The fifth annual cloud conference and awards December 11, 2014 - San Francisco
Optimizing Enterprise Cloud Strategy<

Yes, You Can Be PCI Compliant Using a Public Iaas Cloud – A Case Study


Date: December 12th 2012
Time: 04:45pm PST
Location: Room J


Protecting a client’s personal data will always be the MOST important element of trust between a company and its customers. That trust is especially paramount for companies processing payments online. But adhering to the requirements of the Payment Card Industry Data Security Standard (PCI DSS) in a cloud-computing environment can be particularly challenging. In fact, insecurities about compliance in the cloud have been a major roadblock to cloud adoption.

This session will explain how it IS possible to marry payment applications and PCI compliance in the cloud, by detailing exactly how RightScale achieved compliance in a public IaaS cloud.Phil Cox, Director of Security and Compliance for RightScale and Rand Wacker, VP of Product at CloudPassage will combine to outline the steps organizations can take to manage and maintain compliance when making the transition to the cloud. They’ll discuss foundational principles and mindsets, outline each PCI Data Security Standard (DSS) requirement and give a first-hand account of how compliance was achieved at RightScale.

More specifically, attendees will learn:

  • How to set the foundation for PCI compliance, including environment guidelines -The specific criteria for choosing an IaaS Cloud Service Provider (CSP)
  • Best practices for application design
  • Why a risk assessment prior to moving to the cloud can be the difference between success and failure-The division of responsibility between the service provider and merchant


Philip Cox , Director of Security & Compliance , RightScale
Philip Cox, is Director of Security and Compliance for RightScale, where he focuses on cloud computing security. Prior to that he was a director at SystemExperts, a security and compliance consulting firm. He is a well-known authority in the areas of systems integration and security, and is an active contributor to multiple Cloud Security Alliance initiatives, as well as to Payment Card Industry (PCI) cloud and risk groups. He frequently writes and lectures on information security and compliance issues faced by organizations. He has written several books in the area of Windows and network security, and was technical editor of two "Hacking Exposed" editions and "Building Internet Firewalls."
Fifth Annual Event