SlideShare una empresa de Scribd logo

Simplifying PCI on a PaaS Environment

Engine Yard
Engine Yard

Achieving PCI compliance can be a complex, time-consuming, and expensive undertaking. However, with the right approach it can be substantially less burdensome. In this webcast, we will provide background and recommendations to help you make the best possible decisions regarding PCI for your PaaS-based application. If you currently accept, or are contemplating accepting a payment card on your web application, this webcast is for you. In this presentation you will learn about: -An overview of PCI -How to scope your environment for PCI compliance -Ways to make compliance more manageable, and -Things to consider when approaching PCI compliance on a PaaS provider. To view the full webcast on-demand: http://pages.engineyard.com/an-introduction-to-pci-compliance-on-a-paas.html

Tecnología
1 de 19
Descargar para leer sin conexión
Engine Yard - Confidential
Ryan Gurney Director, Security & Compliance Engine Yard rgurney@engineyard.com 02/28/2012
•  Overview of PCI •  Make PCI Manageable •  Scope Effectively •  PCI on PaaS •  Q&A 02/28/2012 3
02/28/2012 4
Requirements for storing, processing or transmitting payment card data Endorsed by the major card brands Four levels of validation depending on transaction volume Enforced through incentives, fines or termination of privileges 02/28/2012 5
Data Security Key Areas of Focus Build and Maintain a Secure Network Protect Cardholder Data Information Network Maintain a Security Security Vulnerability Policies Management Program PCI Encryption Implement Strong Remediation Logging Key Management Log Review Access Control Strategy Access Control Measures & Management Maintain an Information File Integrity Security Policy Monitoring Regularly Monitor and Test Networks Vulnerability Management 02/28/2012 6
•  Being PCI compliant does not provide assurances that a data breach will not occur. Of the card accepting merchants that sustained a data breach in 2009, 21% of them had previously been validated as PCI-compliant. •  The average cost of a data breach globally is $3.43 million -- or $142 per 1 Ponemon Institute and PGP study customer record. In the U.S., the cost is $6.65 million or Insider threats matter! $208 per customer record. 02/28/2012 7
PCI compliance is required, however meeting compliance has Scope Specific traditionally placed a high cost in time and money on organizations. –  Only 21% of companies Fail One Low achieve PCI compliance their Control, Regard Fail for Risk first time through the process. Audit Process –  PCI is not something that can be “crossed off the list” once your organization attains an Vendors Costly initial certification. Regular Manage Point in time audit, but not Audit point in time governance! 02/28/2012 8
02/28/2012 9
Document •  Determine the payment Card card data entry, processing, storage and Locations exit points •  Map the logical flow of Map Data data throughout the Flow environment •  Includes all Identify systems, apps, Infrastructure DBs, and network devices supporting the data flows 02/28/2012 10
02/28/2012 11
http://www.engineyard.com/partner/braintree 02/28/2012 12
02/28/2012 13
•  Process Evaluation: Do we need Requirements to retain the full PAN? •  Outsourcing: Can someone else Reduction handle the transactions and compliance burden? •  Environment Redesign: Can we consolidate our payment Scope environment? •  Tokenization Reduction •  Network Segmentation •  Point-to-Point Encryption 02/28/2012 14
02/28/2012 15
The Platform Can I meet my I expect a certain level customer’s of security in my security environment. requirements in the Cloud? Your Customers Regulators IaaS Provider 02/28/2012 16
Your Data Risk Evaluation, Roles & Roadmap, & Responsibilities Improvement PaaS Provider Logging & Security Monitoring Capabilities Access Controls 02/28/2012 17
02/28/2012 18
More Information: •  PCI Council http://ey.io/PCI-council •  Cloud Security Alliance http://ey.io/cs-alliance •  Engine Yard PCI whitepaper http://ey.io/paaspci Feedback / Questions: •  Ryan Gurney - rgurney@engineyard.com 02/28/2012 19

Recomendados

Risk Factory: PCI - The Essentials
Risk Factory: PCI - The EssentialsRisk Factory: PCI - The Essentials
Risk Factory: PCI - The EssentialsRisk Crew
 
Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010Erik Ginalick
 
New Window of Opportunity
New Window of OpportunityNew Window of Opportunity
New Window of OpportunityCASCouncil
 
PCI DSS Essential Guide
PCI DSS Essential GuidePCI DSS Essential Guide
PCI DSS Essential GuideKim Jensen
 
PCI and Remote Vendors
PCI and Remote VendorsPCI and Remote Vendors
PCI and Remote VendorsObserveIT
 
Spirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinSpirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinAnton Chuvakin
 
Approach pci- dss
Approach pci- dssApproach pci- dss
Approach pci- dssVikrant Burbure
 
Requirements and Security Assessment Procedure for C7 To Be PCI DSS Compliant
Requirements and Security Assessment Procedure for C7 To Be PCI DSS CompliantRequirements and Security Assessment Procedure for C7 To Be PCI DSS Compliant
Requirements and Security Assessment Procedure for C7 To Be PCI DSS CompliantOlivia Grey
 

Recomendados

Risk Factory: PCI - The Essentials
Risk Factory: PCI - The EssentialsRisk Factory: PCI - The Essentials
Risk Factory: PCI - The EssentialsRisk Crew
 
Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010Protecting Payment Card Data Wp091010
Protecting Payment Card Data Wp091010Erik Ginalick
 
New Window of Opportunity
New Window of OpportunityNew Window of Opportunity
New Window of OpportunityCASCouncil
 
PCI DSS Essential Guide
PCI DSS Essential GuidePCI DSS Essential Guide
PCI DSS Essential GuideKim Jensen
 
PCI and Remote Vendors
PCI and Remote VendorsPCI and Remote Vendors
PCI and Remote VendorsObserveIT
 
Spirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinSpirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinAnton Chuvakin
 
Approach pci- dss
Approach pci- dssApproach pci- dss
Approach pci- dssVikrant Burbure
 
Requirements and Security Assessment Procedure for C7 To Be PCI DSS Compliant
Requirements and Security Assessment Procedure for C7 To Be PCI DSS CompliantRequirements and Security Assessment Procedure for C7 To Be PCI DSS Compliant
Requirements and Security Assessment Procedure for C7 To Be PCI DSS CompliantOlivia Grey
 
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...Hitachi ID Systems, Inc.
 
PCI Compliance for Dummies
PCI Compliance for DummiesPCI Compliance for Dummies
PCI Compliance for DummiesLiberteks
 
Using Cisco’s VMDC to help facilitate PCI compliance
Using Cisco’s VMDC to help facilitate PCI complianceUsing Cisco’s VMDC to help facilitate PCI compliance
Using Cisco’s VMDC to help facilitate PCI complianceCisco Service Provider
 
PCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataPCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataInMobi Technology
 
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesSecure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesHyTrust
 
Secure Enterprise Cloud
Secure Enterprise CloudSecure Enterprise Cloud
Secure Enterprise CloudIndu Kodukula
 
2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deck2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deckRichard (Dick) Kaufman
 
Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892Risk Crew
 
How to Overcome the 3 Biggest PCI Compliance Challenges
How to Overcome the 3 Biggest PCI Compliance ChallengesHow to Overcome the 3 Biggest PCI Compliance Challenges
How to Overcome the 3 Biggest PCI Compliance ChallengesVISIHOSTING
 
PCI DSS and PA DSS
PCI DSS and PA DSSPCI DSS and PA DSS
PCI DSS and PA DSSKimberly Simon MBA
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overviewokrantz
 
PCI DSS
PCI DSSPCI DSS
PCI DSSDuy Do Phan
 
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGPCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGhimalya sharma
 
The Role of Government in Identity Management
The Role of Government in Identity ManagementThe Role of Government in Identity Management
The Role of Government in Identity ManagementDon Lovett
 
"Compliance First" or "Security First"
"Compliance First" or "Security First""Compliance First" or "Security First"
"Compliance First" or "Security First"Anton Chuvakin
 
PCI DSS 3.0 – What You Need to Know
PCI DSS 3.0 – What You Need to KnowPCI DSS 3.0 – What You Need to Know
PCI DSS 3.0 – What You Need to KnowTerra Verde
 
DLP Executive Overview
DLP Executive OverviewDLP Executive Overview
DLP Executive OverviewKim Jensen
 
Privileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safePrivileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safeJens Albrecht
 
SFISSA - PCI DSS 3.0 - A QSA Perspective
SFISSA - PCI DSS 3.0 - A QSA PerspectiveSFISSA - PCI DSS 3.0 - A QSA Perspective
SFISSA - PCI DSS 3.0 - A QSA PerspectiveMark Akins
 
SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011Satish Hemachandran
 
Cohodatawebinar
Cohodatawebinar Cohodatawebinar
Cohodatawebinar Murugesan Arumugam
 
Engine Yard Cloud Architecture Enhancements
Engine Yard Cloud Architecture EnhancementsEngine Yard Cloud Architecture Enhancements
Engine Yard Cloud Architecture EnhancementsEngine Yard
 

Más contenido relacionado

La actualidad más candente

Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...Hitachi ID Systems, Inc.
 
PCI Compliance for Dummies
PCI Compliance for DummiesPCI Compliance for Dummies
PCI Compliance for DummiesLiberteks
 
Using Cisco’s VMDC to help facilitate PCI compliance
Using Cisco’s VMDC to help facilitate PCI complianceUsing Cisco’s VMDC to help facilitate PCI compliance
Using Cisco’s VMDC to help facilitate PCI complianceCisco Service Provider
 
PCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataPCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataInMobi Technology
 
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesSecure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesHyTrust
 
Secure Enterprise Cloud
Secure Enterprise CloudSecure Enterprise Cloud
Secure Enterprise CloudIndu Kodukula
 
2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deck2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deckRichard (Dick) Kaufman
 
Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892Risk Crew
 
How to Overcome the 3 Biggest PCI Compliance Challenges
How to Overcome the 3 Biggest PCI Compliance ChallengesHow to Overcome the 3 Biggest PCI Compliance Challenges
How to Overcome the 3 Biggest PCI Compliance ChallengesVISIHOSTING
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overviewokrantz
 
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGPCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGhimalya sharma
 
The Role of Government in Identity Management
The Role of Government in Identity ManagementThe Role of Government in Identity Management
The Role of Government in Identity ManagementDon Lovett
 
"Compliance First" or "Security First"
"Compliance First" or "Security First""Compliance First" or "Security First"
"Compliance First" or "Security First"Anton Chuvakin
 
PCI DSS 3.0 – What You Need to Know
PCI DSS 3.0 – What You Need to KnowPCI DSS 3.0 – What You Need to Know
PCI DSS 3.0 – What You Need to KnowTerra Verde
 
DLP Executive Overview
DLP Executive OverviewDLP Executive Overview
DLP Executive OverviewKim Jensen
 
Privileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safePrivileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safeJens Albrecht
 
SFISSA - PCI DSS 3.0 - A QSA Perspective
SFISSA - PCI DSS 3.0 - A QSA PerspectiveSFISSA - PCI DSS 3.0 - A QSA Perspective
SFISSA - PCI DSS 3.0 - A QSA PerspectiveMark Akins
 
SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011Satish Hemachandran
 

La actualidad más candente (20)

Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...
Hitachi ID Access Certifier: Find and remove stale privileges with periodic r...
 
PCI Compliance for Dummies
PCI Compliance for DummiesPCI Compliance for Dummies
PCI Compliance for Dummies
 
Using Cisco’s VMDC to help facilitate PCI compliance
Using Cisco’s VMDC to help facilitate PCI complianceUsing Cisco’s VMDC to help facilitate PCI compliance
Using Cisco’s VMDC to help facilitate PCI compliance
 
PCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataPCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder data
 
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesSecure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
 
Secure Enterprise Cloud
Secure Enterprise CloudSecure Enterprise Cloud
Secure Enterprise Cloud
 
2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deck2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deck
 
Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892
 
How to Overcome the 3 Biggest PCI Compliance Challenges
How to Overcome the 3 Biggest PCI Compliance ChallengesHow to Overcome the 3 Biggest PCI Compliance Challenges
How to Overcome the 3 Biggest PCI Compliance Challenges
 
PCI DSS and PA DSS
PCI DSS and PA DSSPCI DSS and PA DSS
PCI DSS and PA DSS
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overview
 
PCI DSS
PCI DSSPCI DSS
PCI DSS
 
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGPCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
 
The Role of Government in Identity Management
The Role of Government in Identity ManagementThe Role of Government in Identity Management
The Role of Government in Identity Management
 
"Compliance First" or "Security First"
"Compliance First" or "Security First""Compliance First" or "Security First"
"Compliance First" or "Security First"
 
PCI DSS 3.0 – What You Need to Know
PCI DSS 3.0 – What You Need to KnowPCI DSS 3.0 – What You Need to Know
PCI DSS 3.0 – What You Need to Know
 
DLP Executive Overview
DLP Executive OverviewDLP Executive Overview
DLP Executive Overview
 
Privileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safePrivileged Account Management - Keep your logins safe
Privileged Account Management - Keep your logins safe
 
SFISSA - PCI DSS 3.0 - A QSA Perspective
SFISSA - PCI DSS 3.0 - A QSA PerspectiveSFISSA - PCI DSS 3.0 - A QSA Perspective
SFISSA - PCI DSS 3.0 - A QSA Perspective
 
SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011
 

Destacado

Engine Yard Cloud Architecture Enhancements
Engine Yard Cloud Architecture EnhancementsEngine Yard Cloud Architecture Enhancements
Engine Yard Cloud Architecture EnhancementsEngine Yard
 
6 tips for improving ruby performance
6 tips for improving ruby performance6 tips for improving ruby performance
6 tips for improving ruby performanceEngine Yard
 
IRCE 2016 Speaking Session – The Small Things That Add Up: How to Find What D...
IRCE 2016 Speaking Session – The Small Things That Add Up: How to Find What D...IRCE 2016 Speaking Session – The Small Things That Add Up: How to Find What D...
IRCE 2016 Speaking Session – The Small Things That Add Up: How to Find What D...SOASTA
 
Rewriting The Revenue Rules: From Mobile-First To Mobile-Only Mobile Shopping...
Rewriting The Revenue Rules: From Mobile-First To Mobile-Only Mobile Shopping...Rewriting The Revenue Rules: From Mobile-First To Mobile-Only Mobile Shopping...
Rewriting The Revenue Rules: From Mobile-First To Mobile-Only Mobile Shopping...SOASTA
 
Using JMeter in CloudTest for Continuous Testing
Using JMeter in CloudTest for Continuous TestingUsing JMeter in CloudTest for Continuous Testing
Using JMeter in CloudTest for Continuous TestingSOASTA
 
Soasta | CloudBees webinar 11/12/2015
Soasta | CloudBees webinar 11/12/2015Soasta | CloudBees webinar 11/12/2015
Soasta | CloudBees webinar 11/12/2015SOASTA
 
DPM in Pictures
DPM in PicturesDPM in Pictures
DPM in PicturesSOASTA
 
Reinventing the Modern Information Pipeline: Paxata and MapR
Reinventing the Modern Information Pipeline: Paxata and MapRReinventing the Modern Information Pipeline: Paxata and MapR
Reinventing the Modern Information Pipeline: Paxata and MapRLilia Gutnik
 
Aws vs. Azure: 5 Things You Need To Know
Aws vs. Azure: 5 Things You Need To KnowAws vs. Azure: 5 Things You Need To Know
Aws vs. Azure: 5 Things You Need To KnowScalr
 
Engine Yard Partner Program 2014
Engine Yard Partner Program 2014Engine Yard Partner Program 2014
Engine Yard Partner Program 2014Engine Yard
 
Slack presentation
Slack presentationSlack presentation
Slack presentationblevz
 

Destacado (18)

