Understanding PCI Compliance for the Cloud

    Regulatory compliance is an important aspect of cloud computing, and this more true than elsewhere in the case of businesses that interact with card payments. Given the sensitive nature of transactions, certain security standards have been evolved by Payment Card Industry (PCI), and need to be woven into your cloud architecture.

    This should seem straightforward, but problems begin to emerge as we get closer to implementing these regulations.

    Not clear guidelines

    The first problem is that PCI has not issued concrete guidelines regarding the standard. That leaves enterprises on their own to prove that they are PCI-compliant, which naturally, has given rise to a certain state of confusion. The industry is working on the problem, however, and a special interest group has been created to study the backdrop and come up with recommendations. Until that happens, vendors and enterprises alike will have to set up their own standards.

    Security challenges

    The cloud poses unique security challenges for organizations. The system is distributed across a wide network, and does not come under the categorization of what was traditionally called the enterprise network. This means that segmenting and intrusion-prevention systems like firewalls and routers are not able to work that effectively anymore. Another problem is that of cloud bursting, which means businesses can’t exercise the same level of control for their applications and data. And while some companies have started implementing host-based controls, these are not yet fully backed by regulators, which may cause some disruption in future.

    If you are a business processing, storing or interacting with card payments data, make sure you have a clear strategy on PCI regulations.

    Latest Trends, Cloud Technology & ERP, Others

    Admin Kripaa

    Written by Admin Kripaa

    Related posts

    Subscribe to our Blog

    FOLLOW US

    Like Us

    ARCHIVES