Hosting security is not just about making sure your website, server, data center and infrastructure are safe. It also involves ensuring your web host’s security measures comply with your organization’s standards, industry standards and government regulations. For many businesses, security and privacy compliance are critical for success and are sometimes even obligatory for them to continue operating in their countries.
A good starting point is to select a web host that meets hosting standards and complies industry, local and international regulations. The following are a few examples of regulations to which some hosting companies may adhere.
PCI Security Standards Council – This international organization regulates standards such as Data Security Standard (PCI DSS), Payment Application Data Security Standards (PA-DSS) and PIN Transaction Security (PTS). These standards are important if you plan to accept online credit card payments.
SAAE 16 – These international standards for service organizations involve formal auditing of control methods for financial reporting. Web hosting providers that offer hosting and/or cloud services should pass these audits, especially if they provide services to publicly traded companies.
ISO 27001 – This international information security management standard outlines how organizations respond to risks, how controls are implemented and what security plans are in place.
Lack of compliance with these types of regulations does not mean that a hosting company is bad. It might just mean that it is a young company and has not yet served customers that require these standards. If it is something your organization needs, you should verify that your hosting company meets those standards before you start investing time and money into its services.