Branden Williams, ISSA Fellow, CISSP, CISM; Dave Anderson, Voltage Security
Organizations outsourcing card data to the cloud face significant security risks. As soon as an organization adds other players to the offsite card-management mix, ensuring compliance with the PCI Data Security Standard becomes increasingly challenging. Cloud users and cloud service providers need to understand what their roles and responsibilities are when it comes to protecting this data. Storing, processing and transmitting cardholder data in the cloud brings the cloud environment into scope for PCI-DSS.
Organizations need to know where their data is at all times. A lot of cloud clients have limited or no control over cardholder data storage. Organizations should be concerned about collecting and correlating access logs and other information from cloud vendors to ensure they are maintaining security compliance. Where's the data being stored? Is it stored in multiple locations? These are all things that you have to take into consideration when you're thinking about outsourcing to a cloud provider. Join this webcast as we address the compliance challanges in the cloud, and gain new insights on:
- Emerging PCI security risks in the cloud
- Understand the role of cloud entities
- Processes for assessing risk when card data could potentially be stored in multiple locations
- Structuring planning controls to deal with PCI DSS changes
- Recommendations for achieving PCI compliance across virtual environments