Royal Holloway 2012: PCI compliance, cloud computing are a costly pair

Feature

Royal Holloway 2012: PCI compliance, cloud computing are a costly pair

2012 Royal Holloway thesis seriesThe Payment Card Industry Data Security Standard (PCI DSS) outlines a set of rules for the handling and storage of credit card data. By achieving compliance, organisations will not only improve their chances of avoiding a data breach, but also protect themselves from the possibility of a financial penalty if a breach does occur.

Read the article

Download the article by Patrick Durkin on PCI compliance, cloud computing (.pdf).

Read the full thesis.

At the same time, many IT organisations are weighing the benefits of moving systems to an external cloud service provider, and deciding which systems could be safely outsourced to the cloud. Organisations are wondering: Is it safe to move card data to a cloud service provider? Or should that always remain on in-house systems? 

For his MSc thesis at Royal Holloway University of London (RHUL), Patrick Durkin, under the supervision of lecturer Geraint Price, examined PCI compliance, cloud platforms, and the virtualisation technologies used in the cloud. Durkin explored the security controls that must be deployed to achieve adequate protection for card data held on a cloud service.

Durkin examined the risks to all data hosted within a cloud environment and the cost-effectiveness and practicalities of utilising cloud services for a cardholder data environment. In his article, published here on SearchSecurity.co.UK, Durkin concludes that, whilst it might be possible to achieve PCI DSS compliance in a cloud-based environment, in most cases it would probably be impractical and not cost-effective.

The article is one of six that SearchSecurity.co.UK is publishing this year in collaboration with RHUL.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in June 2012

 

COMMENTS powered by Disqus  //  Commenting policy