Cohodatawebinar
Cohodatawebinar Cohodatawebinar
Cohodatawebinar
 
Engine Yard Cloud Architecture Enhancements
Engine Yard Cloud Architecture EnhancementsEngine Yard Cloud Architecture Enhancements
Engine Yard Cloud Architecture Enhancements
 
Geemus
GeemusGeemus
Geemus
 
6 tips for improving ruby performance
6 tips for improving ruby performance6 tips for improving ruby performance
6 tips for improving ruby performance
 
IRCE 2016 Speaking Session – The Small Things That Add Up: How to Find What D...
IRCE 2016 Speaking Session – The Small Things That Add Up: How to Find What D...IRCE 2016 Speaking Session – The Small Things That Add Up: How to Find What D...
IRCE 2016 Speaking Session – The Small Things That Add Up: How to Find What D...
 
Slack
SlackSlack
Slack
 
Rewriting The Revenue Rules: From Mobile-First To Mobile-Only Mobile Shopping...
Rewriting The Revenue Rules: From Mobile-First To Mobile-Only Mobile Shopping...Rewriting The Revenue Rules: From Mobile-First To Mobile-Only Mobile Shopping...
Rewriting The Revenue Rules: From Mobile-First To Mobile-Only Mobile Shopping...
 
Scalr Demo
Scalr DemoScalr Demo
Scalr Demo
 
Using JMeter in CloudTest for Continuous Testing
Using JMeter in CloudTest for Continuous TestingUsing JMeter in CloudTest for Continuous Testing
Using JMeter in CloudTest for Continuous Testing
 
Soasta | CloudBees webinar 11/12/2015
Soasta | CloudBees webinar 11/12/2015Soasta | CloudBees webinar 11/12/2015
Soasta | CloudBees webinar 11/12/2015
 
DPM in Pictures
DPM in PicturesDPM in Pictures
DPM in Pictures
 
Prezi
PreziPrezi
Prezi
 
Reinventing the Modern Information Pipeline: Paxata and MapR
Reinventing the Modern Information Pipeline: Paxata and MapRReinventing the Modern Information Pipeline: Paxata and MapR
Reinventing the Modern Information Pipeline: Paxata and MapR
 
Prezi slideshare
Prezi slidesharePrezi slideshare
Prezi slideshare
 
Aws vs. Azure: 5 Things You Need To Know
Aws vs. Azure: 5 Things You Need To KnowAws vs. Azure: 5 Things You Need To Know
Aws vs. Azure: 5 Things You Need To Know
 
Engine Yard Partner Program 2014
Engine Yard Partner Program 2014Engine Yard Partner Program 2014
Engine Yard Partner Program 2014
 
Slack
SlackSlack
Slack
 
Slack presentation
Slack presentationSlack presentation
Slack presentation
 

Similar a Simplifying PCI on a PaaS Environment

Rightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public CloudRightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public CloudRightScale
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?IBM Security
 
7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid Them7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid ThemSasha Nunke
 
PCI Compliance The Circuit
PCI Compliance The Circuit PCI Compliance The Circuit
PCI Compliance The Circuit The Circuit
 
PCI Compliance Fundamentals The Circuit
PCI Compliance Fundamentals The CircuitPCI Compliance Fundamentals The Circuit
PCI Compliance Fundamentals The CircuitThe Circuit
 
Latests status on pci and pcipa 2010
Latests status on pci and pcipa 2010Latests status on pci and pcipa 2010
Latests status on pci and pcipa 2010Retail Trends
 
10 Steps To Secure and PCI Compliant Credit Card Processing In Oracle Receiva...
10 Steps To Secure and PCI Compliant Credit Card Processing In Oracle Receiva...10 Steps To Secure and PCI Compliant Credit Card Processing In Oracle Receiva...
10 Steps To Secure and PCI Compliant Credit Card Processing In Oracle Receiva...amadhireddy
 
Rhd + Visual Risk Iq Presentation On Continuous Auditing District Conferenc...
Rhd + Visual Risk Iq Presentation On Continuous Auditing District Conferenc...Rhd + Visual Risk Iq Presentation On Continuous Auditing District Conferenc...
Rhd + Visual Risk Iq Presentation On Continuous Auditing District Conferenc...Joe Oringel
 
