Our clients trust us with their data and we take that responsibility seriously. Our business processes, infrastructure, and facilities are designed and built to maximize the privacy and security of client data.
SSAE 16 Certified Facilities
Nexcess facilities are externally audited for compliance with SSAE 16, which confirms that they meet the strictest standards of security. The standard covers all aspects of data center management, including "processes, policies, procedures, personnel, and operational activities".
Complete Audit Trail
We keep comprehensive records of who has access to the data we handle and when they access it. All work on our servers and networks is carefully logged, and access is only granted to our stringently vetted and security-trained system administrators.
Round-The-Clock Security Monitoring
Each of our six global facilities has stringent physical access controls, with active security patrols, constant camera surveillance, and biometric identity verification for access to the data center floor. As a PCI-DSS-compliant hosting company, we maintain the highest standards of control over physical access to our equipment.
All of our shared and dedicated server hosting plans include the Advanced Policy Firewall (APF) stateful iptables based software firewall to protect our networks from outside intrusion. Enterprise hosting plans include hardware firewalls.
We also utilize mod_security, a software based web application firewall on every server for an additional layer of protection for hosted applications.
Hardware Asset Management
We carry out comprehensive security configuration of all routers, switches, and servers on our networks.
Regular Security Testing
We regularly subject our networks to external and internal penetration testing in order to verify network and server integrity.
Secure Isolated Platform servers
Nexcess SIP servers are security hardened and comply fully with PCI-DSS information security standards.
Ksplice Uptrack allows us to apply kernel patches to running systems, so we can immediately patch our server operating systems without service interruptions.
Nexcess managed servers servers are constantly monitored for threat indications or breaches, so that we can immediately react to any potential vulnerability to client data security.
Bespoke Server Security Configuration
All of our servers are individually configured to offer the most secure environment for the application they serve. Whether it's Magento, WordPress, ExpressionEngine, or vBulletin, we only run services essential to those applications to reduce the potential vulnerability surface area.
OS Security Management
We proactively patch and upgrade all of our managed servers. In the event of a vulnerability being known, we will immediately apply patches or implement solutions to protect our clients when possible.
Data security is about more than just secure systems and servers. Without comprehensive regular backups, data and client business continuity is threatened. Nexcess offers R1Soft daily backups on all managed hosting accounts.
SSL is essential to keeping user and client information secure as it traverses the Internet. Many of our shared and dedicated eCommerce hosting plans include free standard SSL for one year. SSL support is optionally available on all of our hosting plans.