Security and compliance are hot topics in the cloud computing industry. PCI DSS is a set of requirements that, when adhered to, increase the level of security for payment cards transactions.
To become compliant with the PCI DSS, an organization must meet all of the security requirements and maybe even go through a formal auditing process, depending on the number of transactions processed each year. While these requirements may seem inconvenient,
But, can organizations really become PCI-compliant in a cloud computing hosting environment?
In searching for an answer to this question it's importnat to ask, "What kind of cloud computing service?" Many security experts have discussed the topic on panels and in the blogs, like this one. Most of my experience is with infrastrucutre as a service.
Just in working on small business virtualization projects with clients, here at BlueLock, I've had get educated on PCI DSS. The tricky thing for cloud computing hosting companies is that with standards like PCI, there are both application-side and infrastructure-side requirements for compliance.
So with IaaS, where does the responsiblity reside?
Ultimately, it's the responsibility of the company that is doing the payment card processing. The scope of PCI DSS goes beyond what infrastructure as a service companies provide. So, if a cloud computing service provider claims that they are "PCI compliant," it's important to remember that you must still assess your own organization outside of what the service provider manages.
At BlueLock, we use tools from our partners at Shavlik to run regular compliance scans of our clients' environments. If it's important for your organization to be in compliance with PCI DSS, then it's important for you to audit yourself regularly.
To find out more about PCI DSS, visit the PCI Security Standards Council website.
To become compliant with the PCI DSS, an organization must meet all of the security requirements and maybe even go through a formal auditing process, depending on the number of transactions processed each year. While these requirements may seem inconvenient,
But, can organizations really become PCI-compliant in a cloud computing hosting environment?
In searching for an answer to this question it's importnat to ask, "What kind of cloud computing service?" Many security experts have discussed the topic on panels and in the blogs, like this one. Most of my experience is with infrastrucutre as a service.
Just in working on small business virtualization projects with clients, here at BlueLock, I've had get educated on PCI DSS. The tricky thing for cloud computing hosting companies is that with standards like PCI, there are both application-side and infrastructure-side requirements for compliance.
So with IaaS, where does the responsiblity reside?
Ultimately, it's the responsibility of the company that is doing the payment card processing. The scope of PCI DSS goes beyond what infrastructure as a service companies provide. So, if a cloud computing service provider claims that they are "PCI compliant," it's important to remember that you must still assess your own organization outside of what the service provider manages.
At BlueLock, we use tools from our partners at Shavlik to run regular compliance scans of our clients' environments. If it's important for your organization to be in compliance with PCI DSS, then it's important for you to audit yourself regularly.
To find out more about PCI DSS, visit the PCI Security Standards Council website.
Comments for Can a Cloud Comply with PCI DSS?