Read our guides about Microsoft Small Business ServerMicrosoft SBS

 

What does the future hold for
you and Small Business Server?

Read our Guide

Small  IT Support for Small BusinessesSecurity Solutions for Small Businesses
Business
ServicesEmail Hosting for Small BusinessesTelephony Solutions for Small Businesses


Advice, technology and support
for small businesses

Take a look at our services

DR-icon-colour

Business
As Usual?

 

Minimise interruptions to your business.

Disaster Recovery Services.

VoIP icon 60-60

Ring The Changes

 

Time to reduce your telephony costs!

VoIP Telephony Solutions

PCI Compliance Comes To the Cloud

In 2004 the PCI Security Stands Council first published the Payment Card Industry Data Security Standard (PCI DSS), which is a broad series of guidelines for the handling of payment card data. These have become adopted by organizations as a foundation for their security policies irrespective of whether they actually handled such data, but over time and with the growing adoption of cloud computing, the standards have become a bone of contention over whether they applied to this new technology.   The source of disagreement was mainly due to guidelines covering physical network segmentation, which could be argued would not apply to a cloud environment.

That has now changed with the release of the PCI DSS Cloud Computing Guidelines Information Supplement, which specifically covers the requirements for securing customer payment data and PCI DSS compliance for cloud users.

The new guidance will benefit enterprises using the cloud as well as service providers offering cloud services and anyone looking to adopt the technology within their organisation. The new guidelines succeed in clearly defining the shared responsibilities of both the cloud provider and the user, so anyone looking at the cloud can now benchmark service providers across a common standard - and receive a better assurance of the service they will receive. 

The released supplement follow on from the work undertaken two years ago by the Council's Virtualisation Group along with guidelines from other industry standards, and will now help with:

  • Cloud Definitions. The standards give an overview of common ways the cloud is deployed along with service models for cloud environments, with explanations in how implementations may vary according to type.
  • The Service Provider & Customer Relationship: A description of the roles of each party across different cloud models, with guidance on determining and documenting their responsibilities.
  • PCI DSS considerations. Guidance and models to help the reader determine responsibilities for each PCI DSS requirement, including segmentation and scoping considerations.
  • PCI DSS compliance challenges. A review of some of the challenges associated with validating PCI DSS compliance in a cloud environment.

In addition, the supplement includes appendices which address a number of PCI DSS requirements and implementation scenarios, including

  • Additional considerations to help determine PCI DSS responsibilities across different cloud service models
  • Example system inventory for cloud computing environments
  • A sample matrix to help service providers and administrators document the assignment of PCI DSS responsibilities across relevant parties
  • Self-help guide to determine how PCI DSS requirements can be met in particular cloud environments

Download the supplement

If you are considering the cloud as either a service from a third party or introducing it into your own infrastructure, then the supplement will help you understand the security requirements and ask questions to ensure you avoid potentially disastrous decisions that would impact your organisation.