Cloud Security Best Practices

Arcane Strategies takes security seriously and may be obliged, by state and/or federal law, to enforce cloud security best practices for the protection of PII and PCI data. This may be required but is not limited to sites accepting credit card payments, personal identification information, healthcare and patient data, bio-pharmaceutical and FDA regulated data, or subject to government compliance and GDPR compliance. Arcane Strategies will make no exception, by client request or otherwise, toward ensuring compliance with regulations such as HIPAA, PCI, FDA CFR-21, Govt 508, or otherwise. As a service provider, Arcane Strategies does not accept responsibility for the hosting provider’s responsibilities to the aforementioned compliance laws and regulations nor ISO, RFC, IA/IEC or ISA99 standards. Arcane Strategies is not an ISO certified cyber security service provider.

We understand that our clients often do not require the expensive services that accompany an airtight security plan for cloud security best practices. Where legally responsible, Arcane Strategies will require our security protocol, inclusive of your system and your services agreement with Arcane Strategies, to comply with regulations. Where not legally accountable, Arcane Strategies will not require any additional security standards but may recommend best practices, to be provided in written communication by email and/or support ticket response.

In environments were regulatory compliance is required (ie. SOC1, SOC2, PCI-DSS), proper InfoSec Policies will be drafted accordingly.  For all other sitautions, at minimum, Arcane Strategies guarantees your system is secured by the following methods:

Arcane Strategies will recommend the following cloud security best practices and security methods

As the client, you accept responsibility for any security breaches resulting from declining any of the following methods:

Application Recommendations

The details of some monitoring services have been kept private for your own benefit, as hackers with a knowledge of the system are able to more easily exploit those systems’ vulnerabilities.  Only existing clients with an active agreement may receive this information by phone.  To learn more about our systems, or if you have questions about these cloud security best practices, please speak with your representative.