Since the start of the cloud computing revolution , security has always and most probably will continue to be one of the most crucial yet hard to attain and maintain aspects of the whole movement. To maintain the integrity of online data storage and transactions, there are sets of general guidelines that have been put in place by different organizations to serve as a benchmark for the development and deployment of cloud computing systems.
The latest to add to this helpful list is CipherCloud , a reputable member in cloud information protection. CipherCloud has revealed five steps aimed towards realizing PCI DSS compliance in the cloud. These guidelines sort of simplify and work in conjunction with the newly released PCI Council’s guidelines for organizations dealing with delicate data like cardholder information to ensure that nothing lands into the wrong hands during transit and while in storage.
While the PCI Security Standards Council (PCI SSC) vouches for joint efforts between customers and service providers, CipherCloud gives the actual actionable steps that lead to the implementation of the PCI SSC suggestions.
The steps CipherCloud outlines in its suggested guidelines cover cloud encryption of cardholder data, customer retention of encryption key control, key management, complete data sovereignty with legal compliance and restricting access to cardholder data on a need-to-know basis.
VIDEO
With the whole report expounding on how each of the above steps should be handled, it is a clear indicator that the client is wrong in assuming that service providers will take care of all the security needs of the stored data. It also emphasizes on PCI SSC suggestion, which calls for both the client and service provider to work hand-in-hand in data security management.
CipherCloud has therefore provided a solution to organizations that avoid cloud computing due to a lack of knowledge on what is required to stay safe. By splitting down the number of options cloud customers have in securing critical cardholder data (either by encrypting it before uploading or retaining it on on-premise data centers), CipherCloud offers customers simple applicable solutions to helping their service providers impose security on data.
These guidelines are timely saviors to firms that are either struggling to plug a mess created by insecure cloud computing approaches or giving those who stay away from the cloud a reason to jump onto the bandwagon. It is more of a systematic guide to implementing the ideas proposed by PCI SSC.
Edited by
Allison Boccamazzo