quickly to meet the newest PCI data security standard.”
To learn more about Internap’s compliance and accreditations, visit https://www.inap.com/about/compliance-accreditations/. To learn more about the PCI Data Security Standard, visit https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-1.pdf.
Internap is the high-performance Internet infrastructure provider that powers the applications shaping the way we live, work and play. Our hybrid infrastructure delivers performance without compromise – blending virtual and bare-metal cloud, hosting and colocation services across a global network of data centers, optimized from the application to the end user and backed by rock-solid customer support and a 100% uptime guarantee. Since 1996, the most innovative companies have relied on Internap to make their applications faster and more scalable. For more information, visit us at https://www.inap.com or https://www.inap.com/blog/, and follow us on Twitter: @Internap.
This press release contains forward-looking statements. These forward-looking statements include statements related to the characteristics and performance of our services and the benefits that our customers may receive from them. Because such statements are not guarantees of future performance and involve risks and uncertainties, there are important factors that could cause our actual results to differ materially from those in the forward-looking statements. These factors include the actual performance of our services; the reaction and behavior of customers and the market to our services; our ability to react to trends and challenges in our business and the markets in which we operate; the availability of services from Internet network service providers or network service providers providing network access loops and local loops on favorable terms, or at all; failure of third party suppliers to deliver their products and services on favorable terms, or at all; failures in or intrusions into our network operations centers, data centers, network access points or computer systems; our ability to provide or improve Internet infrastructure services to our customers; and our ability to protect our intellectual property, as well as other factors discussed in our filings with the Securities and Exchange Commission. Given these risks and uncertainties, investors should not place undue reliance on forward-looking statements as a prediction of actual results. We undertake no obligation to update, amend or clarify any forward-looking statement for any reason.
Press ContactAlex Parks
Davies Murphy Group
Investor ContactMichael Nelson