Yes, You Can Be PCI Compliant Using a Public Iaas Cloud – A Case Study
Protecting a client’s personal data will always be the MOST important element of trust between a company and its customers. That trust is especially paramount for companies processing payments online. But adhering to the requirements of the Payment Card Industry Data Security Standard (PCI DSS) in a cloud-computing environment can be particularly challenging. In fact, insecurities about compliance in the cloud have been a major roadblock to cloud adoption.
This session will explain how it IS possible to marry payment applications and PCI compliance in the cloud, by detailing exactly how RightScale achieved compliance in a public IaaS cloud.Phil Cox, Director of Security and Compliance for RightScale and Rand Wacker, VP of Product at CloudPassage will combine to outline the steps organizations can take to manage and maintain compliance when making the transition to the cloud. They’ll discuss foundational principles and mindsets, outline each PCI Data Security Standard (DSS) requirement and give a first-hand account of how compliance was achieved at RightScale.
More specifically, attendees will learn:
- How to set the foundation for PCI compliance, including environment guidelines -The specific criteria for choosing an IaaS Cloud Service Provider (CSP)
- Best practices for application design
- Why a risk assessment prior to moving to the cloud can be the difference between success and failure-The division of responsibility between the service provider and merchant