';
Highest Data Security
Learn how to ensure the safety of your critical data

Inside our Data Centers
Take a look at our state-of-the-art Data Centers
News and Updates

Security Certifications

PCIDSS 3.2 Certified

Credit and debit card payment options are vital and convenient for businesses to provide, especially banks and e-commerce vendors. When Customers pass on their information to your business, it’s critical that there are robust levels of protection to ensure it is safe from all threats.

Recently, attackers have shifted their focus on using SSL and application layer attacks that burden resources. This is in response to previous DDoS attacks only focusing on 3-4 layers which were easily blocked by network firewalls providing a basic line of defence.

RapidCompute understands the immense responsibility of hosting mission critical data on its cloud. In addition to being ISO 27001:2013 certified and TIA 942 Compliant, RapidCompute has recently acquired the PCIDSS 3.2 certification.

This allows customers who want to develop a cardholder environment or card processing service to leverage RapidCompute’s validation and ensure they can store and manage data in a in a secure and compliant manner.

What Does This Mean For You

Create Your Own CDE
For the first time in Pakistan

You now have the ability to create your own cardholder data environment (CDE) that can store, transmit or process cardholder data on the cloud. Hosting this critical data on the RapidCompute cloud can actually help meet the demand for a higher level of security.

Get Control Of Your Data Centers
Great amount of visibility and transparency

A major benefit of moving to the cloud is that you have greater control over in which of our 3 multi regional data centers your data resides. You also have a great amount of visibility and transparency into which controls are applied to which resources, and how those controls are operating.

Centralized Log Collection
Challenge to keep up with high volume log data

Another advantage is the requirement for centralized log collection and monitoring which ensures that as your company grows and expands, there is little challenge to keep up with high volume log data.

What It Involves
  • Maintenance

    Maintenance of a secure network by using robust firewalls

  • Protection

    Protection of vital data while it is transmitted via effective digital encryption

  • Updates

    Regular and frequent updates for anti-virus software, anti-spyware programs, and other anti-malware solutions.

  • Security Policy

    Formal information security policy defined, maintained, and followed at all times and by all participating entities.

  • Controlled Access

    Controlled access to system information and operations. Unique and confidential identification name or number assigned to all users.

  • Constant Monitoring

    Constant monitoring of networks to ensure all security measures and processes are in place.

MAJOR BENEFITS
      • Our 100% Compliance Guarantee reduces your regulatory risk.
      • Multiple layers of security reduce your risk of non-compliance
      • High availability and scalability helps you maximize your IT budget particularly during peak seasons
      • Transparent pricing
      • Reduce the associated effort and costs of getting your own PCI DSS certification
      • Expedite the time to deploy on your solutions.

ISO27001:2013 Certified

RapidCompute is the only ISO 27001:2013 certified Cloud Service Provider in Pakistan. This certification helps us to establish, implement, maintain and continually improve our information security management system.

This adoption of an ISMS is a strategic decision for RapidCompute. We understand the immense responsibility of hosting mission critical data on our cloud and this certification preserves the confidentiality, integrity and availability of information by applying a risk management process to them.

The certification involves 114 controls in 14 groups and 35 control objectives.

      • Information security policies (2 controls)
      • Organization of information security (7 controls)
      • Human resource security – 6 controls that are applied before, during, or after employment
      • Asset management (10 controls)
      • Access control (14 controls)
      • Cryptography (2 controls)
      • Physical and environmental security (15 controls)
      • Operations security (14 controls)
      • Communications security (7 controls)
      • System acquisition, development and maintenance (13 controls)
      • Supplier relationships (5 controls)
      • Information security incident management (7 controls)
      • Information security aspects of business continuity management (4 controls)
      • Compliance; with internal requirements, such as policies, and with external requirements, such as laws (8 controls)

TIA 942 Compliant

All of RapidCompute’s data centers are TIA 942 compliant. The advantages this includes standard nomenclature, failsafe operation, robust protection against natural or humanmade disasters, and long-term reliability, expandability and scalability.

The TIA-942 specification data center requirements for applications and procedures such as:

      • Network architecture
      • Electrical design
      • File storage, backup and archiving
      • System redundancy
      • Network access control and security
      • Database management
      • Web hosting
      • Application hosting
      • Content distribution
      • Environmental control
      • Protection against physical hazards (fire, flood, windstorm)
      • Power management

Data Access Security

RapidCompute provides each customer with a unique VLAN, which makes it virtually impossible for potential attackers to snoop on our customers’ data. Important account information is stored externally in a secure billing platform. RapidCompute does not store any customer credit card or bank account information anywhere on its system.

RapidCompute provides network management tools through its customer portal to help customers configure remote access to their RapidMachines. Internet access to RapidCompute may be obtained through any ISP (and internet connection through Cybernet is not necessary). However, the security controls related to internet traffic in such a case are covered under the contracted ISP’s own domain.

The hypervisor used by RapidCompute is a secure, trusted and highly supported commercial platform. Furthermore, RapidCompute administrators, with decades of experience managing and securing data of Cybernet customers, follow best practices to protect customer access information such as user accounts, passwords and admin user IDs.

The RapidCompute network is also protected by a state-of-the-art Unified Threat Management (UTM) firewall cluster that provides effective protection from a multitude of threats emanating from the internet.

Finally, RapidCompute encourages its customers to take simple additional steps that go a long way in further improving the security and data recovery of its RapidMachines:

      • Although customer stored data cannot be accessed either by RapidCompute administrator or by other customers, customers are recommended to employ data encryption features of their cloud OS.
      • Create frequent snapshots of RapidMachines and store them locally, separate from the RapidMachines to ensure quick rebuild in the case of failures.
      • Manage and protect access to RapidMachines by frequently reviewing authorization rights (including regularly changing passwords) of organizational users and tracking access records.
      • Authorize only specific (and necessary) users to perform financial transactions through the RapidCompute customer portal.
      • Implement additional security controls on your RapidMachines such as protection against viruses, Trojans, worms and root kits at the OS level.
      • Manage secure log-ins through Remote Desktop or VNC.
      • Since all traffic is blocked by default, customers must configure OS level firewall policies according to their security needs.

Physical Security

RapidCompute infrastructure is housed in Cybernet’s state-of-the-art data center. This data center has the following features:

      • Two layer physical security comprising armed guards on each floor and the entrance to the building available around the clock to restrict access to authorized users only.
      • Three layer Digital Identity check mechanism in place before reaching the actual facility to ensure restricted and authorized access.
      • 24/7 monitoring through CCTV cameras monitored locally and remotely. Each aisle and corner of the inside facility is monitored whereas all entry and exit points outside are also observed.
      • World’s leading fire suppression system Inergen in N+1 configuration and intelligent smoke detectors