PCI DSS compliance guide
Is Cloud 66 PCI Compliant?
We do not store Credit Card Information of our customers on our servers, systems or storage. This is handled by a PCI compliant third party and therefore we do not need a PCI DSS compliance.
Will my website/mobile backend/API be PCI compliant if I use Cloud 66?
Not by default. Compliance with PCI DSS regulations is up to you.
How does Cloud 66 access my servers?
We access your servers using Secure Shell (SSH) protocol and SSH private/public keys. The keys generated by Cloud 66 to connect to your servers are 2048-bit RSA keys. The keys are either generated by your cloud vendor or Cloud 66 depending on different vendors.
We also generate a key for you through a script when using our Cloud 66 Registered Server product.
Our connection to your servers is done only through a set of pre-announced IP addresses:
22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206,220.127.116.11 and 18.104.22.168
Where are the SSH keys stored on Cloud 66?
The SSH keys are stored on an isolated storage in Cloud 66 network. The keys are encrypted with a key and are only readable using the secure key.
The encryption keys are provided to our production servers during the startup and are not stored anywhere on our production gateways.
What firewalls are installed on servers deployed by Cloud 66?
Cloud 66 deploys iptable based firewall protection on all servers it provisions. Those firewalls are configured to allow public internet traffic only if needed (ports 80, 443, 8080 and 8443 are open for web servers). Other ports, including SSH ports are closed by default to the public traffic and private traffic within the hosted data center network traffic.
How does Cloud 66 prevent access to customer servers in case of a breach?
If security of our servers is breached, the attackers will not be able to access customer servers without gaining access to the encryption keys used to unlock SSH keys. These keys are not stored on our gateways servers and are provided to the server only during the startup phase of the system.