Presentation is loading. Please wait.

Presentation is loading. Please wait.

PCI and the Cloud Paul Court - Technical Operations Director - Claranet UK Payment and Fraud Conference - 11th February 2010.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "PCI and the Cloud Paul Court - Technical Operations Director - Claranet UK Payment and Fraud Conference - 11th February 2010."— Presentation transcript:

1 PCI and the Cloud Paul Court - Technical Operations Director - Claranet UK Payment and Fraud Conference - 11th February 2010

2 A technically astute partner offering Networks, Hosting and Managed Applications Services An experienced company with 36,000 business customers 550 employees spread across 7 countries A Managed Services Provider Who are we?

3 Hosting, Challenges for a new era PCI and the Cloud

4 “Cloud Will save you Money” “Virtualise your estate and Save!” “Cloud is the future of Services Computing” “Unrestricted Cloud Computing – All you Can Eat” “The future is Virtualisation!!!” The Hype

5 Overview of the Differing Systems PCI and the Cloud

6 The Standard Server Model

7 Virtualising a Server Optimise Consolidate Traditional server can only support a single Operating System and Application A server running a Hypervisor can support multiple Operating Systems, each supporting a different application

8 Fault Tolerance The Virtualised Server Model

9 The Cloud Services Model

10 What are the Risks ? PCI and the Cloud

11 Data Security Risk Assessment Virtualisation Model Model Standard Cloud LOW RISK HIGH RISK

12 Compliance vs PCI Standard

13 What do the QSA’s Say ? PCI and the Cloud

14 QSA’s Interviewed on Cloud “it’s so left field we would have to charge a consultancy to even give an opinion on it”

15 QSA’s Interviewed on Virtualisation “There is some debate on the Virtualisation in the PCI arena, however, in our opinion, it is an acceptable solution if done correctly. These Virtual servers will be treated as any other servers and will follow the required guidelines as they are in the PCI DSS standard. “

16 Is it possible to run Virtual services? PCI and the Cloud

17 Going Forward There is talk about including some requirements for Virtual servers in later releases of the PCI DSS standard. The PCI sub-committee is yet to return any guidance on Virtual services. “The one thing that is not acceptable from a PCI stand point in a virtualised environment are virtualised firewalls” “At this point, Cloud is not deemed acceptable in any shape or form”

18 Our Solution Private Cloud Database Virtual Servers Physical Firewall

19 What do I need to know / ask ? PCI and the Cloud

20 Have a Published Technology Strategy You need an opinion as your peers will want to know your strategy – not addressing cloud and virtualisation head-on is dangerous. Publish a strategy and enforce it internally Make sure all stake holders know the risks as well as the rewards.

21 Lookout for Shadow IT Shadow IT is a term often used to describe IT systems and IT solutions built and used inside organisations without organisational approval or without organisational understanding of the risks. See previous point..

22 Ask your vendors If your vendors can’t give you their opinion or strategy in relation to virtualisation, PCI and Fraud Prevention, should they be your vendors ?

23 Conclusions PCI and the Cloud

24 Conclusions Cloud computing is very good for sites that don’t require regulatory approval (although DPA should be considered) Virtualisation Can be used but under strict guidelines and with PCI in mind from the design phase. Not one of the QSA’s interviewed would certify a system based on a Cloud computing platform Virtualisation is PCI compliant as long as it’s not a generic “V service” but is part of a managed solution

25 Cloud Overview

26 Any questions?

Download ppt "PCI and the Cloud Paul Court - Technical Operations Director - Claranet UK Payment and Fraud Conference - 11th February 2010."

Similar presentations

1 Dell World 2014 Dell & Trend Micro Boost VM Density with AV Designed for VDI TJ Lamphier, Sr. Director Trend Micro & Aaron Brace, Solution Architect.

1 Dell World 2014 Dell & Trend Micro Boost VM Density with AV Designed for VDI TJ Lamphier, Sr. Director Trend Micro & Aaron Brace, Solution Architect.
BalaBit Shell Control Box

BalaBit Shell Control Box
Presentation Prepared For:. Remote Command Center Operations “Cloud” Technology Electric Car Charging Stations Interfaces to Customer’s Web Sites End.

