An often heard phrase in the business world is “The trend is your friend”, a simple lesson learned that there is more opportunity when you go with the flow, rather than fight the current of change. In the retail payments space, however, PCI compliance has been anything but a friend to the vast majority of participants, soaking up available resources to combat fraud when growing the business is supposed to be the primary objective. But PCI compliance recently joined up with another prevailing trend, Cloud Computing, and the race is on as this combined effort sweeps the conferencing and webinar market.
What exactly is the Cloud Computing trend?
For the past few decades, the fastest growing cost sector of nearly all businesses has been the IT department and its related gear and software. Major capital commitments over lengthy periods were required for both hardware and software, not to mention the masses of personnel needed to maintain and enhance these development and operating arenas. Then the Internet came along and raised the IT bar even higher. What has been the major trend over the last ten years to reduce these costs – Cloud Computing.
Cloud Computing is a euphemism for many types of outsourcing models designed to reduce costs related to infrastructure, operating platforms, software, networks or you name it in the realm of IT-dom. What started more or less as a shared network of servers has grown leaps and bounds to include hosted solutions and all manner of software applications, designed to take away the risk of redundancy, hardware and software maintenance planning, and those highly qualified professional programmers that are hard to come by, except at high prices.
According to the Gartner organization, the market for cloud services will grow 18.5% to over $131 billion worldwide in 2013. Ed Anderson, a research director with Gartner, recently noted in their latest forecast, “The continued growth of the cloud services market will result from the adoption of cloud services for production systems and workloads, in addition to the development and testing scenarios that have led as the most prominent use case for public cloud services to date.” This sector of the software and data processing market has continually grown in the 15% to 35% range for the past five years, compared to a meager few percentage points over GDP growth for the total IT services market.
How has PCI DSS attached itself to this ongoing major Cloud Computing trend?
This past February, the PCI Security Standards Council published its guidelines for PCI DSS compliance within a cloud environment. As one might suspect, interfacing complex cryptographic compliance standards with the wave of changes in hosted server environments has suffered from a state of confusion for years.
Chris Brenton, a director of security for cloud server security platform provider CloudPassage, remarked recently, “It used to be that you’d get two QSAs (Qualified Security Assessors) in a room and even they would disagree about whether you could be PCI compliant in the cloud. Because there was no guidance and because some of PCI DSS was open to interpretation, you could get conflicting opinions.”
The guidelines, along with helpful appendices that address specific PCI DSS requirements and implementation scenarios, cover five broad topics:
1) Cloud Overview
2) Cloud Provider/Cloud Customer Relationships
3) PCI DSS Considerations
4) PCI DSS Compliance Challenges
5) Additional Security Considerations
Small business awareness of the benefits of Cloud Growing continues to grow, and the rush to outsource complex encryption protocols and the warehousing of sensitive consumer data is now gaining momentum, too, now that PCI guidelines have been published.
Processingfinder.com writes about the PCI industry and everything a vendor or consumer needs to know about the merchant side of credit card processing. Visit them to learn more.