If you are using cloud computing, some major news just came out. PCI released the DSS Guidelines for Cloud Computing on Feb 7th. This is really important because the new document provides “guidance on the use of cloud technologies and considerations for maintaining PCI DSS controls in cloud environments.” While it’s meant for organizations already using (or planning to use) cloud as part of a cardholder data environment (CDE), it applies to nearly every cloud user, as the PCI DSS cloud guidance is sure to influence cloud security standards even for non-CDE environments.
The guidance includes responsibilities for cloud service providers and for cloud users, but – as with existing PCI standards – the ultimate responsibility for compliance with PCI DSS is on the manager of the cardholder data environment. Whether or not you use cloud, you’re still on the hook for ultimately being compliant. The bottom line is that if you are or are planning to leverage the cloud, then you need to understand the implications of this new guidance, especially when PCI compliance is relevant to you.
PCI Cardholder Data Environments tend to be run on IaaS, so we’ll be hosting a webinar with experts from Amazon Web Services and Accuvant to review the Guidelines and help decode what you need to focus on in the new guidance and identify some best practices to address it.
To ensure you get the full picture, especially in leveraging Amazon Web Services and PCI DSS, Amazon Web Services will detail their PCI compliance and Trend Micro will discuss remaining actions you need to take using best practice examples.
Leveraging its seven-plus years as a leading Qualified PCI Security Assessment company, Accuvant will help participants understand these Guidelines in the context of an overall PCI Compliance program.