Pay it Forward: Cloud Computing Use Rising in Payment Card Industry
February 23, 2013
Industries that require significant amounts of data compliance and regulation to effectively function–for example the payment card industry (PCI) or health care–have been notoriously slow to adopt cloud computing in any form. A new guideline released by the PCI Security Standards Council, however, wants to change that by providing a set of compliance standards applicable in the cloud.
Making the Transition
According to Chris Brenton, contributor to the PCI Special Interest Group and quoted in a recent CIO article, "the original PCI DSS [data security standard] was written for a physical network." As a result, some of its guidelines didn’t apply to the cloud, leading to confusion on the part of Qualified Security Assessors (QSAs) about how best to be cloud-compliant. Brenton says the new PCI DSS Cloud Computing Guidelines Information Supplement lets "you get two QSAs in a room and they’ll actually agree on what they’re saying."…
By leveraging the cloud, merchants and third-party payment providers enjoy not only faster transactions, but benefit from an environment of "shared responsibility." The PCI standard aims to clarify exactly where these responsibilities lie for both cloud vendor and cloud customer, helping to ensure client data is never misused. But even this guidance can’t fully eliminate cloud risks, despite providing an "excellent road map." Nonetheless, payment options are increasingly heading to the cloud–especially those attached to mobile devices–and relying on the PCI standard as a solid compliance foundation….
Read more from the source @ http://midsizeinsider.com/en-us/article/pay-it-forward-cloud-computing-use-risi