Robert Westervelt, News Director of Cloud Security, has an excellent in-depth interview with Diana Kelley, a partner at Amherst, N.H.-based consultancy SecurityCurve on the impact of Cloud Computing on PCI compliance, discussing in part how the PCI Data Security Standards (on a three-year update/approval schedule) are struggling to keep up with fast-evolving technologies.
Things are complicated enough when SaaS providers offer gateway services for things like tokenization and encryption, but these are relatively straightforward compared to "custom payment software such as a Platform as a Service (PaaS) or Infrastructure as a Service (IaaS), where the responsibilities [of the provider] change a little bit," to say the least!
I highly recommend Westervelt's succinct, insightful article.
Wednesday, July 11, 2012
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment