Web hosting provider Nexcess, a company focused in particular on delivering services around the e-commerce platform Magento, announced this week that it will officially be offering PCI-DSS certified services for its Nexcess Magento Secure Isolated Platform web hosting services.
Nexcess says its hosting services have sustained PCI compliance for some time. The distinction here, of course is that while “PCI compliance” is a promise based on a set of widely understood criteria (the PCI data security standard), certification requires the actual application of third-party audit to ensure the reliability of that promise.
“Anyone can say they are PCI compliant, but very few folks take the next step to have this independently audited,” says Nexcess President and CEO, Chris Wells, quoted in the company’s press release. “We feel that this certification falls right in line with Nexcess’ foundation of providing our clients with unparalleled service and support. Now, more than ever, people want to know that their sensitive information is safe when they’re doing business online. We want to provide our valued clients with that added level of confidence and security.”
Nexcess says its PCI DSS compliance audit was performed by BrightLine, the same third-party auditor that performed Nexcess SSAE 16 audit earlier this year. On its website, Nexcess outlines the 12 criteria for PCI compliance in some detail.
The PCI DSS is a fairly complex set of data security standards and best practices, first established by a collaboration between credit card companies, and now overseen by an independent governing organization. For hosting providers, PCI compliance (and certification) has reached a point where in some cases (as in the more traditional dedicated server type environments) it’s an expected feature, while in others (such as more multi-tenant cloud environments) it can be a real differentiating feature. For customers processing transactions via their websites, it is a necessity.
The Magento ecommerce platform has also become a real distinguishing feature for web hosting providers. Last week, we ran a feature by Nicole Henderson on the growing user community – now nearing a million developers – around the Magento software.
Tying services to a certain popular piece of software or tool – which generally involves demonstrating some expertise in that tool, and getting involved in the user community – can be a great way for a hosting provider to access a ready-made market for its services. Hosting providers, including Nexcess, are seeing success in approaching Magento this way.
Nexcess’s Magento SIP solution provides an isolated, independently managed hosting environment, pre-installed with a Magento store, using the most up to date version of the software, and systems optimized to enhance the performance, reliability and scalability of the software, according to the company.
Also in January, Nexcess launched an enterprise managed server cluster product.
Talk back: is PCI certification a necessity for your hosting services? Have you taken steps to secure certification? Have you had any notable successes or problems achieving certification? Have you offered any products tied to Magento? Let us know in the comments section.