12-06-10 | Blog Post
Online Tech brings you a new blog on PCI Compliance by Adam Goslin, Co-Founder of High Bit Security, a full service security company specializing in attainment or ongoing maintenance of Payment Card Industry Data Security Standards (PCI-DSS) Compliance and Penetration Testing. PCI compliant hosting is important for all of our clients who hold and handle credit card information.
Having implemented PCI compliant solutions against multiple platforms for a wide variety of implementation types – there are certainly distinct advantages of the private cloud offering.
For more traditional companies that are considering making their existing environment PCI compliant and are amenable to truly exploring all of their options, putting a third party hosted private cloud offering into the running is highly recommended. Private cloud offers the ability to implement all of your existing servers into a centralized environment with all of the capabilities of a traditional stack, and does not in any way inhibit the necessary security capabilities required for PCI DSS compliance.
Traditionally, companies would tend to place multiple functions onto a single server to save from having to acquire additional hardware, which poses a serious problem when facing the requirement of PCI that servers serve a single purpose. Further, since PCI requires hardening of each server in the cardholder data environment, planning the move makes this function far easier in that one can build and harden server profiles that are then deployed as a base for the ultimate migration – saving a ton of configuration time in the long run. Not only does this methodology pay dividends during the migration phase, but if adopted as part of ongoing standard daily practice – saves money on new server rollout as well.
We’ve worked with our customers in a private cloud environment to integrate all necessary elements of PCI DSS compliance, and in most cases, the integration in a private cloud environment is easier than doing so in a traditional environment – inclusive of centralized logging and the network intrusion detection system(NIDS).
We’re often asked about leveraging the public cloud offerings available on the market today, such as Azure, EC2 or Google, but these platforms are almost impossible to integrate a company cardholder data environment into and convince an auditor of compliance. While these platforms have their place for non compliant situations, they are simply not a good fit for the cardholder data environment when contemplating PCI DSS compliance.
Online Tech simply makes for a great selection for a PCI compliant environment, having already worked through multiple customers PCI audits with a staff used to the security requirements of PCI DSS and housed in a fully PCI Compliant data center – the process is made that much easier!
Adam Goslin, Co-Founder, High Bit Security, LLC
Adam has an IT career that spans more than 15 years, recently leading the IT and Infrastructure teams of a major Supply Chain Development company through Level 1 PCI DSS Compliance. Adam went on to found the full-service security firm, High Bit Security, LLC., specializing in cost-effective network and application layer Penetration Testing, and assisting companies looking to achieve or maintain their Payment Card Industry Data Security Standards (PCI-DSS) compliance.
For more information about PCI compliance, you can email Adam at [email protected]