PCI and cloud computing: Cloud computing compliance guide

SearchCloudSecurity.com Staff

Staying compliant with the requirements of the Payment Card Industry Data Security Standard (PCI DSS) in a cloud computing environment can be challenging for organizations, and PCI-compliant cloud providers are not the end-all solution. Organizations must successfully manage and maintain compliance when making the transition to the cloud.

This SearchCloudSecurity.com  cloud computing compliance guide discusses several aspects of PCI and cloud computing, including virtualization in the cloud, what you need to know about compliance and cloud providers, Web security in the cloud and log management.

What the PCI virtualization guidance means for PCI compliance in the cloud
The PCI Security Standards Council’s recent guidance on virtualization comes as a mixed blessing for many organizations.  In one aspect, many have been anxiously waiting for PCI virtualization guidance since the standard was first published. But, on the downside, many of the decisions and assumptions made by organizations in regard to virtualization will end up being wrong, requiring extra spending and effort to achieve compliance.

In this tip from security expert Ed Moyle, learn what the PCI virtualization guidance means for PCI compliance in the cloud, and how the recent virtualization shows that PCI compliance in the cloud is a shared responsibility.

PCI DSS compliant cloud providers: No PCI panacea
When a cloud service provider says it’s been validated as PCI DSS compliant, what does that mean for the enterprise customer? According to security experts, organizations shouldn’t expect a PCI-validated cloud provider to relieve them of their PCI obligations. To be PCI DSS compliant, tenants still have PCI obligations.

In this article, learn why PCI DSS compliant cloud providers are no panacea for organizations’ PCI DSS obligations.

Q&A: Forrester's Chenxi Wang discusses cloud compliance

Chenxi Wang, principal analyst with Forrester, discusses her recent research report, "Compliance with Clouds: Caveat Emptor" and the issues involved with maintaining compliance with PCI, SOX and HIPAA and using cloud-based services.

Meeting the PCI requirement for Web security in the cloud
When it comes to Payment Card Industry Data Security Standard compliance, not all of the 12 requirements are created equal,  at least when it comes to implementation complexity. Specifically, compliance with PCI DSS Requirement 6.6 for Web application security has always been difficult for organizations to address, and it only becomes more complicated in a cloud environment.

In this tip, Ed Moyle discusses Requirement  6.6 in the cloud and explains how organizations can achieve compliance with the requirement and improve Web security in the cloud.

How to handle PCI DSS requirements for log management in the cloud
Because PCI DSS requirements, particularly those related to log management, are so prescriptive, organizations that must comply with PCI DSS and its log management requirements must do careful planning when using a cloud service.  Vendors may not have addressed the requirements fully and/or customer-implemented controls may not be successful in a cloud computing environment. 

Here, Ed Moyle defines PCI DSS requirements for logging, and explains how organizations can properly handle and manage those requirements in the cloud.

Managing PCI DSS requirements compliance when moving to the cloud
Managing and maintaining compliance with PCI DSS requirements when moving to a cloud computing service can be challenging, but organizations can maintain PCI DSS requirements compliance through careful analysis and strategic planning. In this tip from SearchCloudSecurity.com Ed Moyle explains how.

This was first published in August 2011

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: