Cloud Business Featured Article
PCI Security Standards Council Publishes Cloud Computing Guidelines SupplementFebruary 07, 2013
By Erin Harrison, Executive Editor, Cloud Computing
In an effort to help financial-based businesses choose the right cloud-based services and cloud providers, the PCI (News - Alert) Security Standards Council (PCI SSC) has published the PCI DSS Cloud Computing Guidelines Information Supplement.
The resource is designed to help businesses choose solutions and third-party cloud providers that will help them secure their customer payment data and support PCI DSS compliance (payment card industry data security standard). PCI DSS is an evolving set of security requirement designed specifically for the storage, process or transmitting of cardholder data that businesses even outside the payment card industry are deploying to meet a range of industry requirements.
One of the greatest assets of cloud computing is its shared-responsibility model, however, this shared model can magnify the difficulties of architecting a secure computing environment, according to Chris Brenton, a PCI Cloud SIG contributor and director of security for CloudPassage (News - Alert).
“One of this supplement’s greatest achievements is that it clearly defines the security responsibilities of the cloud provider and the cloud customer,” Brenton said in a statement. “With PCI DSS as the foundation, this guidance provides an excellent roadmap to crafting a secure posture in both private and public cloud.”??
PCI participating organizations selected cloud computing as a key area to address via the SIG process. PCI Special Interest Groups (SIGs) are community-driven initiatives that provide additional guidance and clarifications or improvements to the PCI Standards and supporting programs. ??
More than 100 global organizations representing banks, merchants, security assessors and technology vendors collaborated on the supplement to help companies identify and address the security challenges for different cloud architectures and models, and understand their PCI DSS responsibilities. ??
The PCI DSS Cloud Computing Guidelines Information Supplement is a sequel to the 2011 Virtualization SIG, and takes into consideration other industry standards to provide guidance around the following primary areas and objectives:?
Cloud Overview – provides explanation of common deployment and service models for cloud environments, including how implementations may vary within the different types.
Cloud Provider/Cloud Customer Relationships– outlines different roles and responsibilities across the different cloud models and guidance on how to determine and document these responsibilities.
PCI DSS Considerations – provides guidance and examples to help determine responsibilities for individual PCI DSS requirements, and includes segmentation and scoping considerations.
PCI DSS Compliance Challenges- describes some of the challenges associated with validating PCI DSS compliance in a cloud environment.
Organizations that fail to protect their consumer credit card data face serious repercussions including lawsuits and fines, but outsourcing the right provider allows businesses to achieve and maintain compliance while controlling costs.
Edited by Amanda Ciccatelli
"We can turn a lead into a customer without having to enter information into two separate systems. With the click of a button, customer and order information is populated into our ordering system right from Aplicor."
- Scott Adams, MobileHelp
- Direct Med Supplies
"After researching numerous CRM & ERP companies, I choose Aplicor's Cloud Suite 7 because of its functionality, advanced technology and it's seamless CRM integration. Aplicor meets the needs of my business and provides great customer service and account support"
- Jason Villella, President, Direct Med Supplies