Best Practice Security Offerings for Hosted Sites What you need to look out for. As a leader in the ecommerce and information technology world, Clarity Ventures stays on the cutting edge of security for all of our clients (and their clients). This is evident by Clarity’s security being completely unaffected by the recent ‘Heartbleed’ vulnerability. With Clarity, we offer multiple extra layers of security upon request so you can be sure your sensitive data is protected. Securing Unused Ports We are able to do a hard lockdown on any ports not being used by host processes. This makes it incredibly difficult for anyone to find an unauthorized access point in the system. PCI DSS Auditing The Payment Card Industry Data Security Standard is a standardized security requirement developed jointly between Visa, American Express, Discover, and the Japanese credit bureau to protect their customer’s financial information. PCI DSS comes with a set of mandatory compliance guidelines that must be verified annually at a minimum. SSL/TLS Secure Sockets Layer and Transport Layer Security are protocols that encrypt the transmission of data between the server and client, preventing data interception or ‘man-in-the-middle’ attacks from being able to access any data. Any data transmitted to or from is secure against unauthorized access. Full Database Encryption The entire database can be encrypted to safeguard against the actual database becoming compromised. This makes it so even if someone has physical access to the database, the information cannot be decrypted without authorized access. ‘Whitelisting' IP Ranges One of the most intensive security measures that can be implemented is known as ‘whitelisting’ of the IP a user accesses the server from. All IP addresses not on the whitelist are unable even to attempt to log in. This is a very time-consuming and inconvenient security measure due to the requirement that all authorized users' IPs must be manually entered into the system, and if they change where they are attempting to log in from (mobile, hotel room, vacation, etc) or their IP address is changed by their ISP, they will be unable to log in until someone manually inputs the new IP address range in the whitelist. Dedicated vs Shared server All of these features, with the exception of securing ports, can be implemented on a shared server. However, the fact of the matter remains that other, possibly unsecured, websites and databases are hosted on the same machine. There are safeguards put in place to ensure data is not accessed between the two, but using dedicated hosting is a simple way to completely remove that possible access point. Secure Password Enforcement The weakest point of any system is the users, to that end, it is possible to mandate certain password strength requirements. These include: password length, composition (requiring each password to have a certain amount of letters/numbers/special characters), prohibition of common passwords, and mandatory password changes at any period of time. Clarity Can Help To find out more about hosting security options and enterprise eCommerce solutions, or to have Clarity audit your current security, contact us for a free quote today! Get a Quote: 800.928.8160 (toll-free)