A systematic approach to pci compliance using rsa archer
A systematic approach to pci compliance using rsa archerA systematic approach to pci compliance using rsa archer
A systematic approach to pci compliance using rsa archerSubhajit Bhuiya
 
Moving Enterprise Applications to the Cloud
Moving Enterprise Applications to the CloudMoving Enterprise Applications to the Cloud
Moving Enterprise Applications to the CloudVISI
 
Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012gaborvodics
 
Ibm data governance framework
Ibm data governance frameworkIbm data governance framework
Ibm data governance frameworkkaiyun7631
 
IRJET- Proficient Public Substantiation of Data Veracity for Cloud Storage th...
IRJET- Proficient Public Substantiation of Data Veracity for Cloud Storage th...IRJET- Proficient Public Substantiation of Data Veracity for Cloud Storage th...
IRJET- Proficient Public Substantiation of Data Veracity for Cloud Storage th...IRJET Journal
 
Sun2 oracle avea's identity management platform transformation
Sun2 oracle avea's identity management platform transformationSun2 oracle avea's identity management platform transformation
Sun2 oracle avea's identity management platform transformationOracleIDM
 
security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloudAjay Rathi
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesControlCase
 

Similar a Simplifying PCI on a PaaS Environment (20)

Rightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public CloudRightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public Cloud
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?
 
7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid Them7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid Them
 
PCI Compliance The Circuit
PCI Compliance The Circuit PCI Compliance The Circuit
PCI Compliance The Circuit
 
PCI Compliance Fundamentals The Circuit
PCI Compliance Fundamentals The CircuitPCI Compliance Fundamentals The Circuit
PCI Compliance Fundamentals The Circuit
 
Latests status on pci and pcipa 2010
Latests status on pci and pcipa 2010Latests status on pci and pcipa 2010
Latests status on pci and pcipa 2010
 
10 Steps To Secure and PCI Compliant Credit Card Processing In Oracle Receiva...
10 Steps To Secure and PCI Compliant Credit Card Processing In Oracle Receiva...10 Steps To Secure and PCI Compliant Credit Card Processing In Oracle Receiva...
10 Steps To Secure and PCI Compliant Credit Card Processing In Oracle Receiva...
 
Rhd + Visual Risk Iq Presentation On Continuous Auditing District Conferenc...
Rhd + Visual Risk Iq Presentation On Continuous Auditing District Conferenc...Rhd + Visual Risk Iq Presentation On Continuous Auditing District Conferenc...
Rhd + Visual Risk Iq Presentation On Continuous Auditing District Conferenc...
 
PCI DSSand PA DSS
PCI DSSand PA DSSPCI DSSand PA DSS
PCI DSSand PA DSS
 
A systematic approach to pci compliance using rsa archer
A systematic approach to pci compliance using rsa archerA systematic approach to pci compliance using rsa archer
A systematic approach to pci compliance using rsa archer
 
BREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAPBREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAP
 
Cloud Auditing
Cloud AuditingCloud Auditing
Cloud Auditing
 
Moving Enterprise Applications to the Cloud
Moving Enterprise Applications to the CloudMoving Enterprise Applications to the Cloud
Moving Enterprise Applications to the Cloud
 
Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012
 
Ibm data governance framework
Ibm data governance frameworkIbm data governance framework
Ibm data governance framework
 
SYMCAnnual
SYMCAnnualSYMCAnnual
SYMCAnnual
 
IRJET- Proficient Public Substantiation of Data Veracity for Cloud Storage th...
IRJET- Proficient Public Substantiation of Data Veracity for Cloud Storage th...IRJET- Proficient Public Substantiation of Data Veracity for Cloud Storage th...
IRJET- Proficient Public Substantiation of Data Veracity for Cloud Storage th...
 
