The ability to serve secure
Serving secure traffic means that you want to support HTTPS traffic (either
instead of HTTP traffic or in addition to HTTP traffic).
If you’re PCI (payment card industry) compliant or you serve PI (personal
information), you must serve HTTPS traffic through the network.
To secure your traffic over HTTPS, you need two valid certificates, one for the
origin server and one for the Akamai (edge) server. But hold on, you can deal with certificates in just a while.
Now, let's get some directions.
Payment card industry compliance
The PCI Data Security Standard (DSS) applies to all entities that store,
process, and transmit cardholder data for any major credit or debit card.
If you collect payments online, is your domain compliant with the PCI DSS?
Does your domain handle PCI information and is subject to PCI compliance?
In addition to Akamai
configurations for your site, there are other areas
of PCI compliance that require your attention. For example, you are responsible for ensuring
the PCI compliance of your origin server connection and granting the appropriate access for
your company’s Control Center
accounts. You can
review important details about configuring your domain for PCI compliance in the PCI DSS Configuration Guide
on Control Center
If your site processes online payments, it
may be subject to PCI DSS compliance. Carefully review your Caching settings on the
Configuration Settings tab, and the Advanced Settings dialog, to make sure that you are
any payment card data.
Protection of personal
There’s no single security standard for PI, but there are some best practices
that can be applied to any site. For example, if your domain contains and provides private
data—financial statements, medical transcripts, eCommerce receipts and the like—your traffic
should be served through the Akamai Secure content delivery network.
How you handle personal information depends on who it’s intended for. Say it’s
financial statements or medical transcripts. If it’s intended for an individual user, you
should not cache it. If, however, it’s intended to be shared by many users, caching may be
appropriate. For example, some types of photos on social media may fall into this category
according to European Union PI standards.
If your site contains PI, carefully review
your Caching settings on the Configuration Settings tab, and the Advanced Settings dialog,
to make sure that you aren’t inadvertently caching
any PI data that is not intended to be shared.