Blogs

Understanding Regulatory Compliance: PCI DSS Cloud Computing Guidelines

PCI DSS compliant means complete ownership of the responsibility of the cardholder data (CHD). The client must still ensure they are using the service in a compliant manner, and is also ultimately responsible for the security of their CHD (irrespective of what cloud service they are using) and use of a PCI DSS compliant Cloud Service Provider (CSP) does not result in PCI DSS compliance for the clients.

Topics: PCI-DSS Compliance AWS cloud service provider PCI DSS cloud computing Technology

Understanding Regulatory Compliance in Amazon Web Services (AWS) cloud

The problem of regulatory PCI compliance in public cloud such as AWS applies more to small and medium size companies than enterprises. For example, if you are a Bank or financial institution then you can spend sizable sum on assessing yourself for PCI compliance and work with leading auditing firm to achieve the same. However it becomes challenging for small companies running payment applications or infrastructure on foundation services such as EC2 (Elastic Cloud Compute) and S3 (Simple Storage Service). AWS clearly states that you can get a completely PCI compliant infrastructure on EC2 and there are number of customers using AWS infrastructure services who are PCI/PA compliant. Security and compliance is a shared responsibility between AWS and service provider/customers.

Topics: amazon web services Data Security Standard AWS PCI Compliance PCI certification PCI DSS public cloud cloud computing Technology Payment Card Industry

Considerations for PA-DSS Compliant Solution Development - Part 1

Following are the considerations for the development and Implementation of software solutions in a PCI-DSS Compliant Environment. These should be treated as functional and/or quality requirements while developing PCI DSS Compliant solution.

Topics: PCI DSS Solution Development PA-DSS Compliant Technology

PCI Compliance Overview

PCI DSS version 2.0 must be adopted by all organizations with payment card data by 1 January 2011, and from 1 January 2012 all assessments must be against version 2.0 of the standard.

Topics: PCI Compliance PA-DSS PCI DSS Control Objectives Technology

e-Zest Solutions is digital experience engineering company with facilities in the United States (Detroit & San Jose), Germany (Hannover), United Kingdom (London UK) and India (Pune) with global clientele. Our services include custom software development, offshore software development, UX consulting, BigData, Managed cloud Services (Azure & AWS), SharePoint consulting/Migration, Enterprise Java application development, Automated software testing services.