Cloud Computing , Compliance , Technology

Challenges with PCI-DSS Compliance and Security for the Cloud
Challenges with PCI-DSS Compliance and Security for the Cloud

PCI-DSS compliance has long been a top challenge for financial organizations and their merchant customers. Between understanding what needs to change in order to become PCI compliant, and the complexity of the standard itself, achieving PCI-DSS compliance can have a significant impact on an IT budget.

See Also: Tackling Cloud Infrastructure Security: Merits of the New Model

Financial institutions are rapidly adopting new technologies, such as cloud computing and virtualization to cut costs, however they end up sacrificing visibility, security controls, data protection standards and compliance requirements in the push to gain the solution benefits.

Register for this session to learn:

  • All about the PCI-DSS requirements for adoption of security and virtualization technology;
  • Exactly how these requirements apply to financial services organizations.

Background

In June 2011, the PCI Security Standards Council released its PCI DSS Virtualization Guidelines Information Supplement, which offers guidance to merchants, financial institutions and other organizations. As these entities virtualize systems and services, they need to ensure those systems and services comply with payment-card protections outlined within the Payment Card Industry Data Security Standard.

The supplement, drafted by the council's Virtualization Special Interest Group, touches on a number of gray areas, including the different classes of virtualization, how virtualization and cloud computing differ and how mixed mode virtual environments should be implemented under the PCI umbrella.

Specifically, the supplement addresses four principles associated with the use of virtualization in cardholder data environments:

  • If virtualization technologies are used in a cardholder data environment, PCI DSS requirements must be applied;
  • Virtualization technology introduces new risks that may not be relevant to other technologies;
  • Implementations of virtual technologies can vary greatly, and organizations must perform thorough discoveries to identify and document unique characteristics of their virtualized implementations, including all interactions with payment transaction processes and payment card data;
  • Specific controls and procedures will vary for each environment, according to how virtualization is used and implemented.

Attend this session to learn from industry experts exactly how these principles apply to financial institutions.



Around the Network