Include:
Tech
Cybersecurity
Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.

Location

333 West San Carlos Street
San Jose, California 95110
United States

WWW: acer.com

ChannelPro Network Awards

hello 2
hello 3

News

December 7, 2021 |

Cloud Scoping

The Cloud Security Alliance and PCI SSC encourage businesses to identify all people, processes, and technologies that could impact payment security.

WHEN A CUSTOMER taps a credit card at a small business, the processing almost always happens in the cloud. Since the business is ultimately responsible for the security of that transaction, it needs to conduct “cloud scoping” to identify which upstream companies are involved, and where the financial data gets stored. The issue has become so important that the Cloud Security Alliance and the PCI Security Standards Council (SSC) issued a joint alert that stressed cloud scoping to improve transparency, accountability, and security.

“Scoping cloud responsibilities assists in providing focus to assessments, procurement, and security management,” says Jim Reavis, CEO of the Cloud Security Alliance. He believes organizations are doing a better job at it, but need help understanding how the cloud is defined, structured, and delivered. “Transparency on the part of the cloud providers and an informed customer are the keys,” he adds.

“The focus should be on data protection,” says Troy Leach, senior vice president and engagement officer of the PCI SSC. Too many organizations think bringing in a third-party cloud service provider (CSP) is the only step necessary to secure payment data. However, Reavis warns, many CSPs have dependencies on other cloud providers “that are opaque” to the customer, such as backup, authentication, and security providers supporting the CSP.

One of the difficulties in cloud scoping is getting the transparency needed to see the full chain of providers and where the data finally resides. When a customer asks their SaaS provider questions that apply only to a physical data center, that’s a clue they need help with cloud scoping.

A cloud scoping exercise by channel pros on behalf of their customers will establish internal processes to make cloud security a priority, says Leach. “Limiting exposure to payment data reduces the chances of it being a target for criminals.” The PCI and CSA joint statement dives deeper into this topic.

Areas of focus in a cloud scoping exercise include maximizing the use of strong cryptography and encryption key management practices, along with implementing multifactor authentication globally to protect against common credential attacks on consumers, merchants, and service providers. Ensuring that upstream providers perform routine administrative operations such as patch management, verified code updates, and configuration management is essential too.

For some companies subject to relevant compliance requirements, checking that data is stored only within appropriate geographic boundaries will be necessary. Add in inspecting the security of development operations, outlining the source of all software components in the payment solution, and confirming system resiliency for application availability and data backups, and you can see that a cloud scoping exercise requires diligence.

“The main benefit of a scoping exercise is greater clarity to where payment data may exist and who may have access to those resources,” says Leach. “Proper scoping of cloud environments is a significant step in that process for organizations that utilize cloud services and associated benefits.”

Image: iStock


Editor’s Choice

MSP360 Bolsters Managed Backup Solution With Full Sharepoint Backup and Restore, Object Lock, and More

March 25, 2024 |

MSP360 CEO Brian Helwig details the latest improvements in its managed backup solutions and teases some new opportunities down the road for its partners in an exclusive ChannelPro interview.

Peer to Peer: Aurora’s Philip de Souza shares his secrets to creating a successful MSSP

March 19, 2024 | Philip de Souza

“It’s important that we understand when it comes to this whole MSP world that it’s all about the customer.”

Evolving State AI Regulations: Best Practices for Mitigating Risk

March 14, 2024 | Anurag Lal

While AI technologies can unlock tremendous business value, they also have potential risks.


Related News

Growing the MSP

Explore ChannelPro

Events

Reach Our Audience