PCI DSS 4.0 Released with Big Changes
Released March 31, 2022, PCI DSS v4.0 contains significant changes including increased focus on risk analysis, which may open organizations up to legal risks.
The US Signal Approach to IT Security
Every IT services provider has its own approach to IT security and labels it in a way that will hopefully resonate with prospective customers. There’s the holistic approach, the proactive approach, the risk-based approach, the adaptive approach, and so on. But what do those words really mean when it comes to how the service provider will provide cybersecurity, information security, and protect your IT systems and data against ransomware, DDoS attacks, and other malicious acts?
Shared Security Responsibility
While we can’t speak for other companies, we can tell you how IT security works at US Signal. It starts with a basic division of responsibility between US Signal and you, the customer.
US Signal protects the underlying infrastructure that powers our colocation offerings, data protection suite, network services, and cloud solutions. That includes the physical layer of the cloud — the compute, storage, and network subsystems, and the software (virtualization layer). It also includes operating and securing the data centers and network infrastructure.
As the customer, you are responsible for the security of your data, applications, and the operating system, as well as any equipment you own in the case of colocation services. This includes:
- Limiting access to the root account
- Encrypting data at rest and in transit
- Managing and controlling your encryption keys
- Abiding by US Signal security protocols at the data center(s)
- Managing the data center access list for employees and vendors
Many customers choose to layer on managed security services, such as vulnerability scanning and patch management, to meet specific requirements they have. In those cases, unless otherwise specified, US Signal handles security configuration tasks such as patching and firewall configuration. However, you would be responsible for handling secure account credentials, as well as your firewall rules.
The Fort Knox Approach
So, just how does US Signal protect the underlying infrastructure that powers its services?
- At the physical level, US Signal data centers are designed for maximum security with 24/7 video surveillance, RFID readers on every door, and iron-clad security policies. All cabinets and cages include combination locks. Biometric scanning is available at select facilities. Facilities are also audited annually to meet the stringent security requirements of PCI DSS, HIPAA/HITECH, and other regulatory standards. Security measures are regularly reviewed and tested to ensure they are performing optimally.
- At the employee/administrative level, all employees undergo frequent security training. US Signal’s Operations and Engineering personnel have specified access levels and named user accounts in all systems. No US Signal personnel have access to customer data. US Signal also has a comprehensive information security program, led by an information security and compliance officer, and with an executive steering committee. It’s complemented by a full governance, risk, and compliance program.
- At the systems level, US Signal uses multiple leading-edge technologies to ensure that nothing gets in or out that shouldn’t. Among them: intrusion protection systems, host-based intrusion detection, centralized log monitoring, security information management (SIM), centralized anti-virus, vulnerability testing, internal penetration testing, and mandatory password reset intervals. There’s even an option for two-factor authentication. Monitoring 24/7 by the company’s Technical Operations Center makes sure that any abnormalities are detected and remedied long before they can cause problems.
US Signal leaves nothing to chance. To help ensure its security protocols are working, annual penetration/security assessments are conducted by a third party. External independent audits are also conducted for SOC 1, SOC 2, PCI, HIPAA, and financial statements. In addition, internal staff are certified as auditors and support a robust internal audit program.
The Private Network Factor
US Signal’s private fiber network adds even more protection for its portfolio of services. For example, with its private network, US Signal can offer a higher level of security to customers than VPNs over the public internet. It also helps simplify data transmission.
Private connectivity is maintained between data centers, and customers have the option of private connectivity to ground. Data stays private throughout transmission. While US Signal doesn’t encrypt data, we can support it. That means customers can employ encryption to best suit their specific needs.
It’s not just the privacy side of US Signal’s network that lends itself to security. The network infrastructure is highly resilient with a redundant core, and everything is built on mesh architecture. Routers are built-in aggregate in a fault-tolerant configuration. US Signal also partners with a fiber restoration service and proactively monitors the health of its network, ensuring that it can offer a 30-minute response time or less.
Security and Compliance Matters
US Signal’s built-in security does more than protect customer IT assets and data. It can also help customers meet compliance standards and adhere to company security policies. Among the things US Signal can do:
- Support regulatory audits
- Meet with auditors
- Map current controls from existing compliance activities to specific customer requirements
- Respond to auditors’ requests for information or relevant documentation
- Offer guidance from the sales process through on-boarding and into the audit cycles
- Recommend strategies for meeting security and compliance requirements for international data privacy and/or addressing related issues
- Provide documentation of reports
- Provide data destruction services, accompanied by a certificate of destruction
Your Security. Your Way.
In essence, what US Signal offers is highly secure IT environments and services that can be further customized to meet your specific needs – including those related to budget and compliance. Additional security services and security advisory services are available for even greater cybersecurity, information security, and peace of mind.
To learn more, talk to a US Signal solution architect. Call 866.2. SIGNAL or email [email protected].
Related Blog Posts
Partnering for IT Security and Compliance
When an organization works with US Signal, both entities work together to determine who will be responsible for the security of each aspect of the IT infrastructure solution. This includes defining and fully describing what is entailed for each responsibility; discussing the arrangements to ensure complete understanding; [...]
IT for Remote Work
Preparation is everything. Just ask the IT team at Christian Brothers Services (CBS), a nonprofit organization that provides benefits programs to congregations, organizations, and dioceses throughout the United States and Canada. When the COVID-19 pandemic hit and the organization needed to switch to work-from-home [...]