Staying compliant with the requirements of the Payment Card Industry Data Security Standard (PCI DSS) in a cloud computing environment can be challenging for organizations, and PCI-compliant cloud providers are not the end-all solution. Organizations must successfully manage and maintain compliance when making the transition to the cloud.
PCI cloud computing: More information
Amazon's new dedicated EC2 instances promise to make the cloud safe for highly regulated companies. A closer look at these EC2 instances show both strong aspects as well as areas that need improvement.
Insecurities about achieving compliance in the cloud is one of the main reasons organizations are hesitant to adopt cloud computing services. Here you will gain a better understanding of cloud compliance issues.
This SearchCloudSecurity.com cloud computing compliance guide discusses several aspects of PCI and cloud computing, including virtualization in the cloud, what you need to know about compliance and cloud providers, Web security in the cloud and log management.
What the PCI virtualization guidance means for PCI compliance in the cloud
The PCI Security Standards Council’s recent guidance on virtualization comes as a mixed blessing for many organizations. In one aspect, many have been anxiously waiting for PCI virtualization guidance since the standard was first published. But, on the downside, many of the decisions and assumptions made by organizations in regard to virtualization will end up being wrong, requiring extra spending and effort to achieve compliance.
In this tip from security expert Ed Moyle, learn what the PCI virtualization guidance means for PCI compliance in the cloud, and how the recent virtualization shows that PCI compliance in the cloud is a shared responsibility.
PCI DSS compliant cloud providers: No PCI panacea
When a cloud service provider says it’s been validated as PCI DSS compliant, what does that mean for the enterprise customer? According to security experts, organizations shouldn’t expect a PCI-validated cloud provider to relieve them of their PCI obligations. To be PCI DSS compliant, tenants still have PCI obligations.
In this article, learn why PCI DSS compliant cloud providers are no panacea for organizations’ PCI DSS obligations.
Chenxi Wang, principal analyst with Forrester, discusses her recent research report, "Compliance with Clouds: Caveat Emptor" and the issues involved with maintaining compliance with PCI, SOX and HIPAA and using cloud-based services.
Meeting the PCI requirement for Web security in the cloud
When it comes to Payment Card Industry Data Security Standard compliance, not all of the 12 requirements are created equal, at least when it comes to implementation complexity. Specifically, compliance with PCI DSS Requirement 6.6 for Web application security has always been difficult for organizations to address, and it only becomes more complicated in a cloud environment.
In this tip, Ed Moyle discusses Requirement 6.6 in the cloud and explains how organizations can achieve compliance with the requirement and improve Web security in the cloud.
How to handle PCI DSS requirements for log management in the cloud
Because PCI DSS requirements, particularly those related to log management, are so prescriptive, organizations that must comply with PCI DSS and its log management requirements must do careful planning when using a cloud service. Vendors may not have addressed the requirements fully and/or customer-implemented controls may not be successful in a cloud computing environment.
Here, Ed Moyle defines PCI DSS requirements for logging, and explains how organizations can properly handle and manage those requirements in the cloud.
Managing PCI DSS requirements compliance when moving to the cloud
Managing and maintaining compliance with PCI DSS requirements when moving to a cloud computing service can be challenging, but organizations can maintain PCI DSS requirements compliance through careful analysis and strategic planning. In this tip from SearchCloudSecurity.com Ed Moyle explains how.