Compliance is non-transferable, is the jist of the PCI SSC’s recent supplement on PCI cloud computing guidelines for merchants (e-commerce, retail, franchise and anyone that deals with credit cardholder data). Directly referencing merchants that work with cloud service providers (CSP’s), the supplement lists a number of challenges of working with CSPs, one being important enough to single out in standard 5.1: What does “I am PCI compliant” mean? Essentially, even if you contract with a cloud hosting provider that has …
The post Your Cloud Hosting Provider May Be PCI Compliant But That Doesn’t Mean You Are appeared first on Managed Data Center News.