Security

MacStadium adheres to the strictest standards when our customers' respective data is involved. Below, you will find a record and explanation of each of the security advantages MacStadium maintains.

ISO 27001/2 Certification

MacStadium is independently ISO/IEC 27001:2013 and ISO/IEC 27002:2013 certified as a company across all of our data centers.

• This can save you time and money from an audit, certification and compliance perspective, and your developers can rest easier knowing that we hold this globally-recognized security certification.

SOC 1, SOC 2, and SOC 3

MacStadium’s US data centers maintain SOC 1 Type 1 & 2 and SOC 2 Type 1 & 2 compliance.

• System and Organization Controls (SOC) audits have stricter requirements than ISO with respect to physical and data center-level cyber security. Learn more about the SOC suite here.

To achieve SOC 3 compliance, MacStadium underwent an independent, third-party audit to certify that our infrastructure, software, people, procedures and data meet the strict criteria required for eligibility.

Unlike SOC 1 and 2, SOC 3 reports are freely distributed to the public for general use. You can view MacStadium’s SOC 3 report here.

GDPR

Passed in 2016, the EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to give EU citizens more control over their personal data.

• The GDPR applies to any organization operating within the EU, as well as any organizations outside of the EU which offer goods or services to customers or businesses in the EU. With its broad scope, GDPR applies to nearly every corporation in the world.

MacStadium is GDPR ready, and our infrastructure, procedures and certifications enable our customers to be GDPR compliant. Given MacStadium’s IaaS role, we urge you to evaluate the GDPR and review your security, compliance and data protection processes to ensure compliance. If you already have robust compliance, security and data privacy practices in place, your compliance with GDPR should be simple.

Data Center Certifications

All of our data centers are audited and/or certified by various internationally-recognized attestation and certification compliance standards. Below is the list of our data center locations and the associated certifications. To request an NDA, ISO certification letter, SOC summary report or certificate listed below, or if you have any other compliance related questions, please contact us.

Every MacStadium private cloud deploys with a dedicated Cisco firewall that offers unmatched protection and enhanced security for your cloud environment. MacStadium dedicated firewalls give your security teams root access to the firewall, the ability to configure settings to their specifications, and even the ability to lock MacStadium out, so you maintain total control.

With Cisco firewalls, MacStadium customers can:

• Filter any internet and internal traffic in real-time
• Perform packet inspection, port blocking, and breach protection
• Establish secure remote network or multi-site encrypted Virtual PrivateNetwork (VPN) tunnels to connect MacStadium infrastructure into a local environment or public cloud (e.g. AWS, Azure, or Google Cloud)
• Leverage AnyConnect software client VPN for secure remote user access
• Enable optional high-availability redundant failover configurations
• Pass traffic from certain IP ranges (e.g., a Jenkins master) and block all other traffic
• Depending on your needs, MacStadium offers both virtual and physical Cisco firewalls.

Cisco Adaptive Security Virtual Appliance (ASAv)

MacStadium offers virtual firewall solutions based on the best-selling Cisco Adaptive Security Appliance (ASA) protocol. The Cisco Adaptive Security Virtual Appliance (ASAv) runs the same software as physical Cisco ASAs, delivering full ASA firewall and VPN capabilities to cloud environments that help safeguard traffic and multitenant architectures. Optimized for data center deployments, the ASAv is designed to work as a virtual machine. The advantage for MacStadium customers of using a virtual firewall comes from faster deployments and easier upgrades. We recommend ASAv firewalls for all use cases that have sustained throughput demands of less than 500 Mbps (125 Mbps Encrypted) as it delivers exceptional security and performance at a great price.

With a Cisco ASAv protecting their MacStadium private cloud, customers can:

• Implement uniform security across multiple physical and virtual domains
• Accelerate provisioning with predetermined configurations
• Simplify management by using representational state transfer (REST) APIs to manage the device, easily introduce Cisco ASAv into software-defined networking (SDN) environments, and incorporate ASAv into custom policy-orchestration systems

The virtual appliance supports the same site-to-site VPN, remote-access VPN, and clientless VPN functionalities that physical ASA devices do. Most of the features that are supported on a physical ASA by Cisco software are also supported on the virtual appliance, with the notable exceptions of Cisco not supporting clustering and multiple contexts support (i.e. having multiple separate (virtual) firewalls on the same hardware) on ASAv implementations.

Cisco Adaptive Security Appliance (ASA)

MacStadium also offers physical ASA hardware devices for customers who require those capabilities or need more throughput than a virtual firewall can handle. The standard appliance MacStadium offers is a Cisco ASA 5500 series firewall, and is for any customer who needs a dedicated, physical security appliance to protect their host environment.

When customers need even more power for inspection and protection, MacStadium also offers Cisco Firepower 2100 NGFW series appliances. The main difference between the two appliances is in an increase of 10 gigs per second in speed, connections and packets per second for the 2100 series.

Both the Cisco 5500 and 2100 series deliver:

Market-proven security capabilities that integrate multiple full-featured, high-performance security services, including application-aware firewall, SSL and IPsec VPN, IPS, antivirus, antispam, anti-phishing, and web filtering services.
Comprehensive management interfaces including the graphical Cisco Adaptive Security Device Manager (ASDM), a comprehensive command line interface (CLI), verbose syslog, and Simple Network Management Protocol (SNMP) support that round out a rich complement of management options.
For more information, please contact MacStadium Support or Sales.

📘

Note:

Hardware firewalls are not typically available during free trials or POC periods.