Merchants shouldn't have their heads in the clouds when it comes to data security — especially when they rely on cloud computing to handle payment card data.
The Payment Card Industry Security Standards Council on Feb. 7 issued a guideline supplement for cloud computing. The document is meant to help businesses choose various products and PCI certified third-party cloud providers, the council states in a press release.
The council's cloud special interest group conducted the research behind the supplement at the urging of PCI participating organizations.
A major strength of cloud computing, or computing services provided from off-site servers, is its "shared-responsibility" model, Chris Benton, a contributor to the cloud special interest group, states in the release.
"One of this supplement's greatest achievements is that it clearly defines the security responsibilities of the cloud provider and the cloud customer," says Benton, director of security for CloudPassage.
In addition to clarifying responsibilities, the supplement also provides merchants with an overview of the cloud and its various service models, and outlines PCI requirements and challenges in achieving those in a cloud environment.