Sun2 oracle avea's identity management platform transformation
Sun2 oracle avea's identity management platform transformationSun2 oracle avea's identity management platform transformation
Sun2 oracle avea's identity management platform transformation
 
security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloud
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust Principles
 

Más de Engine Yard

Getting Started with PHP on Engine Yard Cloud
Getting Started with PHP on Engine Yard CloudGetting Started with PHP on Engine Yard Cloud
Getting Started with PHP on Engine Yard CloudEngine Yard
 
The Tao of Documentation
The Tao of DocumentationThe Tao of Documentation
The Tao of DocumentationEngine Yard
 
Innovate Faster in the Cloud with a Platform as a Service
Innovate Faster in the Cloud with a Platform as a ServiceInnovate Faster in the Cloud with a Platform as a Service
Innovate Faster in the Cloud with a Platform as a ServiceEngine Yard
 
Introduction to Ruby
Introduction to RubyIntroduction to Ruby
Introduction to RubyEngine Yard
 
JRuby: Enhancing Java Developers Lives
JRuby: Enhancing Java Developers LivesJRuby: Enhancing Java Developers Lives
JRuby: Enhancing Java Developers LivesEngine Yard
 
High Performance Ruby: Evented vs. Threaded
High Performance Ruby: Evented vs. ThreadedHigh Performance Ruby: Evented vs. Threaded
High Performance Ruby: Evented vs. ThreadedEngine Yard
 
Release Early & Release Often: Reducing Deployment Friction
Release Early & Release Often: Reducing Deployment FrictionRelease Early & Release Often: Reducing Deployment Friction
Release Early & Release Often: Reducing Deployment FrictionEngine Yard
 
JRuby Jam Session
JRuby Jam Session JRuby Jam Session
JRuby Jam Session Engine Yard
 
Rubinius and Ruby | A Love Story
Rubinius and Ruby | A Love Story Rubinius and Ruby | A Love Story
Rubinius and Ruby | A Love Story Engine Yard
 
Rails Antipatterns | Open Session with Chad Pytel
Rails Antipatterns | Open Session with Chad Pytel Rails Antipatterns | Open Session with Chad Pytel
Rails Antipatterns | Open Session with Chad Pytel Engine Yard
 
JRuby: Apples and Oranges
JRuby: Apples and OrangesJRuby: Apples and Oranges
JRuby: Apples and OrangesEngine Yard
 
Developing a Language
Developing a LanguageDeveloping a Language
Developing a LanguageEngine Yard
 
Debugging Ruby Systems
Debugging Ruby SystemsDebugging Ruby Systems
Debugging Ruby SystemsEngine Yard
 
Everything Rubinius
Everything RubiniusEverything Rubinius
Everything RubiniusEngine Yard
 
Rails Hosting and the Woes
Rails Hosting and the WoesRails Hosting and the Woes
Rails Hosting and the WoesEngine Yard
 

Más de Engine Yard (15)

Getting Started with PHP on Engine Yard Cloud
Getting Started with PHP on Engine Yard CloudGetting Started with PHP on Engine Yard Cloud
Getting Started with PHP on Engine Yard Cloud
 
The Tao of Documentation
The Tao of DocumentationThe Tao of Documentation
The Tao of Documentation
 
Innovate Faster in the Cloud with a Platform as a Service
Innovate Faster in the Cloud with a Platform as a ServiceInnovate Faster in the Cloud with a Platform as a Service
Innovate Faster in the Cloud with a Platform as a Service
 
Introduction to Ruby
Introduction to RubyIntroduction to Ruby
Introduction to Ruby
 
JRuby: Enhancing Java Developers Lives
JRuby: Enhancing Java Developers LivesJRuby: Enhancing Java Developers Lives
JRuby: Enhancing Java Developers Lives
 
High Performance Ruby: Evented vs. Threaded
High Performance Ruby: Evented vs. ThreadedHigh Performance Ruby: Evented vs. Threaded
High Performance Ruby: Evented vs. Threaded
 
Release Early & Release Often: Reducing Deployment Friction
Release Early & Release Often: Reducing Deployment FrictionRelease Early & Release Often: Reducing Deployment Friction
Release Early & Release Often: Reducing Deployment Friction
 
