Tell us about your traffic

The ability to serve secure traffic?

Serving secure traffic means that you want to support HTTPS traffic (either instead of HTTP traffic or in addition to HTTP traffic).

If you’re PCI (payment card industry) compliant or you serve PI (personal information), you must serve HTTPS traffic through the network.

To secure your traffic over HTTPS, you need two valid certificates, one for the origin server and one for the Akamai (edge) server. But hold on, you can deal with certificates in just a while.

Now, let's get some directions.

Payment card industry compliance

The PCI Data Security Standard (DSS) applies to all entities that store, process, and transmit cardholder data for any major credit or debit card.

If you collect payments online, is your domain compliant with the PCI DSS? Does your domain handle PCI information and is subject to PCI compliance?

In addition to Akamai configurations for your site, there are other areas of PCI compliance that require your attention. For example, you are responsible for ensuring the PCI compliance of your origin server connection and granting the appropriate access for your company’s Control Center accounts. You can review important details about configuring your domain for PCI compliance in the PCI DSS Configuration Guide on Control Center.
Note: If your site processes online payments, it may be subject to PCI DSS compliance. Carefully review your Caching settings on the Configuration Settings tab, and the Advanced Settings dialog, to make sure that you are not caching any payment card data.

Protection of personal information

There’s no single security standard for PI, but there are some best practices that can be applied to any site. For example, if your domain contains and provides private data—financial statements, medical transcripts, eCommerce receipts and the like—your traffic should be served through the Akamai Secure content delivery network.

How you handle personal information depends on who it’s intended for. Say it’s financial statements or medical transcripts. If it’s intended for an individual user, you should not cache it. If, however, it’s intended to be shared by many users, caching may be appropriate. For example, some types of photos on social media may fall into this category according to European Union PI standards.
Note: If your site contains PI, carefully review your Caching settings on the Configuration Settings tab, and the Advanced Settings dialog, to make sure that you aren’t inadvertently caching any PI data that is not intended to be shared.