Home Cloud Computing PCI and the Cloud - are they oil and water?

Sometimes it seems as though we finally achieve PCI compliance only to have 'management' change the landscape and throw the 'cloud' curveball at us.  Will PCI and clouds mix or are they oil and water?

For a credit card processing organization, it's (relatively) easy to achieve PCI compliance when they own pretty-well all of the computers and plumbing right up to the secure connection to the payment gateway.

"Great, we can rest a little easy until the next audit," says the CSO.

Next thing he hears is that the Board and the CIO have decided to make his sunny day exceedingly cloudy.

"We're going to outsource our back-end systems to a cloud provider; we're looking to see who's cheapest."

According to leading Australian specialist security information consultancy Pure Hacking, The challenges of transparency and independent verification of compliance standards are two major issues which organisations need to address prior to moving credit card storage and transaction facilities to a public cloud.  They suggest that while the costs of daily operations might well be best reduced by sending them into the cloud, there is little but heartache for any plan to do similar for card processing.

"Solely relying on public cloud computing systems for processing credit card information and transactions is literally a game of probability and risk. In the end the likelihood of an attack against a public cloud that holds such high value information is extremely probable. The security posture of your public cloud vendor against such attacks is key to your ability to protect your client's data privacy and business functionality," said Ty Miller, CTO, Pure Hacking.

See the next page for some suggestions on considering whether or not to mix your PCI with the cloud.

WEBINAR 7th May 11am - WOW 802.11

Learn how Ruckus Redefines High-Speed, High Capacity Wi-Fi with Industry’s First 802.11ac Wave 2 Access Point

THIS IS ONE NOT TO MISS SO REGISTER NOW

DON'T MISS OUT - REGISTER NOW!

FREE - SYDNEY & MELBOURNE BUSINESS INTELLIGENCE EVENTS

The Holy Grail of the Business Intelligence (BI) industry – pervasive deployments and widespread end-user adoption – has remained an illusive dream for years. Until now!

REGISTER & SECURE YOU PLACE / BRING A FRIEND

Melbourne - venue Captain Melville’s CBD 2:30 – 6:00pm, Tuesday 28th April

Sydney - venue Redoak CBD 2:30 – 6:00pm, Thursday 30th April

DON'T MISS OUT - MELBOURNE REGISTER NOW!

DON'T MISS OUT - SYDNEY REGISTER NOW!

FREE WHITEPAPER - RISKS OF MOVING DATABASES TO VMWARE

VMware changed the rules about the server resources required to keep a database responding

It's now more difficult for DBAs to see interaction between the database and server resources

This whitepaper highlights the key differences between performance management between physical and virtual servers, and maps out the five most common trouble spots when moving production databases to VMware

1. Innacurate metrics
2. Dynamic resource allocation
3. No control over Host Resources
4. Limited DBA visibility
5. Mutual ignorance

Don't move your database to VMware before learning about these potential risks, download this FREE Whitepaper now!

DOWNLOAD!

David Heath

joomla statistics

David Heath has over 25 years experience in the IT industry, specializing particularly in customer support, security and computer networking. Heath has worked previously as head of IT for The Television Shopping Network, as the network and desktop manager for Armstrong Jones (a major funds management organization) and has consulted into various Australian federal government agencies (including the Department of Immigration and the Australian Bureau of Criminal Intelligence). He has also served on various state, national and international committees for Novell Users International; he was also the organising chairman for the 1994 Novell Users' Conference in Brisbane. Heath is currently employed as an Instructional Designer, building technical training courses for industrial process control systems.

Connect