Wednesday, July 11, 2012

PCI and the Cloud

Robert Westervelt, News Director of Cloud Security, has an excellent in-depth interview with Diana Kelley, a partner at Amherst, N.H.-based consultancy SecurityCurve on the impact of Cloud Computing on PCI compliance, discussing in part how the PCI Data Security Standards (on a three-year update/approval schedule) are struggling to keep up with fast-evolving technologies.

Things are complicated enough when SaaS providers offer gateway services for things like tokenization and encryption, but these are relatively straightforward compared to "custom payment software such as a Platform as a Service (PaaS) or Infrastructure as a Service (IaaS), where the responsibilities [of the provider] change a little bit," to say the least!

I highly recommend Westervelt's succinct, insightful article.

No comments:

Web Analytics