PCI Compliance in the Cloud

Peter : On Rad's Radar?
| Peter Radizeski of RAD-INFO, Inc. talking telecom, Cloud, VoIP, CLEC, and The Channel.

PCI Compliance in the Cloud

On this blog, the author posts a reply from Amazon about the level of PCI Security of EC2 and Amazone Web Services. 

As for PCI level 2 compliance, that requires external scanning via a 3rd party, PCI-approved vendor. It is possible for you to build a PCI level 2 compliant app in our AWS cloud using EC2 and S3, but you cannot achieve level 1 compliance. And you have to provide the appropriate encryption mechanisms and key management processes.

What strikes me as funny is that PCI Compliance is confusing enough without adding the cloud to it. Also, data security is almost a misnomer with the number of breaches that professional cyber-criminals perpetrate almost weekly. Cloud or no cloud, security is breached. 

I guess its like spam: we'll always have it. And unlike PGP encryption: hardly used at all.

Related Articles to 'PCI Compliance in the Cloud'
Feedback for PCI Compliance in the Cloud

1 Comment

What some companies are doing now is proactively offering to pay for data breach fines should (when) a breach occur. Heartland and Mercury Systems just announced it in Security Management. Other companies are putting a breach mitigation plan in place before a breach occurs so they can quickly respond.

Featured Events