ScalaHosting claims itself as the “Next Step in Hosting Evolution” and aims to make VPS hosting available to a wider audience. But is their hosting platform safe?
Because security is such an important aspect in website hosting, we are going to take a closer look into ScalaHosting security features. This article complements our ScalaHosting review and meant for readers who are concerned with the safety of ScalaHosting platform.
ScalaHosting Security Features – What’s in Place?
1. Auto-Configured Free SSL
ScalaHosting provides free Let’s Encrypt SSL to all customers. The configuration process is fully automated. As soon as you point your domain to ScalaHosting server, a Let’s Encrypt SSL certificate will be generated and put in place within 24 hours.
What is an SSL certificate?
An SSL Certificate is a digital certificate that confirms the identity of a website. The use of an SSL Certificate on a website is usually indicated by a padlock icon on web browsers and the website address will show HTTPS. In some cases, a green address bar is shown.
2. Basic Server Security
All files within the public_html directories are scanned for configuration errors. In case there is a human error in file permission configuration, the system will auto-correct it and set it to 600 or 400 (non-readable or non-executable).
ClamAV, an open-source anti-virus engine, is installed in all ScalaHosting servers. All uploaded files are scanned before they are put into the server.
All shared and reseller hosting accounts come with built-in backup features. Users' data are being backup daily. Backup files are stored in an offsite location and kept for a minimum of seven-day.
3. SShield (Malware Protection)
SShield is a custom security solution developed by ScalaHosting. The security system monitors all incoming and outgoing traffic of every website hosted on ScalaHosting servers. Should any malicious activity occur, the system will catch it and report it to the site owner immediately.
ScalaHosting calls SShield a “one-of-a-kind security system” because instead of relying on virus/malware databases like traditional security systems, SShield is 100% A.I. powered and keeps up to the latest virus development by itself.
4. Regulatory Compliance
ScalaHosting meets the highest levels of compliance with industry standards. Their hosting service is audited under SSAE 18 SOC 2 Type II, PCI-DSS, GLBA, and HIPAA standards annually. Also, the company is ITAR and EU-US Privacy Shield registered.
What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) is the United States federal law that protects sensitive patient information. The Act was established by the United States Congress in 1996. If you are in the health industry (hospital, clinic, etc) a HIPAA-compliant server is needed when storing, transferring, and accessing any form of patients’ data.
What is PCI-DSS compliance?
The Payment Card Industry Data Security Standard (PCI-DSS) is a set of requirements intended to ensure that all companies that process, store, or transmit credit card information maintain a secure online environment. The administration and management of PCI-DSS are performed by the PCI Security Standards Council (PCI SSC), a body created by major credit card companies.
Learn more about PCI-DSS here.
What’s Lacking?
No Built-in Dedicated DDoS Protection
While SShield adds an extra protection layer to your website – there isn’t any dedicated protection built against DDoS attacks at ScalaHosting.
Distributed Denial of Service (DDoS) is a form of attack where malicious actors attempt to flood a website with an overwhelming amount of data. Web hosting services that are not prepared for DDoS attacks can be paralyzed by these attacks. As more resources are consumed, websites on the server are left unable to respond to real queries from visitors.
Alternative Solutions
The lack of dedicated DDoS protection is not a deal breaker for Scalahosting though as there are plenty of other options.
Use Proxy Protection – A Proxy (ie. Cloudflare) is a buffer that shields your website from the Internet, somewhat like a fence. This offers an extra layer of protection that might serve to give you a warning of an incoming attack. It also hides your real IP address, although all of this is invisible to your legitimate website visitors.
Guard Against Spoofed IP Addresses – Cybercriminals are fond of hiding their real IP addresses by hijacking others for their use. Many popular addresses can be guarded against by keeping an access control list (ACL) to block access from certain IP addresses.
Have Mode Bandwidth – Although bandwidth is expensive, many hosts today offer scalable plans that might help you out. DDoS works by trying to overcome your available bandwidth, so by keeping a bit more of a buffer zone, you might be able to gain advance attack warning as well.
Verdict: Yes, ScalaHosting is Safe
With an estimated 30,000 websites hacked and almost 4 million records being exposed by hackers every day (source) – we understand your concern with web hosting security.
Based on our study, ScalaHosting is a great choice when it comes to secure web hosting. The web host offers an impressive set of security tools that cover both basic and advanced website protections. If you are keen on diving deeper into ScalaHosting, read my full ScalaHosting review here.