SAN FRANCISCO -- Cloud customers that handle credit card data have long been concerned about their Payment Card Industry Data Security Standard (PCI DSS) responsibilities. Particularly, where is the line drawn between their own compliance requirements and those of the chosen cloud provider?
As a result, the PCI Security Standards Council recently released version 2.0 of its PCI DSS guidelines for cloud computing, which, in part, were intended to address the issue of cloud customer responsibility. But how much clarity does this document provide on a key cloud compliance issue?
In this video, recorded at RSA Conference 2013, Eric Chiu, co-founder and president of Mountain View, Calif.-based cloud compliance vendor HyTrust Inc., analyzes the latest PCI DSS cloud computing guidelines. Chiu discusses his views on how the document addresses cloud customer and provider responsibilities and whether cloud service models have any impact on maintaining PCI DSS compliance. Finally, he talked about how customers should react to providers' claims of PCI DSS compliance.