Signed on July 30, 2002, the legislation’s goal is to create oversight at publicly traded companies and independent auditors so investors are not fooled by phony profits and revenue. Among the several results of Sarbanes-Oxley is the creation of an oversight board for accounting firms that audit publicly traded companies. It also stresses independence of auditors and financial analysts; addresses corporate responsibility at publicly traded companies; and protects whistleblowers.

At no point does the word “software” appear in the text of the Sarbanes-Oxley legislation. But in order to achieve the type of audit trails and records keeping required to be in compliance, most companies will use some type of content or records management software.

Section 404 of Sarbanes-Oxley is widely cited in the literature of software companies. It requires each annual report of a publicly traded company to contain an “internal control report”, which states the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and contains an assessment of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.

Section 409 says that companies must disclose information on material changes in the financial condition or operations of the issuer on a rapid and current basis.

To read a summary of the entire Sarbanes-Oxley legislation, visit: http://www.aicpa.org/info/sarbanes_oxley_summary.htm.

Utropicmedia’s PCI compliant ready dedicated VAS features the following

• Managed & Dedicated server architecture
• Geared towards Type 4 SAQ-C validation
• Firewall software locks down unused ports
• Intrusion detection – automatically restricts & bans IPs performing malicious actions (e.g, port scans, brute force attacks)
• PCI Compliant Data Center – physical access to the hardware is restricted & controlled, unless otherwise requested, the VAS is located in our Detroit Colocation Datacenter.
• Dedicated IP address(es)
• SSL encryption
• Vaultwise disaster recovery tools
• Anti-virus software & updates
• Latest / patched software (apache, php, MySQL, etc.)
• Guaranteed to pass PCI vulnerability scans. – if not, Utropicmedia engineers will resolve the issue.

For more information please read about our VAS platform and contact us to request a quote.  Utropicmedia offers arguably the best managed hosting value in the industry.

PCI Scans build Trust

Trust Guard gives you site seals to display your website’s compliance with the strict “PCI server security” requirements. Other site seals verify your business operations, & privacy policies all of which help to earn your customers’ trust and help with conversion rates.

The true value of PCI really boils down to two things; your customers perception of your website’s security, and your Return on Investment (ROI).  When your customers see that your website has advanced security measures in place to protect them, they have much more confidence and trust in your website, and are more likely to buy from you, which in turn increases your ROI.  In nearly every case, the return is far more than it ever costs for the service.

So whether you have been directed by your credit card processing company to become PCI compliant or you are looking to increase salse by giving your customer’s a secure shopping environment, we recommend Trust Guard PCI vulnerability analysis. The service scans for over 30,000 vulnerabilities. If you are starting a new eCommerce website or run an existing site you can save time by not having to fix your server or setup a PCI compliant server by using one of  Utropicmedia’s PCI-compliant VAS platform: managed & dedicated servers.

Becoming compliant in the twelve areas of the PCI standard, also known as the digital dozen, usually encompasses changes to your company’s technical / infrastructure areas as well as changes to company policy. The following lists the twelve requirements:

Meeting all twelve requirements encompasses a lot of effort.  Luckily, there are different levels of compliance depending on how you process transactions online. Through these different levels, the responsibility of meeting all twelve “PCI compliance requirements for an eCommerce website” can be shared between you and whoever you use for your credit card processor and web hosting company.  The 3 validation types for eCommerce websites are discussed below:

Self Assessment Questionnaire for PCI Compliance

Every merchant is required to complete one of the four Self Assessment Questionnaires (SAQs) to become certified as PCI compliant. The simplest method to become compliant is to determine which SAQ you need to fill out and then figure out how to meet the requirements in that questionnaire. There are five SAQ validation types that determine which of the four questionnaires to complete to show your compliance.

The three SAQ validation types that affect online eCommerce systems are SAQ validation types 1, 4, and 5.  Type 1 is where you don’t store or transmit any card data over the internet, type 4 is where you transmit card data but don’t store it, type 5 is where you transmit & store credit card data.  Most people will be in type 4. As discussed below, if you are in type 5, you’ll probably want to move to type 4 unless you have a big budget.

PCI Compliance Conclusion & Recommendations

Obtaining PCI compliance is something you must do if you want to run an eCommerce website. The easiest method achieve compliance is to abstain from electronically transmitting and storing credit card information and have a third party take care of your customer’s data. We find that method to produce fewer sales conversions as customers have to leave your website to complete their order. Our recommendation is to fall into the type 4 SAQ validation type. It allows you to complete the entire order transaction on your website, just as long as you don’t store any credit card information in your database. If you currently store credit card information, you should change your business processes unless you have the means to fulfill the type 5 SAQ validation type.

