Bare Metal Servers

Build a bare metal server with your choice of processor(s), hard drive configuration, RAM, port speed, and more.

order hourly
Order monthly

Virtual Servers

Select the cores, storage, and RAM you need in your virtual server, and we'll deploy it in 5 to 15 minutes.

order hourly
Order monthly

Cloud Storage

Scale your storage infrastructure on demand while controlling your costs with SoftLayer object storage.

order storage

Compliance

Built to perform. Made to comply.

SoftLayer data centers for government workloads were designed and built to meet the strictest standards of the U.S. government. We’ve employed the security and privacy controls defined by NIST SP 800-53, and all SoftLayer data centers for government use meet FedRAMP and FISMA compliance standards and are audited regularly in our SOC 2, Type II reports.

SoftLayer helps customers seeking HIPAA and PCI-DSS compliance by providing and meeting the necessary infrastructure-related controls for those certifications. These physical and network controls are enhanced with additional security features such as multi-factor authentication, hardware and software firewalls, vulnerability scans, anti-virus and anti-spyware protection, host-based intrusion detection, virtual private networks (IPSEC and VPN SSL), and SSL certificates.


FedRAMP

FedRAMP (the Federal Risk and Authorization Management Program) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP authorizes cloud systems with a three-step process that includes security assessment, leveraging and authorization, and ongoing assessment and authorization. All SoftLayer data centers are built to FedRAMP standards. Data centers reserved for government workloads have FedRAMP certification pending.


FISMA

The Federal Information Security Management Act of 2002 (FISMA) was created to ensure the security of data in the federal government. The act requires program officials and agency heads to conduct annual reviews of information security programs, with the intent of keeping risks at or below specified acceptable levels in a cost-effective, timely and efficient manner. All SoftLayer data centers are built to FISMA standards. Data centers reserved for government workloads have FISMA certification pending.


SOC 2

SoftLayer provides a Service Organization Controls 2 (SOC 2), Type II report, an evaluation of SoftLayer operational controls’ compliance to criteria set by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. The Trust Services Principles define adequate control systems and establish industry standards for services providers such as SoftLayer to safeguard their customers’ data and information. Customers may download the current SoftLayer SOC 2 report from the customer portal or contact our sales team.


Safe Harbor

Safe Harbor is an important way for U.S. companies to avoid experiencing interruptions in their business dealings with the EU or facing prosecution by European authorities under European privacy laws. Certifying to the safe harbor will assure that EU organizations know that your company provides “adequate” privacy protection, as defined by the Directive. SoftLayer Safe Harbor Information: http://safeharbor.export.gov/companyinfo.aspx?id=18310


Cloud Security Alliance – STAR Registrant

The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within cloud computing. One of the mechanisms the Cloud Security Alliance uses in pursuit of its mission is the Security, Trust, and Assurance Registry (STAR)—a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings. SoftLayer STAR Consensus Assessment Initiative Questionnaire: https://cloudsecurityalliance.org/star-registrant/softlayer/


PCI Compliance

If you store or process credit card data then PCI Compliance and network security are of primary concern to your business. To ensure consistent standards for merchants, the Payment Card Industry Security Standards Council established Payment Card Industry (PCI) data security standards. These standards incorporate best practices to protect cardholder data, and they often require validation from a third-party Qualified Service Assessor (QSA). We help our customers supplement their internal security controls to meet PCI compliance by assisting with 3rd party auditor security walkthroughs and providing proof of physical and environmental controls while maintaining strict information security policies.


HIPAA Compliance

The U.S. Health Insurance Portability and Accountability Act requires specific security controls for businesses that store or process protected health information online. The SoftLayer cloud platform meets all of the necessary requirements for HIPAA on the data center/service provider side. For more information about and assistance to achieve, certify, and maintain HIPAA compliance for your SoftLayer environment, please contact our sales team.