Compliance in the Cloud: five years of growing complexities
Widespread multicloud adoption is on the horizon, which is no surprise considering the enormous pressure organisations face to continually push for improved flexibility, scalability and access to IT resources and the latest technologies. While multicloud can solve many business challenges, it does present new challenges regarding how to control and manage security in an increasingly complex infrastructure.
Non-compliance to PCI DSS is an existential risk and should never be handled as a shared responsibility, even when using a single cloud provider who has all the relevant certification in place to prove compliance within their domain.
Control and management of PCI DSS compliance needs to be adaptable, flexible and seamless as business drivers will dynamically re-size the security perimeters and evolve the risks associated to business-critical applications.
Compliance in the cloud is a serious concern and has recently prompted the PCI Security Standards Council (PCI SSC) to issue a revised version of the Cloud Compliance guidelines, five years after the last version was published. A lot has changed in the world of cloud computing in that time, so it’s no surprise to see that more than 30 additional pages have been included in the latest guidelines, with Section 6.4 providing new guidance on Vulnerability Management.
Section 5 makes a significant statement on the challenges of PCI DSS compliance, stating:
“The distributed architectures of cloud environments add layers of technology and complexity that challenge traditional assessment methods. As a result, it may be particularly challenging to validate PCI DSS compliance in a distributed, dynamic infrastructure….”
Looking ahead, as organisations consider or are undertaking adoption to a multicloud strategy, it’s important to think about the services and tools needed that will keep security policies consistent across all cloud providers.
At this year’s PCI London event, Infradata has joined forces with F5 Networks, industry leaders in Application Security, to discuss how organisations can maintain consistent security policies to ensure PCI DSS compliance in an evolving cloud security environment.
To read the full PCI Cloud Computing Guidelines, click here.