“PCI compliance requires a fundamentally higher level of security than most cloud computing vendors can deliver” said Yan Ness, CEO of Online Tech. “A lot of companies can – and do – say that they’re HIPAA or PCI compliant. But Online Tech can actually show that, in addition to our HIPAA-audited cloud computing, our PCI compliance was also audited by an independent, third-party auditor.”
As more merchants move their payment systems to the cloud, PCI compliance is essential. Online Tech is way ahead of a movement to standardize the transparency of those security practices.
In contrast to some cloud vendors that claim HIPAA or PCI compliance without third party audits, Online Tech backs up its compliance claims with annual audits. UHY Advisors, LLC conducted the PCI audit of Online Tech and issued a 127-page Report on Compliance (ROC) with results on 297 tests that covered all 12 PCI-DSS requirements. Online Tech passed with 100% compliance.
Diana Kelley, a partner at SecurityCurve, told SearchSecurity.com that far too few vendors provide the visibility and documentation necessary to maintain PCI compliance. She said large businesses can often force cloud providers to accept an audit, but “if you are not a big enough account they could be willing to let your business go.”
No arm-twisting was necessary at Online Tech, which subjected its data centers, operating processes, personnel, cloud servers and network security to the audit. It covered the company’s colocation, private cloud and multi-tenant cloud offerings.
Online Tech is also one of the few data center operators that backs up its PCI and HIPAA compliance claims by making the Report on Compliance available to its prospects and clients.“We believe independent audit reports are a key component for anyone looking to prove their solution is compliant to PCI or HIPAA requirements,” said Ness.
Online Tech has also released a 27-page white paper on PCI Cloud Computing that provides both an overview of PCI requirements as well as a reference model for building a PCI compliant cloud.
“The technical requirements to meet PCI are quite sophisticated, so we wrote this white paper to make it easier to understand all of the technical requirements that go into delivering a PCI cloud,” said April Sage, Online Tech’s Director of Marketing.