Contact
Site: US UK AU |

Security At Nexcess

Our clients trust us with their data and we take that responsibility seriously. Our business processes, infrastructure, and facilities are designed and built to maximize the privacy and security of client data.

Physical Security

SSAE 16 Certified Facilities

Nexcess facilities are externally audited for compliance with SSAE 16, which confirms that they meet the strictest standards of security. The standard covers all aspects of data center management, including "processes, policies, procedures, personnel, and operational activities".

Complete Audit Trail

We keep comprehensive records of who has access to the data we handle and when they access it. All work on our servers and networks is carefully logged, and access is only granted to our stringently vetted and security-trained system administrators.

Round-The-Clock Security Monitoring

Each of our six global facilities has stringent physical access controls, with active security patrols, constant camera surveillance, and biometric identity verification for access to the data center floor. As a PCI-DSS-compliant hosting company, we maintain the highest standards of control over physical access to our equipment.

Network Security

Firewalls

All of our shared and dedicated server hosting plans include the Advanced Policy Firewall (APF) stateful iptables based software firewall to protect our networks from outside intrusion. Enterprise hosting plans include hardware firewalls.

We also utilize mod_security, a software based web application firewall on every server for an additional layer of protection for hosted applications.

Hardware Asset Management

We carry out comprehensive security configuration of all routers, switches, and servers on our networks.

Regular Security Testing

We regularly subject our networks to external and internal penetration testing in order to verify network and server integrity.

Server Security

Secure Isolated Platform servers

Nexcess SIP servers are security hardened and comply fully with PCI-DSS information security standards.

Ksplice Uptrack

Ksplice Uptrack allows us to apply kernel patches to running systems, so we can immediately patch our server operating systems without service interruptions.

Real-time monitoring

Nexcess managed servers servers are constantly monitored for threat indications or breaches, so that we can immediately react to any potential vulnerability to client data security.

Bespoke Server Security Configuration

All of our servers are individually configured to offer the most secure environment for the application they serve. Whether it's Magento, WordPress, ExpressionEngine, or vBulletin, we only run services essential to those applications to reduce the potential vulnerability surface area.

OS Security Management

We proactively patch and upgrade all of our managed servers. In the event of a vulnerability being known, we will immediately apply patches or implement solutions to protect our clients when possible.

Application Security

Backup

Data security is about more than just secure systems and servers. Without comprehensive regular backups, data and client business continuity is threatened. Nexcess offers R1Soft daily backups on all managed hosting accounts.

SSL Certificates

SSL is essential to keeping user and client information secure as it traverses the Internet. Many of our shared and dedicated eCommerce hosting plans include free standard SSL for one year. SSL support is optionally available on all of our hosting plans.