Joyent has architected a highly secure cloud infrastructure for deployment of a wide range of production applications and sensitive data. In addition to maintaining key industry certifications, compliances, reports, and attestations, we provide unique service offerings to help customers mitigate their risks in the cloud. Working with Joyent our customers can build on top of our services, and be able to achieve and maintain their compliance needs.
This page includes the following sections: overview of Joyent’s security strategy, information on the certifications and independent assessments in our possession, and a FAQ on PCI DSS compliance.
There are several key elements in our strategy to ensure the security of the Joyent infrastructure:
Joyent holds the following:
Joyent infrastructure is housed within top tier data centers including Equinix and SwitchNap . These data centers are secured with a variety of physical controls to prevent unauthorized access.
Each of our services within the Joyent cloud are architected to be secure, and prevent unauthorized access or usage.
Joyent strongly recommends that users encrypt their personal or business data within the Joyent cloud, both in production and in backup / storage environments. While data encryption is NOT a default offering in the Joyent Cloud, the Joyent team can recommend a variety of appropriate encryption options that users can implement on top of the Joyent cloud infrastructure
In accordance with the Statement on Standards for Attestation Engagements No. 16 (SSAE 16), Joyent has completed a SOC 1 Type 1 report. This audit attests that Joyent’s control objectives are effectively designed and that the individual controls defined to safeguard customer data are operating effectively. Our commitment to the SOC 1 report is ongoing and we plan to continue our process of periodic audits.
An Independent Qualified Security Assessor (QSA) under the Payment Card Industry (PCI) Data Security Standard (DSS) has successfully validated Joyent as a Level 1 service provider. PCI validated services include the Joyent Cloud virtual infrastructure, the Joyent Cloud management environment, and the underlying physical infrastructure.
Joyent does not provide credit card services to its customers. All additional required PCI DSS controls for a customer environment implemented within the Joyent Cloud remain the responsibility of Joyent’s customers. Those controls must be assessed and validated on an individual merchant or service provider basis, as part of the customer’s validation of PCI DSS compliance for the customer’s own report on compliance (ROC).
Joyent’s high-performance cloud is compliant with the U.S. Health Insurance Portability and Accountability Act (HIPAA).
We provide covered entities subject to HIPAA with a secure environment to manage, update and store protected health information. Joyent signs Business Associate Agreements with customers to validate the integrity of our process systems that facilitate HIPAA compliance.
Contact our customer success team to learn more about how you can leverage the Joyent cloud to ensure ongoing HIPAA compliance.
Joyent recommends that users rotate or change access keys and certificates on a regular basis to prevent unauthorized access and provide additional security.
Delivering a secure cloud computing platform involves implementing numerous best practices for on-premise infrastructure as well as a host of additional considerations unique to a hosted infrastructure environment.
The Joyent Wiki also provides a wide variety of information and recommendations on best security practices in particular relating to firewalls, isolating networks with VLANs, backup and data encryption. Here are a few key differences for Joyent Cloud with regard to security practices.
Questions regarding compliance may be directed to: firstname.lastname@example.org.