PCI-Compliant Cloud Reference Architecture by HyTrustWelcome, Guest      sign in | register | help

   Search for:        Advanced Search
Research Abstract
PCI-Compliant Cloud Reference Architecture
by HyTrust

> View this now

Published on: March 22, 2011
Type of content: WHITE PAPER
Format: Unknown
Length: 19 pages
Price: FREE


Payment Card Industry (PCI) Data Security Standard (DSS) defines a set of requirements to protect payment cardholder data, and the environments in which cardholder data is stored, processed, or transmitted. These requirements apply to all “system components”, with a system component defined as any network component, server, or application that is included in or connected to the Cardholder Data Environment (CDE). The challenge with the Data Security Standard (DSS) is that technology is constantly evolving and security and audit capabilities are built in after the initial foundation has been established.

In particular virtualized and cloud environments have some unique challenges, which include adequate segmentation, storage of cardholder data, access control, logging and alerting across all management activities, and use of the base platform layer (i.e. the hypervisor). PCI DSS Version 1.2.1 (the current effective standard) does not provide specific guidance to address the risks directly associated with virtual machines and cloud computing. It only empowers the PCI Qualified Security Assessors (QSAs) and vendors to work collaboratively to create a compliance approach to specific emerging technologies.

DSS will evolve to address technology and threat innovations, but likely will continue to remain vendor agnostic. This document is provided to give merchants, service providers, and assessors a basic framework and a practical implementation for building a PCI-compliant cloud. This document will evolve as DSS is updated, Special Interest Group (SIG) papers are published, and the PCI Security Standards Council Technical Working Group formally provides guidance on virtualization and cloud technologies.

Continue reading to learn more about how you can have a PCI-Compliant cloud reference architecture.

> View Company Report
> View all content by this company
> Return to Search Results

  The Complete KnowledgeStorm Network of Technology Search Sites. Focused searching for faster results.

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints

  TechTarget - The IT Media ROI Experts