Multi-tenant platform security
Intermedia uses multiple redundant, enterprise-class firewall systems to help prevent unwarranted intrusions and to help ensure only authorized users access your cloud environment. This purpose-built security system integrates firewall, VPN and traffic management.
We also run multiple intrusion protection systems (IPS) (both host and network) to help detect and deter malicious network traffic and computer usage that often cannot be caught by a conventional firewall. The system monitors for unusual traffic patterns and alerts system administrators of any suspicious behavior.
IPS can also help prevent network attacks against vulnerable services; data driven attacks on applications; host-based attacks such as privilege escalation; unauthorized logins and access to sensitive files; and malware (e.g. viruses, Trojan horses, and worms).
Physical security
Each of Intermedia’s world-class datacenters adheres to strict standards in physical security. Each datacenter is closely monitored and guarded 24/7/365 with sophisticated pan/tilt closed-circuit TVs. Secure access is strictly enforced using the latest technology, including electronic man-trap devices between lobby and datacenter, motion sensors and controlled ID key-cards. Security guards are stationed at the entrance to each site.
Employee security
Every Intermedia employee, regardless of role, undergoes a rigorous background check. Employee access to passwords, encryption keys and electronic credentials is strictly controlled using two-factor authentication and role-based access control. Access to servers is restricted to a limited number of authorized engineers and monitored regularly.
Redundant internet service providers
Each of our datacenters is serviced by multiple Tier-1 internet providers to help mitigate the potential impact of a Denial of Service (DoS) attack on any single provider.
Authentication and access
Intermedia has established a number of stringent policies and procedures to authenticate a caller’s identity during support and service calls. These policies and procedures help protect confidential information belonging to your account and to your users by helping to ensure that only authorized members of your team are given access to our services. In addition, our online control panel enables administrators to fully control access to services and administrative functions.
Dedicated security staff and monitoring
Intermedia employs dedicated, full-time security staff who are certified in information security. This team is involved with all aspects of security, including log and event monitoring, incident response, managing intrusion detection systems (both host and network), perimeter defense, service and architecture testing, and source code reviews.
Privacy
Intermedia is committed to compliance with the EU’s General Data Protection Regulation (GDPR), effective May 25, 2018, and we offer data processing agreements to our partners and customers to help them comply with their obligations under the GDPR. We treat all data equally, so all of our EU and US customers benefit from this strict level of protection.
Audit report: SOC 2 certification
Intermedia has a SOC 2 audit report from an independent auditor who has validated that, in their opinion, our controls and processes were effective in assuring security during the evaluation period. Intermedia is audited company-wide, not just at the datacenter level. Additionally, while some service providers may only choose to be audited against one or two of the five trust service principles (security, availability, processing integrity, confidentiality and privacy), Intermedia has been audited against all five.
PCI compliance
The payment processing system utilized by Intermedia has passed the strict testing procedures necessary to be compliant with the PCI Data Security Standards (PCI DSS). This helps ensure that your payment information will not be accessed by unauthorized parties or shared with unscrupulous vendors.