Follow us on
Connect
Advertisement
 

Storing and Transferring Data in the Cloud (Securely): Myth or Reality?

March 25, 2014 By Steve Hess
2
Get the Flash Player to see this rotator.
 
For many companies that store or process payment card data, the search for a safe and secure way to store and transfer customer information in the cloud has led to a degree of what I refer to as "cautious" confidence. While they identify solutions or strategies that help them feel better in the short term, they're left with a feeling of overall dread as they anxiously await word of the next data breach, not so secretly rooting for it to be somebody else.  

The road to PCI compliance with secure payment card data in the cloud can seem long and daunting, but the good news is that it's possible. It's not to be taken lightly or done without significant planning, however. I've identified four actions that are critical to make this a reality for retailers in today's data-centric, threat-driven world. Remember, every business should look at their own needs and balance them against security and compliance requirements, so this should be considered a starting point.

1. Understand the difference between PCI compliance and certification. It may sound obvious, but this is one of the biggest — and most important — things businesses must understand in order to protect themselves and their customers:         

  • PCI compliance is a self-assessment that can be reviewed and confirmed by an audit. This status is claimed by almost every financial services company. Even some companies not in the industry use this as a benchmark.
  • PCI certification is the time- and resource-intensive third-party assessment that must be reviewed and confirmed by an audit. Traditionally, this was only relevant for level-one service providers (i.e., the big-time players).

While annual PCI certification is a top priority for many companies (taking up valuable time and resources), it's important that an IT team remain vigilant in PCI compliance throughout the year.

2. Get the business involved. Compliance isn't just a technology problem (even though some think it is); the reality is that compliance is comprehensive across the business. For example, it's necessary to educate and train staff across departments and write policy documents. When it comes time to achieve and demonstrate compliance, evidence of these things will be a requirement. Without rigorous processes in place, doing so is nearly impossible.

 
2

COMMENTS

Click here to leave a comment...
Comment *
Most Recent Comments:

SUBSCRIBE TO ROI Report

Receive our FREE Weekly
e-newsletter:
     Privacy Policy
 

RETAIL ONLINE INTEGRATION MAGAZINE:

Get Your FREE Subscription to Retail Online Integration:
September/October 2014
     Privacy Policy