PCI DSS Cloud Computing Guidelines and Compliance
The Payment Card Industry Data Security Standards (PCI DSS) Cloud Computing Guidelines Information Supplement was published in an effort to extend the responsibility for securing credit card information to cloud computing providers. The supplement clearly defines the security responsibilities of the cloud provider and the cloud customer.
The PCI DSS Cloud Computing Guidelines Information Supplement was published in an effort to clarify what is required to protect customers' credit card information and support PCI DSS compliance in the cloud. It goes without saying that any business that conducts credit card transactions is obliged to comply with PCI DSS. But as businesses more and more contract hosted data centers — often cloud based storage centers — to warehouse their customers' information, the PCI Security Standards Council needed to explicitly extend compliance to these vendors as well.
According to the Payment Card Industry Security Standards Council, the responsibility of securing credit card information is shared by both the cloud service provider and its clients. However, the ultimate responsibility for PCI DSS compliance lies with the cloud customer who stores cardholder data with a third-party service provider. The supplement helps organizations with the following:
- Cloud overview. It explains different models of cloud services and how compliance implementation may vary within different types.
- Cloud provider and cloud customer roles and responsibilities. The supplement outlines different roles and responsibilities across different cloud models. It also provides guidance on determining and documenting responsibilities for cloud providers and their customers.
- PCI DSS considerations. The supplement provides guidance and examples to help determine responsibilities for specific PCI requirements.
- PCI DSS compliance challenges. The supplement describes some of the challenges with demonstrating and documenting PCI DSS compliance for cloud providers.
Find a Cloud Provider Who Is PCI DSS Compliant
Cloud computing service providers must meet the requirements of PCI DSS according to agreed upon guidelines between providers and their clients. But if there is a security breach, you can rest assured that the businesses conducting transactions via the cloud will suffer dire consequences, and not just of the legal variety. That's why it is important to choose cloud vendors whose software is designed to be PCI DSS compliant.
Even though SolarWinds MSP (formerly LOGICnow) is not required to comply with PCI DSS guidelines, it goes above and beyond, and is actually even more rigid than the guidelines. Sign up for a free 30-day trial today.