What does Instart Logic, EdgeCast, Akamai, and Level 3 have in common? All four content delivery networks offer a PCI Compliant CDN solution that treats SSL (secure) and http content (non-secured) differently. Currently, CDNs offer three different flavors of non-secure/secure delivery solutions: 1) standard http delivery for non-secured content 2) delivery of https and http content delivered from the same network and the same clusters of servers 3) https content delivery from a dedicated highly secured PCI compliant network that serves only https content. Is delivering secured content from a dedicated PCI compliant network important?
Absolutely. Qualys and OWASP state clearly in their methodologies that separating secure, and non-secure content is security best practices. That’s why the PCI Compliant CDN has the upper hand in offering CDN solutions to ecommerce companies and transaction oriented websites. Startup CDNs shouldn’t really be concerned with being PCI Compliant for the first few years, as it is very costly to become Level 1 PCI Compliant. Getting PCI certified is easily going to cost $1M+, plus the ongoing yearly support cost. But in the long run, its a good idea for all CDNs to become PCI compliant. PCI Compliant CDNs