17th – 18th May, 2017
PERHAPS THE LARGEST point of confusion with regards to the Payment Card Industry Data Security Standard (PCI DSS) and cloud computing is the question of upon whose shoulders does compliance fall and till what level?
In 2015-16, several cloud providers began asserting that their clouds were validated as PCI DSS compliant. That’s all well and good, but unfortunately this validation does not trickle down to the providers’ customers who deploy servers within the provider’s infrastructure. If your organization wants to migrate PCI DSS in-scope systems to public cloud, there are several things to consider. When a cloud service provider says it’s been validated as PCI DSS compliant, what does that mean for the enterprise customer? According to security experts, organizations shouldn’t expect a PCI-validated cloud provider to relieve them of their PCI obligations. To be PCI DSS compliant, tenants still have PCI obligations.
The points were covered during the session.
1. Various models of Cloud offerings available in the industry. What could be the best possible option for you.
2. Understanding the difference between what a Cloud Provider promises and what you can actually expect.
3. SLA requirements
4. Audit points for a PCI Cloud