Home > Industry News > IT Risk Management > PCI compliance can be used to rate data security of apps

PCI compliance can be used to rate data security of apps

Posted on

While the PCI Data Security Standard was originally meant to protect the confidential information of consumers, one expert recently said the industry regulation can also be used to rate the data security capabilities of cloud computing services.

Speaking recently with Infosecurity, Sean Bruton, senior director of client services and security with managed hosting services provider NeoSpire, said PCI compliance should also be used as a data security template. Before choosing a certain vendor, a company should take a look at its PCI compliance report to ensure it employs the proper security measures, he said.

"The report on compliance is important to have … [because] if you are not getting a PCI compliance report from your vendor, you're not going to know which of the areas you can depend upon them for compliance, or which ones are being left on your shoulders," he told Infosecurity.

Vendors should address control requirements as well as physical and basic network security measures, according to the expert.

A recent InfoWorld report advised companies to recognize that the cloud is not perfect, and IT risk management preparations are necessary. Being proactive will protect against certain cyber security threats.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>