Protecting stored cardholder data is the end goal of the PCI DSS (Payment Card Industry Data Security Standards) compliance requirements, and data storage is one important aspect of that goal.
The PCI SSC (Payment Card Industry Security Standards Council) has a handy guide to PCI DSS Data Storage Do’s and Don’ts explaining the best practices for the benefit of merchant and financial institutions that need advice on how to handle customer cardholder data.
When it comes to basic cardholder data storage, the PCI SSC recommends:
A few ‘data don’ts’ include:
As a basic high-level overview, these guidelines are clear and intent on protecting data from unauthorized access and potential data leakage. A more in-depth analysis of the PCI DSS requirements from a PCI hosting provider perspective can be found in our PCI Compliant Hosting white paper that lists each technical requirement and outlines what a PCI compliant data center should entail. Security and data protection are paramount to merely checking off compliance requirements, and our white paper shows you how to achieve both.
Additional PCI resources you may find helpful:
Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.