Security and Compliance
Security and compliance.
Certified secure.
MacStadium is certified to the highest level of cloud security and data privacy. We meet or exceed the requirements of even the most demanding teams.
SOC 1, 2, and 3.
System and Organization Controls (SOC) is a widely recognized standard for ensuring transparency and confidence in security posture. MacStadium is regularly audited by a third party, and we maintain SOC 1 Type 2, SOC 2 Type 2, and SOC 3 compliance. View our SOC 3 report or request our SOC 2 report.
ISO 27001, 27017, and 27018.
MacStadium is independently certified by Coalfire to meet these international standards. This greatly benefits our customers by providing peace of mind and cost savings during procurement audits. View our ISO certificates.
Privacy Shield.
MacStadium is certified under both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. View our certification.
Privacy and data protection.
MacStadium respects your privacy and is committed to protecting the privacy and confidentiality of personal data we collect.
GDPR.
Require compliance with EU guidelines? MacStadium infrastructure is GDPR (General Data Protection Regulation) compliant and is a natural extension to your existing security and data privacy policies. MacStadium operates as the data “processor” and our customer is the data “controller.” MacStadium operates a data center in Dublin, Ireland for organizations that require data remaining inside the European Union.
Data processing agreement (DPA).
Customers that require a signed DPA to maintain regulatory compliance can contact us. MacStadium has a prepared Data Privacy and Data Security Agreement you can review here.
Payment data security.
Credit card purchases for MacStadium services are processed by Chargebee. When our customers provide their credit or debit card information via our website, the data is sent to Chargebee for processing, and the payment data is not stored on our systems.
Secure communications.
All communications with MacStadium are transmitted over TLS (HTTPS), and we use SSL encryption to protect visitor data. We provide connectivity to our hardware via SSH and recommend that customers use SSH keys to securely set up their access.
Security is a shared responsibility.
MacStadium provides dedicated cloud compute services that you control, along with the physical security and hardware to help you maintain a secure environment. As the customer, you are responsible for implementing security measures to protect your systems and data as you see fit. Refer to our shared responsibility models for more information:
Private cloud IaaS.
Orka Workspace.
Securing your environment.
We include the following technology with every Mac private cloud:
Dedicated hardware.
We provide the hardware – the environment is all yours. You get root access and can configure it as you wish. We encourage our customers to update their credentials to lock MacStadium personnel out of their firewalls and hosts for ultimate security.
Cisco firewalls.
MacStadium provides an up-to-date Cisco ASA firewall with each of our private clouds. The firewall is setup by your team with your specifications, and can enable VPNs, white-listed IP ranges and more.
Secure SAN storage.
Pure flash arrays encrypt all data at rest, and fibre channel zoning to private LUNs provide data security.
Network monitoring.
See all traffic to and from your firewall. The monitoring system will alert you to unusual host or network activity.
Additional protection.
We can provide additional security measures upon request, including:
Virtualization.
Adding a virtualization layer can enhance your cloud security. You control the network characteristics of all your VMs.
Isolated and locked racks.
Physically isolate your hosts in locked cages within our secure data centers. Add IP cameras and IP locks for extra security.
Direct connects.
Keep your traffic off the public internet by using direct connect. Leverage MacStadium’s existing connections, or let us know if there is another connection that you require.
NSX or HyTrust.
NSX helps you prevent the spread of lateral threats with virtual E/W firewalls, VM micro-segmentation, and more. HyTrust can be used as an HA key manager.
Request more information.
If you have questions regarding security or want access to non-publicly disclosed information, contact us to begin a non-disclosure agreement (NDA).
SOC 2 report access.
Our dedicated security team can provide our SOC 2 report to companies under an NDA.
Terms and legal docs.
Looking for our master services agreement, acceptable use policy, or other legal documents?