Skip to content


PCI DSS Cloud Service Provider Compliance

Verizon has publicly shared some perspective on how they approach PCI DSS compliance as a cloud service provider:

But what does PCI DSS compliance by a cloud services provider actually mean and what value does this provide to an enterprise?

Cloud services providers, such as Verizon, which have obtained PCI DSS Level 1 compliance, must undergo extensive preparation, testing and assessment of their cloud environment to verify that it is built and operated in a manner that meets the security standards that enterprises require. Cloud services providers must undergo a third-party audit and, due to the nature of a cloud services provider’s environment, there is also the responsibility for day-to-day governance required to maintain its security posture and provide the necessary transparency to customers. In addition, achievement of PCI DSS compliance by a cloud services provider for its cloud infrastructure offers customers verification that the following will occur:

  • Annual penetration tests
  • Quarterly vulnerability scanning using an Approved Scanning Vendor
  • Architecture reviews validating environment isolation on a per customer basis
  • Virtual environment configuration reviews of hypervisor and virtual switches
  • Log collection and auditability
  • Authentication
  • Process and procedure definition and documentation

Posted in Security.


2 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

Continuing the Discussion

  1. The Cloud and the Hospitality Industry linked to this post on June 28, 2011

    [...] PCI DSS Cloud Service Provider Compliance (flyingpenguin.com) [...]

  2. Apigee Asks: Is Your API PCI Compliant? linked to this post on June 30, 2011

    [...] PCI DSS Cloud Service Provider Compliance (flyingpenguin.com) [...]



Some HTML is OK

or, reply to this post via trackback.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word