ClubEnsayos.com - Ensayos de Calidad, Tareas y Monografias
Buscar

Information Supplement: PCI DSS Cloud Computing Guidelines


Enviado por   •  19 de Noviembre de 2014  •  378 Palabras (2 Páginas)  •  157 Visitas

Página 1 de 2

1 Executive Summary

Cloud computing is a form of distributed computing that is yet to be standardized1. There are a number of

factors to be considered when migrating to cloud services, and organizations need to clearly understand their

needs before they can determine if and how they will be met by a particular solution or provider. As cloud

computing is still an evolving technology, evaluations of risks and benefits may change as the technology

becomes more established and its implications become better understood.

Cloud security is a shared responsibility between the cloud service provider (CSP) and its clients. If payment

card data is stored, processed or transmitted in a cloud environment, PCI DSS will apply to that environment,

and will typically involve validation of both the CSP’s infrastructure and the client’s usage of that environment.

The allocation of responsibility between client and provider for managing security controls does not exempt a

client from the responsibly of ensuring that their cardholder data is properly secured according to applicable

PCI DSS requirements.

It’s important to note that all cloud services are not created equal. Clear policies and procedures should be

agreed between client and cloud provider for all security requirements, and responsibilities for operation,

management and reporting should be clearly defined and understood for each requirement.

1.1 Intended Use

This document provides guidance on the use of cloud technologies and considerations for maintaining PCI

DSS controls in cloud environments. This guidance builds on that provided in the PCI DSS Virtualization

Guidelines and is intended for organizations using, or thinking of using, providing, or assessing cloud

technologies as part of a cardholder data environment (CDE).

This document is structured as follows:

 Executive Summary – Includes a brief summary of some key points and provides context for the

remainder of the document.

 Cloud Overview – Describes the deployment and service models discussed throughout this document.

 Cloud

...

Descargar como (para miembros actualizados)  txt (3 Kb)  
Leer 1 página más »
Leer documento completo Guardar
Disponible sólo en Clubensayos.com