Cloud Computing Strategies for the CIOStaying compliant with the requirements of the Payment Card Industry Data Security Standard (PCI DSS) in a cloud computing environment can be challenging for organizations, and PCI-compliant cloud providers are not the end-all solution. Organizations must successfully manage and maintain compliance when making the transition to the cloud.
This SearchCloudSecurity.com cloud computing compliance guide discusses several aspects of PCI and cloud computing, including virtualization in the cloud, what you need to know about compliance and cloud providers, Web security in the cloud and log management.
What
the PCI virtualization guidance means for PCI compliance in the cloud
The PCI Security Standards Council’s recent guidance on virtualization comes as a mixed
blessing for many organizations. In one aspect, many have been anxiously waiting for PCI
virtualization guidance since the standard was first published. But, on the downside, many of
the decisions and assumptions made by organizations in regard to virtualization will end up being
wrong, requiring extra spending and effort to achieve compliance.
In this tip from security expert Ed Moyle, learn what the PCI virtualization guidance means for PCI compliance in the cloud, and how the recent virtualization shows that PCI compliance in the cloud is a shared responsibility.
PCI
DSS compliant cloud providers: No PCI panacea
When a cloud service provider says it’s been validated as PCI
DSS compliant, what does that mean for the enterprise customer? According to security experts,
organizations shouldn’t expect a PCI-validated cloud provider to relieve them of their PCI
obligations. To be PCI DSS compliant, tenants still have PCI obligations.
In this article, learn why PCI DSS compliant cloud providers are no panacea for organizations’ PCI DSS obligations.
Q&A: Forrester's Chenxi Wang discusses cloud compliance
Chenxi Wang, principal analyst with Forrester, discusses her
recent research report, "Compliance with Clouds: Caveat Emptor" and the issues involved with
maintaining compliance with PCI, SOX and HIPAA and using cloud-based services.
Meeting
the PCI requirement for Web security in the cloud
When it comes to Payment
Card Industry Data Security Standard compliance, not all of the 12 requirements are created
equal, at least when it comes to implementation complexity. Specifically, compliance with PCI
DSS Requirement 6.6 for Web application security has always been difficult for organizations to
address, and it only becomes more complicated in a cloud environment.
In this tip, Ed Moyle discusses Requirement 6.6 in the cloud and explains how organizations can achieve compliance with the requirement and improve Web security in the cloud.
How
to handle PCI DSS requirements for log management in the cloud
Because PCI
DSS requirements, particularly those related to log management, are so prescriptive,
organizations that must comply with PCI DSS and its log management requirements must do careful
planning when using a cloud service. Vendors may not have addressed the requirements fully
and/or customer-implemented controls may not be successful in a cloud computing
environment.
Here, Ed Moyle defines PCI DSS requirements for logging, and explains how organizations can properly handle and manage those requirements in the cloud.
Managing
PCI DSS requirements compliance when moving to the cloud
Managing and maintaining compliance with PCI DSS requirements when moving to a cloud
computing service can be challenging, but organizations can maintain PCI DSS requirements
compliance through careful analysis and strategic planning. In this tip from
SearchCloudSecurity.com Ed Moyle explains how.
This was first published in August 2011
Join the conversationComment
Share
Comments
Results
Contribute to the conversation