Security

Certified security, trusted globally

MacStadium is certified to the highest level of cloud security and data privacy. Our data centers meet or exceed the requirements of even the most demanding teams.

Security illustration

SOC 1, 2 and 3 compliance

System and Organization Controls (SOC) is a widely recognized standard for ensuring transparency and confidence in security posture. MacStadium is regularly audited by a third-party – our SOC 3 report is available here.

MacStadium maintains SOC 1 Type 1 & 2, SOC 2 Type 1 & 2, and SOC 3 compliance.

Coalfire Controls logo

Certifications

ISO 27001, 27017, and 27018

MacStadium is independently certified by Coalfire to meet these international standards. This greatly benefits our customers by providing peace-of-mind and cost savings during procurement audits.

View MacStadium’s 27001, 27017, and 27018 Certificate

Coalfire ISO logo

Privacy Shield Certification

MacStadium is certified under both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. Our certification can be viewed here.

Privacy Shield Framework Logo

Privacy and Data Protection

MacStadium respects your privacy and is committed to protecting the privacy and confidentiality of personal data we collect. Please read our privacy notice carefully to understand our policies and practices regarding your information and how we will treat it.

GDPR

For companies that require compliance with EU guidelines, MacStadium infrastructure is GDPR (General Data Protection Regulation) compliant and is a natural extension to your existing security and data privacy policies. MacStadium operates as the data “processor” and our customer is the data “controller.”

MacStadium operates a data center in Dublin, Ireland for organizations that require data remaining inside the European Union.

Data Processing Agreement (DPA)

Customers that require a signed DPA to maintain regulatory compliance can contact us. MacStadium has a prepared Data Privacy and Data Security Agreement you can review here.

Payment Data Security

Credit card purchases for MacStadium services are processed by Chargebee. When our customers provide their credit or debit card information via our website, the data is sent to Chargebee for processing, and the payment data is not stored on our systems.

Secure Communications

All communications with MacStadium are transmitted over TLS (HTTPS), and we use SSL encryption to protect visitor data. We provide connectivity to our hardware via SSH and recommend that customers use SSH keys to securely set up their access.

Your Environment and Physical Security

Shared Responsibility Model

MacStadium provides dedicated cloud compute services that you control, along with the physical security and hardware to help you maintain a secure environment. As the customer, you are responsible for implementing security measures to protect your systems and data as you see fit. Refer to our shared responsibility models for more information:

Private Cloud Shared Responsibility Model

Securing Your Environment

Standard offering:

We include the following technology with every Mac private cloud:

Dedicated Apple hardware

All MacStadium cloud-hosted Apple machines are 100% dedicated to one customer. We provide the infrastructure – the environment is yours. You get root access to your hardware and can configure it as you wish. We enable and encourage our customers to update their credentials to lock MacStadium personnel out of their firewalls and hosts for ultimate security.

Cisco firewalls

MacStadium provides an up-to-date Cisco ASA firewall with each of our private clouds. The firewall is setup by your team with your specifications, and can enable VPNs, white-listed IP ranges and more.

Secure SAN storage

Pure flash arrays encrypt all data at rest, and fibre channel zoning to private LUNs provide data security.

Network monitoring

See all traffic to and from your firewall. The monitoring system will alert you to unusual host or network activity.

Available enhancements:

We can provide additional security measures upon request, including:

Virtualization

Adding a virtualization layer can enhance your cloud security. For example, a VMware vCenter can provide visibility and custom alerting for every aspect of your environment. You control network characteristics of all your VMs.

Isolated and locked racks

Physically isolate your hosts in locked cages within our secure data centers. Add IP cameras and IP locks for extra security.

Direct Connects

Keep your traffic off the public internet by using direct connect. Leverage MacStadium’s existing connections with AWS and Equinix, or let us know if there is another connection that you require.

NSX network virtualization

NSX helps you prevent the spread of lateral threats with virtual E/W firewalls, VM micro-segmentation, and more.

HyTrust VM encryption

VMware Enterprise enables encryption of all VMs for added security, and HyTrust is used as an HA key manager.

Physical Security

MacStadium’s data centers are housed in secure, restricted access buildings that provide the highest levels of physical security with biometric access control, video monitoring, armed guard services, and more. MacStadium has a defined employee and visitor access policy that defines who has access to our data centers, servers, and software.

Monitoring and Access Logging

MacStadium maintains 24/7 security incident and event management (SIEM). We monitor our infrastructure at all times with engineers on call to resolve any security-related events. MacStadium’s security team utilizes monitoring and analytics capabilities to identify potentially malicious activity within our infrastructure. User and system behaviors are monitored for suspicious activity, and investigations are performed following our incident
reporting and response procedures.

All access to customer systems is automatically logged and recorded via a privileged access control system/secure jump box. Our logging includes system actions as well as the logins and commands issued by our system administrators.

Request More Information

MacStadium’s dedicated security team can provide our SOC 2 report and other non-publicly disclosed information to companies under a non-disclosure agreement (NDA). Additionally, customers interested in our private cloud offering gain access to security and legal audits. If you have questions regarding security or want to request an NDA, contact us.