Security

Security is an absolute top priority for MacStadium and one that we take very seriously. We hold and maintain top certifications and deploy world-class physical, network, and process-level security at each of our locations. We strive to continuously improve our security practices; our work is never done.

As a provider of Infrastructure-as-a-Service (IaaS), MacStadium has responsibility only up to the hypervisor layer. Our customers hold responsibility for OS, application and data layer security. We give you root access to every aspect of your environment to deploy and maintain security policies as you see fit.

Our default security policies and dedicated infrastructure keep every customer secure. However, we understand every organization is different, and we can meet the needs of even the most stringent teams. We can provide tools to meet any need from isolation to encryption to direct connects and beyond.

Compliance

ISO 27001/2 Certification

MacStadium is independently ISO/IEC 27001:2013 and ISO/IEC 27002:2013 certified as a company across all of our data centers. This can save you time and money from an audit, certification and compliance perspective, and your developers can rest easier knowing that we hold this globally-recognized security certification.

SOC 1 and SOC 2

MacStadium’s US data centers maintain SOC 1 Type 1 & 2 and SOC 2 Type 1 & 2 compliance. System and Organization Controls (SOC) audits have stricter requirements than ISO with respect to physical and data center-level cyber security. Learn more about the SOC suite here.

GDPR

Passed in 2016, the EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to give EU citizens more control over their personal data. The GDPR applies to any organization operating within the EU, as well as any organizations outside of the EU which offer goods or services to customers or businesses in the EU. With its broad scope, GDPR applies to nearly every corporation in the world.

MacStadium is GDPR ready, and our infrastructure, procedures and certifications enable our customers to be GDPR compliant. Given MacStadium’s IaaS role, we urge you to evaluate the GDPR and review your security, compliance and data protection processes to ensure compliance. If you already have robust compliance, security and data privacy practices in place, your compliance with GDPR should be simple.

Data Center Certifications

All of our data centers are audited and/or certified by various internationally-recognized attestation and certification compliance standards. Below is the list of our data center locations and the associated certifications. To request an NDA, ISO certification letter, SOC summary report or certificate listed below, or if you have any other compliance related questions, please contact us.

Atlanta

  • Tier III compliant
  • SSAE 16
  • SOC 1 Type 2, SOC 2 Type 2, SOC 3
  • PCI, OIX-2, HIPAA

Las Vegas

  • Tier III compliant
  • SOC 1 Type 2, SOC 2 Type 2, SOC 3
  • PCI, HIPAA

Dublin

  • Tier III compliant
  • ISO 27001

Data Center Security

Physical Security

MacStadium’s data centers are housed in secure, restricted access buildings that provide the highest levels of physical security. Our colocation providers (Zayo Group and Equinix) house our infrastructure in secure, restricted areas accessible only by MacStadium-approved employees. Each facility employs:

  • Physical entry restrictions to the property and the facility
  • Private cages
  • Armed guard services
  • Full CCTV coverage monitored 24/7
  • Biometric access control
  • Proximity card access
  • Mantraps on entrances
  • Visitor escort policies
  • Tier III and Tier IV data centers

Employee Access

MacStadium has a defined policy of who has access to our data centers, servers and software. Only select engineering teams have access to the backend hypervisors where virtual servers reside or direct access to NAS/SAN storage systems. We have a centralized process for creating, maintaining and resetting keys and passwords, and we keep records of all changes for auditing purposes. Background checks are conducted on all candidates upon acceptance and contingent of our offer of employment, and all employees are required to sign a NDA to ensure confidentiality.

Monitoring and Access Logging

MacStadium maintains 24/7 security incident and event management (SIEM). We monitor our infrastructure at all times with engineers on call to resolve any security-related events. MacStadium’s security team utilizes monitoring and analytics capabilities to identify potentially malicious activity within our infrastructure. User and system behaviors are monitored for suspicious activity, and investigations are performed following our incident
reporting and response procedures.

All access to customer systems is automatically logged and recorded via a privileged access control system/secure jump box. Our logging includes system actions as well as the logins and commands issued by our system administrators.

Privacy

MacStadium respects your privacy and is committed to protecting the privacy and confidentiality of personal data we collect. Please read our Privacy Notice carefully to understand our policies and practices regarding your information and how we will treat it.

MacStadium is committed to industry best practices approaches concerning security measures to prevent the loss, misuse and alteration of the information in our possession. We use various security measures to protect the information we collect as appropriate to the type of information, including encryption, firewalls, and access controls. If you have any questions about our privacy practices, please contact us at privacy@macstadium.com.

Secure Communications

All communications with MacStadium are transmitted over TLS (HTTPS), and we use SSL (Secure Sockets Layer) encryption to protect visitor data. We provide connectivity to our hardware via SSH and recommend that customers use SSH keys to securely set up their access.

Payment Data Security

Credit card purchases for MacStadium services are processed by Chargify. When our customers provide their credit or debit card information via our website, the data is sent to Chargify, and the payment data is not stored on our systems.

International Privacy

We understand the need for strict privacy regulations required by certain countries. Under European data protection acts like the General Data Protection Regulation (GDPR), MacStadium operates as the data “processor” and our customer is the data “controller.” We have setup a Data Processing Agreement (DPA) which can be signed by both MacStadium and our customer to meet these regulatory requirements. To obtain the DPA, or if you have any other privacy related questions please contact us.

Your Environment

We provide the dedicated infrastructure – the environment is yours. MacStadium is responsible for providing and maintaining all physical equipment as requested and preventing unauthorized physical access to that equipment. We will complete initial setup (imaging hosts, zoning storage, etc.), provide 24/7 technical support and ensure data center uptime.

As the customer, you are responsible for implementing security measures to protect your systems and data, including configuring and securing all infrastructure (e.g., firewall, vCenter) and virtual machines (e.g., applications, network connections, databases). You will need to ensure encryption of all data and network communications and ensure appropriate backups and failover capabilities are in place.

To assist you in maintaining the security of your systems, we include the following technology with every Mac private cloud:

  • Dedicated Cisco firewalls
    MacStadium provides an up-to-date Cisco ASA firewall with each of our private clouds. The firewall is setup by your team with your specifications, and can enable VPNs, white-listed IP ranges and more.
  • Dedicated VMware vCenter
    A VMware vCenter provides visibility and custom alerting for every aspect of your environment. You control network characteristics of all your VMs.
  • Secure SAN storage
    Pure flash arrays encrypt all data at rest, and fibre channel zoning to private LUNs provide data security.
  • Network monitoring
    See all traffic to and from your firewall. The monitoring system will alert you to unusual host or network activity.

We can provide additional security measures upon request, including:

  • Isolated and locked racks
    Physically isolate your hosts in locked cages within our secure data centers. Add IP cameras and IP locks for extra security.
  • Direct Connects
    Keep your traffic off the public internet by using direct connect. Leverage MacStadium’s existing connections with AWS and Equinix, or let us know if there is another connection that you require.
  • NSX network virtualization
    NSX helps you prevent the spread of lateral threats with virtual E/W firewalls, VM micro-segmentation, and more.
  • HyTrust VM encryption
    VMware Enterprise enables encryption of all VMs for added security, and HyTrust is used as an HA key manager.