JRuby Jam Session
JRuby Jam Session JRuby Jam Session
JRuby Jam Session
 
Rubinius and Ruby | A Love Story
Rubinius and Ruby | A Love Story Rubinius and Ruby | A Love Story
Rubinius and Ruby | A Love Story
 
Rails Antipatterns | Open Session with Chad Pytel
Rails Antipatterns | Open Session with Chad Pytel Rails Antipatterns | Open Session with Chad Pytel
Rails Antipatterns | Open Session with Chad Pytel
 
JRuby: Apples and Oranges
JRuby: Apples and OrangesJRuby: Apples and Oranges
JRuby: Apples and Oranges
 
Developing a Language
Developing a LanguageDeveloping a Language
Developing a Language
 
Debugging Ruby Systems
Debugging Ruby SystemsDebugging Ruby Systems
Debugging Ruby Systems
 
Everything Rubinius
Everything RubiniusEverything Rubinius
Everything Rubinius
 
Rails Hosting and the Woes
Rails Hosting and the WoesRails Hosting and the Woes
Rails Hosting and the Woes
 

Último

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 

Último (20)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

Simplifying PCI on a PaaS Environment

  • 1. Engine Yard - Confidential
  • 2. Ryan Gurney Director, Security & Compliance Engine Yard rgurney@engineyard.com 02/28/2012
  • 3. •  Overview of PCI •  Make PCI Manageable •  Scope Effectively •  PCI on PaaS •  Q&A 02/28/2012 3
  • 5. Requirements for storing, processing or transmitting payment card data Endorsed by the major card brands Four levels of validation depending on transaction volume Enforced through incentives, fines or termination of privileges 02/28/2012 5
  • 6. Data Security Key Areas of Focus Build and Maintain a Secure Network Protect Cardholder Data Information Network Maintain a Security Security Vulnerability Policies Management Program PCI Encryption Implement Strong Remediation Logging Key Management Log Review Access Control Strategy Access Control Measures & Management Maintain an Information File Integrity Security Policy Monitoring Regularly Monitor and Test Networks Vulnerability Management 02/28/2012 6
  • 7. •  Being PCI compliant does not provide assurances that a data breach will not occur. Of the card accepting merchants that sustained a data breach in 2009, 21% of them had previously been validated as PCI-compliant. •  The average cost of a data breach globally is $3.43 million -- or $142 per 1 Ponemon Institute and PGP study customer record. In the U.S., the cost is $6.65 million or Insider threats matter! $208 per customer record. 02/28/2012 7
  • 8. PCI compliance is required, however meeting compliance has Scope Specific traditionally placed a high cost in time and money on organizations. –  Only 21% of companies Fail One Low achieve PCI compliance their Control, Regard Fail for Risk first time through the process. Audit Process –  PCI is not something that can be “crossed off the list” once your organization attains an Vendors Costly initial certification. Regular Manage Point in time audit, but not Audit point in time governance! 02/28/2012 8
  • 10. Document •  Determine the payment Card card data entry, processing, storage and Locations exit points •  Map the logical flow of Map Data data throughout the Flow environment •  Includes all Identify systems, apps, Infrastructure DBs, and network devices supporting the data flows 02/28/2012 10
  • 14. •  Process Evaluation: Do we need Requirements to retain the full PAN? •  Outsourcing: Can someone else Reduction handle the transactions and compliance burden? •  Environment Redesign: Can we consolidate our payment Scope environment? •  Tokenization Reduction •  Network Segmentation •  Point-to-Point Encryption 02/28/2012 14
  • 16. The Platform Can I meet my I expect a certain level customer’s of security in my security environment. requirements in the Cloud? Your Customers Regulators IaaS Provider 02/28/2012 16
  • 17. Your Data Risk Evaluation, Roles & Roadmap, & Responsibilities Improvement PaaS Provider Logging & Security Monitoring Capabilities Access Controls 02/28/2012 17
  • 19. More Information: •  PCI Council http://ey.io/PCI-council •  Cloud Security Alliance http://ey.io/cs-alliance •  Engine Yard PCI whitepaper http://ey.io/paaspci Feedback / Questions: •  Ryan Gurney - rgurney@engineyard.com 02/28/2012 19