not all servers are created equal
Today's increasing demand for different types of hosting has created servers that are specialized
The headline says it all. Not all servers are created equal. This is true in many ways. Performance, operating system, and design are all things that make servers unique. However, the way that servers are setup and maintained can also have a big impact on their use.
This is true for advanced security measures like those required for PCI DSS compliance. More flexible and advanced firewalls and best security practices are what makes hosted PCI DSS compliance possible. Here is a quick guide from Digital 1.
1. Online pci dss - a tale of two parts
When it comes to keeping your company PCI DSS compliant online, there are 2 major pieces or parts if you will. Those are your website, and the server in which it is hosted. In order for your website to properly pass a PCI DSS scan your server and website need to be configured in a specific manner. On the website side there are different standards depending on if you're using a CMS (like WordPress or Drupal) or some other proprietary management system. On the server side it involves software, ports, and firewall settings.
2. finding a pci dss partner
So you need to be PCI DSS compliant, and you've got a website. What's your next step? Your next step is to find a digital agency that knows what they are doing. This often includes having a good solid understanding of what it takes to be PCI DSS compliant outside of the server side. There are many hosting companies that offer hosted PCI DSS services, however, simply hosting your site on a PCI DSS ready server doesn't mean you'll pass a PCI DSS scan. Remember, the server is half the equation, your website may need some serious work in order to get up to the standards required for PCI DSS. This is something to consider when finding a hosting provider - are they just a hosting provider? Or do they offer full PCI DSS solutions?
3. HOSTED PCI SOLUTIONS MAKE IT EASY (-ER)
If you need to be PCI DSS compliant, then it's a good idea to switch hosting providers to a company (or agency) that delivers a PCI DSS solution right out of the box. This means, the minute you host your site with them, the server side of the equation is taken care of. This will make your life a lot easier. If you're hosting with a smaller hosting provider or a gigantic one (GoDaddy, HostGator) you're probably not going to find the type of service you're looking for. However, there are hosted PCI DSS solutions available and they will make the process easier. Ideally however, you'll want to find a digital agency who understands all that goes into PCI DSS and offers hosted PCI as part of a larger PCI service. This will help consolidate your path to PCI DSS compliance. There are many companies that offer PCI hosting, there aren't as many that will get you all the way to full compliance.
THANKS FOR READING!
So let's review, yes, hosted PCI DSS is a great way to start down your path to PCI DSS compliance. However, you'll be more satisfied with the process if you partner with an agency that is familiar with the entire process. From your website to the server it's hosted from you want a partner with knowledge of the whole process.
Thanks for reading, if you're interested in taking the next step, download our FREE Q & A 'All About PCI Compliance' by clicking below. Also, check out some of these other great articles on the topic from our blog:
- Who has to be PCI Compliant?
- PCI DSS: About ConfigServer Services for Linux Servers
- WordPress PCI Compliance (& HIPAA) Is a Reality!
