PCI in the cloud doesn't have to frighten

PCI in the cloud doesn't have to frighten

Cloud computing's popularity has been on the rise during the last couple years, and eCommerce is one of the many industries that has used the technology to enhance operations. According to OneStopClick, eCommerce businesses that adopt cloud solutions should still follow PCI compliance.  These companies also need to make sure they they have high assurance SSL certificates to keep customers and data safe.

The website quotes Ed Boyle, a Savvis strategist, who said merchants can't pass responsibility to cloud providers and must make sure they take security precautions themselves. He said it doesn't have to be a "scary proposition," as most companies have validated tokenization systems and follow PCI DSS themselves.

Even if a cloud provider is validated as working within PCI compliance, Michael Dahn, director of threat and vulnerability management at PricewaterhouseCoopers, said the merchant is responsible for the data stored in the cloud, especially the credit card data stored in these platforms.

"Because PCI DSS requirements, particularly those related to log management, are so prescriptive, organizations that must comply with PCI DSS and its log management requirements must do careful planning when using a cloud service," TechTarget reported. "Vendors may not have addressed the requirements fully and/or customer-implemented controls may not be successful in a cloud computing environment."