The PCI Security Standards Council has published new guidelines around the use of PCI DSS in the cloud
The PCI Security Standards Council announced on Thursday that it has published new guidelines around the use of PCI DSS in the cloud.
Businesses who deploy cloud technology can use the PCI DSS Cloud Computing Guidelines Information Supplement to choose solutions and third-party cloud providers that will help them secure payment data and support PCI DSS compliance.
The new guidlines bring together expertise from more than 100 global organizations representing banks, merchants, security assessors and technology vendors. It aims to address security challenges for different cloud architectures, and helps businesses understand their PCI DSS responsibilities.
Cloud compliance can be extremely confusing for businesses, and as a result, cloud providers like ITX Design have launched solutions around simplifying cloud compliance for ecommerce vendors. These kinds of compliance services are pertinent as businesses continue to cite compliance as a major concern with cloud deployments. A recent study by Symantec finds only 40 percent said that they are sure their cloud providers certificates comply with internal standards.
The information supplement could be useful to merchants considering using cloud technologies with cardholder data, and any third-party service provider that provides PCI DSS compliant cloud services.
The supplement provides guidance around common deployment and service models for cloud environments, outlines different roles and responsibilities across different cloud models, PCI DSS considerations and PCI DSS compliance challenges.
“At the Council, we always talk about payment security as a shared responsibility. And cloud is by nature shared, which means that it’s increasingly important for all parties involved to understand their responsibility when it comes to protecting this data,” Bob Russo, general manager, PCI Security Standards Council. “It’s great to see this guidance come to fruition, and we’re excited to get it into the hands of merchants and other organizations looking to take advantage of cloud technology in a secure manner.”
Talk back: Have you reviewed the PCI DSS information supplement? Is your cloud PCI DSS compliant? Let us know in a comment.
About Nicole Henderson
Nicole Henderson is the Editor in Chief of the Web Host Industry Review where she covers daily news and features online, as well as in print. She has a bachelor of journalism from Ryerson University in Toronto. You can find her on Twitter @NicoleHenderson.
{ 1 comment… read it below or add one }
PCI DSS is not appropriate solution for Cloud Computing. Still there is no solution who cover all aspects of Information of Cloud Computing even Cloud Control Matrix (CCM V.3) is not sufficient for Cloud Security thats why Cloud Service Providers are implementing more than one standards to cover all aspects of Information Security.
Muhammad Imran Tariq