Utropicmedia has PCI-compliant dedicated servers ready for your eCommerce needs. Our data center is PCI compliant as we have robust access controls in place to restrict physical access to the equipment as well as firewalls that monitor and block malicious internet traffic. Contact us to find out more about our PCI-compliant ready managed servers.

Using Vaultwise SSB allows block-level I/O capture which gives a complete, bare-metal picture of your server including the operating system, all applications and configuration information.  With real-time performance, SSB is the only backup solution that can run on production systems: this means ultra-high performance, multiple restore-points on live, production systems and less than 5% operating overhead during backup execution.

SAN Managed Backup vs. Tape Backup

Many hosting providers will tell you that their tape backup solution is the way to go. We strongly disagree. With tape backup your data is stored on low-tech tape media, which is made up of moving parts that make it vulnerable to breakage and data loss. The data is often spread over many different tape volumes, which increases data restoration time by an additional 2 to 5 minutes to mount each tape. Further, It can take several days just to retrieve your tapes to begin the process of recovering your data as most providers send tapes off-site to protect the customer.

With SAN Managed Backup, your data is stored on highly reliable disk media, which has no moving parts, uses RAID redundancy technology, and delivers almost immediate access to your data. Unlike tape, which stores data in a linear manner, disk behaves more like a mirror that reflects all your data at once. This makes it far easier and faster to recover partial or entire data. In the aftermath of data loss, all that matters is recovering as fast as you can so that you can get back to business. Waiting on slow data restoration can mean revenue dollars ticking away with each second. Our SAN Managed Backup makes sure you don’t waste time or take a needless hit on your bottom line.

Industry-Leading Technology

Designed from the ground-up using industry best-practices and  high-performance proprietary technologies, Utropicmedia’s backup service powered by VaultWise®is second-to-none.  We chose VaultWise for it’s leadership in the Server disaster recovery field, board feature set, and multiple suites of services ranging from tape backup alternatives to application-aware backups.  No other solution can offer block-level continuous data protection coupled with the ability to restore individual SQL tables or Exchange mailboxes.

Fully Managed Service

We manage your entire managed backup solution including initial setup, configuration, monitoring, and ongoing management. Through the Vaultwise platform you have the choice of backing up and restoring data through a web interface. The data from your server is regularly backed up to equipment through our secure network.

Enterprise Reliability, Exceptional Value

Our VaultWise® Managed Backup is an enterprise-level solution that is reliable, high-performance and flexible.i  You can choose from monthly and yearly budgeting options as well as selecting from simple file backup features to more complex bare-metal recovery and application awareness.  Utropicmedia premium BGP4 bandwidth blends are always included so you never have to worry about reliability with the 100% uptime SLA.  Talk to us today and find out how we can satisfy your backup and disaster recovery needs.

• Change Management – Strict change control processes that manage risk and allow smooth migrations, upgrades and maintenance.
• Physical Security – Cameras, RFID cards, gated parking and motion detectors are just a few of the controls protecting your data.
• Firewalls and DPI – If requested fully-managed firewalls and deep-packet inspection can be implemented on your network uplink, allowing our proactive security engineers to instantly asses and mitigate any threats to your data or business

Security Best Practices

• Isolated service verticals to comply with standards like PCI and HIPAA
• Strong Password policy across the organization
• Log Retention and analysis
• Real-time service monitoring and alerting
  

Facility Security

Secure data starts with the facility.  Controlling access to the server floor and facility is often overlooked for the sake of convenience.  While you won’t find any gimmicks here what you will find is time-tested security policies that meet corporate standards of security.

• Closed-Circuit Cameras
• Badge Access to Parking and Building
• Data Floor Motion Detectors
• Telco-Grade Loaking Cabinets Only Allowed on Data Floor
• Facility Power and Network services segregated in locked cage
• Advanced HVAC environmental monitoring

Network Security

Once you located a solid and secure facility the next step is providing a range of wire-line security measure.  Utropicmedia is able to not only provide static wire protection such as dedicated firewalls, but many of the services can be provided on-demand.

• Global MPLS private network options available
• Redundant fiber uplinks to premium transit carriers
• Private VLANs
• Redundant firewalls and security services available
• Proactive Threat Monitoring and Mitigation: Detect intrusion attempts, scans and probes
• Global LEO Satellite IP transit available