Dave Asprey, Sr. Director Cloud Security
Big Cloud Security News
If you are using cloud computing, some major news just came out. PCI released the DSS Guidelines for Cloud Computing on Feb 7th. This is really important because the new document provides “guidance on the use of cloud technologies and considerations for maintaining PCI DSS controls in cloud environments.” While it’s meant for organizations already using (or planning to use) cloud as part of a cardholder data environment (CDE), it applies to nearly every cloud user, as the PCI DSS cloud guidance is sure to influence cloud security standards even for non-CDE environments.
Why you should care?
The guidance includes responsibilities for cloud service providers and for cloud users, but – as with existing PCI standards – the ultimate responsibility for compliance with PCI DSS is on the manager of the cardholder data environment. Whether or not you use cloud, you’re still on the hook for ultimately being compliant. The bottom line is that if you are or are planning to leverage the cloud, then you need to understand the implications of this new guidance, especially when PCI compliance is relevant to you.
Want to learn more?
Be sure to come to Trend Micro’s breakout at Cloud Summit by Harish Agastya, Global Director of Datacenter Security, on Tuesday, April 9th at 1pm in the Grand Canyon 9 ballroom.
Trend Micro also hosted a webinar with experts from Amazon Web Services and Accuvant to review the Guidelines and help decode what you need to focus on in the new guidance and identify some best practices to address it. Check it out here: http://www.trendmicro.com/cloudpci?s=cloud.trendmicro.com