views:

89

answers:

2

The requirements for PCI standards include installing a firewall, restrict physical access to servers, using and regularly updating antivirus and malware software etc as outlined here

If you host your application in the cloud , how can you ensure that you meet these PCI requirements

A: 

The easiest way is to use a 3rd party payment company. They can handle all the transactions for you in a secure manner, without you ever having to know any details.

Kristian Hebert
check this out http://www.mckeay.net/2008/11/02/pci-compliance-in-the-cloud-get-it-in-writing/ ....and this http://broadcast.oreilly.com/2009/02/pci-in-the-cloud.html and this http://cloudsecurity.org/blog/2009/03/14/what-does-pci-compliance-in-the-cloud-really-mean.html more what i was looking for
Allan Rwakatungu
+1  A: 

The best way to ensure you are PCI complaint is to look for cloud infrastructure providers that provision "private cloud" infrastructures. Check and see if the cloud resource pools are logically divided, physically divided and what isolation levels exist.

There are several good private cloud providers out there, but each have different ways of providing isolated instances. Quite often you will see enterprise clouds as VMware vSphere 4 installations.

DeckerEgo