The PCI Security Standardscouncil is an open global firm that is responsible for the development,
management, education, and an awareness of the PCI Data Security Standard (PCI
DS) and other standards that increase payment data security. It has issued PCI
DSS Cloud Computing Guidelines that govern payment transactions in cloud
environments.
Cloud computing is a form of
distributed computing that is yet to be standardized. There are number of
factors to be considered when migrating to cloud services, and organizations
need to clearly understand their needs before they can determine if and how
they will be met by a particular solution or provider. As cloud computing is
still an evolving technology, evaluations of risks and benefits may change as
the technology becomes more established and its implications become better
understood.
Cloud security is a shared responsibility between the cloud service
provider (CSP) and its clients. If payment card data stored, processed or
transmitted in a cloud environment, PCI DSS will apply to that environment, and
will typically involve validation of both the CSP’s infrastructure and the
client’s usage of that environment. The allocation of responsibility between
client and the provider for managing security controls does not exempt a client
from the responsibility of ensuring that their cardholder data is properly
secured according to applicable PCD DSS requirements.
PCI DSS Cloud Computing Guidelines provides guidance on the
use of cloud technologies and considerations for maintaining PCI DSS controls
in cloud environment. This guidance builds on that provided in the PCI DSS
Virtualization Guidelines and is intended for organizations using , or thinking
of using, providing , or assessing cloud technologies as part of a cardholder
data environment ( CDE)
0 Comments:
Post a Comment