CloudPassage, a cloud infrastructure security provider, is offering to address Payment Card Industry security standard compliance for cloud-based businesses.
"It's more difficult to attain compliance in the cloud," says Justin Clark, systems operations manager at Spindle Inc., a mobile commerce provider. Spindle has been working with CloudPassage for about six months.
"One big sticky point is licensing," says Clark. "We were paying several thousand dollars for a license that was tied to one server which defeats a lot of the automation processes we use."
Businesses like Spindle have multiple servers connecting to the cloud intermittently.
Cloud-based businesses can use CloudPassage's PCI certification with Halo, a security and compliance automation platform. The service automates compliance requirements such as building and maintaining a secure network, protecting cardholder data, regularly monitoring and testing networks, implementing access controls and maintaining a vulnerability management program.
This process is designed to save time during PCI audits, and to streamline costs. CloudPassage charges an hourly rate, which it presents to users as a monthly rate based on 730 hours of use per server. Since customers pay by the hour, they can manage their costs by switching on and off additional capacity as needed.
"When [cloud] popped up there were a lot of use cases around payments, mobile and e-commerce," says Carson Sweet, co-founder and CEO of San Francisco-based CloudPassage. "We wanted to help companies use the cloud while still passing their audits."
About half of CloudPassage's customers are software providers, moving from traditional vendors to software as a service-type businesses, which means they have data to protect, says Sweet. About 30% of its customers are processors, and CloudPassage also works with financial institutions, online media and gaming companies, he says.
CloudPassage has raised more than $25 million since it started three years ago, Sweet says.