Hello everyone!. I am developing a website which then will be used as a service that I provide, a site like CRM and the people entering register and pay a monthly rent for the site will contain sensitive information of people who use it. There are rules or standards to follow for these kinds of sites? To give an example the PCI standards for credit card systems that rule says basic things such as having a network with security, encrypt credit card numbers, etc.. follow these rules if I sell my software better that the software is PCI certified and therefore secure software.
Then I repeat the question, there are some kind of standards, rules, procedures to be used for cloud services containing sensitive information?. Another example would be Windows Azure, which still rules them to keep the software as a service safely?.
I've been looking at amazon and for example is a book called:
Cloud Computing: Implementation, Management, and Security
Someone has read it?.
I really need a light on this.
Many thank you very much.