New guidelines eliminate PCI as a barrier to cloud adoption

PCI Security Standards Council guidelines for cloud providers are a step in the right direction for regulated businesses

You know a trend is picking up steam when the security standards bodies start issuing guidelines. So it's good news that the Payment Card Industry trade group, whose PCI Security Standards Council's standards dictate how most electronic payment transactions are handled, has come out with its guidelines for cloud security (PDF). In even better news, they're worth reading, with solid lessons for IT.

The document offers advice on the use of cloud computing technology, as well as guidelines for maintaining the critical PCI Data Security Standard (PCI DSS) controls in cloud environments.

[ For the full scoop on the state of the cloud in the enterprise, check out InfoWorld's Cloud Computing Deep Dive PDF special report. | Stay up on the cloud with InfoWorld's Cloud Computing Report newsletter. ]

Its objective are simple: explaining common deployment and service models for cloud environments and describing how PCI DSS security may be applied. It explores the emerging architectural and deployment patterns for the cloud, how PCI DSS should be implemented in those patterns, and how to discover and document responsibilities around the different types of cloud implementations, including the use of public cloud providers.

Of course, other security bodies also deal with the use of cloud computing, such as the Cloud Security Alliance. Most traditional security standards organizations have either published guidance around the use of cloud computing, as the PCI Security Standards Council has now done, or are looking to do so in the next few years.

What's important about all this work is that it removes some of the excuses for keeping cloud computing off the table at many enterprises, by allaying some of the uncertainty over compliance with existing security standards. Obviously, if the standards bodies publish guidance around the use of cloud computing providers and technology, IT systems should be able to work securely in the cloud.

This article, "New guidelines eliminate PCI as a barrier to cloud adoption," originally appeared at Read more of David Linthicum's Cloud Computing blog and track the latest developments in cloud computing at For the latest business technology news, follow on Twitter.

Copyright © 2013 IDG Communications, Inc.

How to choose a low-code development platform