Quantcast
Risk Management

PCI Council Aims to Clear Up Cloud Security for Merchants

Print
Email
Reprints
Twitter
LinkedIn
Facebook
Google+

Merchants shouldn't have their heads in the clouds when it comes to data security especially when they rely on cloud computing to handle payment card data.

The Payment Card Industry Security Standards Council on Feb. 7 issued a guideline supplement for cloud computing. The document is meant to help businesses choose various products and PCI certified third-party cloud providers, the council states in a press release.

The council's cloud special interest group conducted the research behind the supplement at the urging of PCI participating organizations.

A major strength of cloud computing, or computing services provided from off-site servers, is its "shared-responsibility" model, Chris Benton, a contributor to the cloud special interest group, states in the release.

"One of this supplement's greatest achievements is that it clearly defines the security responsibilities of the cloud provider and the cloud customer," says Benton, director of security for CloudPassage.

In addition to clarifying responsibilities, the supplement also provides merchants with an overview of the cloud and its various service models, and outlines PCI requirements and challenges in achieving those in a cloud environment.

SEE MORE IN

RELATED TAGS

Email Newsletters

Get the Payments Update and the Morning Scan when you sign up for a free trial.

Already a subscriber? Log in here
Please note you must now log in with your email address and password.