Join the discussion with Andrew Hay, Chief Evangelist of CloudPassage and Dave Shackleford, Senior Vice President, Research and Chief Technology Officer of IANS.
In this presentation, we will discuss:
- How compliance is affected by using private, hybrid, and public cloud environments
- What to consider when researching providers who offer "PCI-compliant" clouds
- Recommendations for improving compliance and security posture in the cloud
Many organizations are looking to outsource systems, applications, and data into the cloudSome of these may fall under the helm of PCI complianceThere are lots of questions about this, but few answers to dateHow will compliance be affected with various cloud configurations?What should we look for in PCI-compliant providers?How can security be improved for cloud infrastructure?We’ll explore all these topics
Can you be PCI compliant in the cloud?Absolutely.Depends on the model and your architectureYou will likely need some different tools and processes.Not all providers are created equal!Be sure to check claims of compliance very carefullyLook for any additional audit data, as wellThere is no “silver bullet” – the responsibility is still yours.
Compliance concerns will vary depending on whether CSP is SaaS, PaaS, IaaSResponsibility and control levels differCSPs should be on the card brands’ “approved list” if at all possiblePCI Compliance shouldbe in contractDelineate which partsof the “stack” you areresponsible for