Cloud Guidance issued by PCI Council

Advising on Cloud Computing

February 7th 2013 saw The Payment Card Industry (PCI) Cloud Special Interest Group release a set of best practices and guidelines to cloud security guidance, entitled ‘PCI DSS Cloud Computing Guidelines Information Supplement’  (view press release).

General manager of the Payment Card Industry Security Standards Council, Bob Russo, commented on the guidelines in an interview with BankInfoSecurity, and emphasised the fact that businesses must understand where card data is stored at all times, and apply the guidance to their overall PCI compliance strategies.

Explaining further, Russo says, “Cloud is a shared responsibility. Outsourcing the management of these security controls really doesn’t equate to outsourcing your responsibility to be PCI-DSS compliant. Cloud services are not all created equally, so you need to understand what PCI-compliant cloud service really means.”

Related reading

Leave a comment