Presentation Prepared For:. Remote Command Center Operations “Cloud” Technology Electric Car Charging Stations Interfaces to Customer’s Web Sites End.
Roundtable Discussion: Working Together to Find Solutions to Challenges Tuesday, August 9, 2011 Moderators: Pam Ellis, CEP and Sara Shoaf, CEP – Solium.

Roundtable Discussion: Working Together to Find Solutions to Challenges Tuesday, August 9, 2011 Moderators: Pam Ellis, CEP and Sara Shoaf, CEP – Solium.
TAG Cloud® 1 TAG-Org 2022. The vision of Dr. Talal Abu-Ghazaleh, the Chairman of TAGORG, was to establish, run and maintain the first Arab Comprehensive.

TAG Cloud® 1 TAG-Org The vision of Dr. Talal Abu-Ghazaleh, the Chairman of TAGORG, was to establish, run and maintain the first Arab Comprehensive.
Windows Server ® Virtualization Infrastructure Planning and Design Published: November 2007 Updated: July 2010.

Windows Server ® Virtualization Infrastructure Planning and Design Published: November 2007 Updated: July 2010.
Mitigating Risk and Improving Efficiency with Third Party Vendors – When is enough… enough? Paul Aries, RVP, Nelnet Business Solutions Ann Holland, Associate.

Mitigating Risk and Improving Efficiency with Third Party Vendors – When is enough… enough? Paul Aries, RVP, Nelnet Business Solutions Ann Holland, Associate.
PCI Compliance Technical Overview 2008. RM PCI Calendar Sept 2006: Official 15.1 PCI Release Sept 2006: 15.1 certified PCI Compliant Jan 2007: VISA approves.

PCI Compliance Technical Overview RM PCI Calendar Sept 2006: Official 15.1 PCI Release Sept 2006: 15.1 certified PCI Compliant Jan 2007: VISA approves.
Government Technology Bay Area Technology Forum November 5, 2009 Presented By: Jon Fullinwider Director, Local Government Citrix Systems, Inc. Presented.

Government Technology Bay Area Technology Forum November 5, 2009 Presented By: Jon Fullinwider Director, Local Government Citrix Systems, Inc. Presented.
Cloud Computing Will Crowley Monica Lopez Jaimie Morrison.

Cloud Computing Will Crowley Monica Lopez Jaimie Morrison.
For Investors How it works Investing in private emerging growth companies You are an accredited investor and looking for ways to increase your return.

For Investors How it works Investing in private emerging growth companies You are an accredited investor and looking for ways to increase your return.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
© 2011 Financial Operations Networks LLC AP Policies and Internal Controls for Running a Tight Ship Panel: Susan Tinkler-Muller Mike Iverson Rob Rogers.

© 2011 Financial Operations Networks LLC AP Policies and Internal Controls for Running a Tight Ship Panel: Susan Tinkler-Muller Mike Iverson Rob Rogers.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Windows Server ® Virtualization Infrastructure Planning and Design Published: November 2007 Updated: January 2012.

Windows Server ® Virtualization Infrastructure Planning and Design Published: November 2007 Updated: January 2012.
PCI: As complicated as it sounds? Gerry Lawrence CTO

PCI: As complicated as it sounds? Gerry Lawrence CTO
PCI DSS Readiness Presented By: Paul Grégoire, CISSP, QSA, PA-QSA

PCI DSS Readiness Presented By: Paul Grégoire, CISSP, QSA, PA-QSA
CLOUD COMPUTING  IT is a service provider which provides information.  IT allows the employees to work remotely  IT is a on demand network access.

CLOUD COMPUTING  IT is a service provider which provides information.  IT allows the employees to work remotely  IT is a on demand network access.
SNIA/SSIF KMIP Interoperability Proposal. What is the proposal? Host a KMIP interoperability program which includes: – Publishing a set of interoperability.

SNIA/SSIF KMIP Interoperability Proposal. What is the proposal? Host a KMIP interoperability program which includes: – Publishing a set of interoperability.
April 9, 2010 1.  Employers  IS Careers  Business Support  Key Trends  Manage your career  Questions 2.

April 9,  Employers  IS Careers  Business Support  Key Trends  Manage your career  Questions 2.

Similar presentations

Ads by Google