Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Google Cloud Platform Receives PCI-DSS Compliance Certification

The Google Cloud Platform is now compliant with the Payment Card Industry Data Security Standard (PCI-DSS), the search engine company announced on Tuesday.

The Google Cloud Platform is now compliant with the Payment Card Industry Data Security Standard (PCI-DSS), the search engine company announced on Tuesday.

PCI-DSS is a security standard for organizations that handle payment card information. Now that Google’s Cloud Platform is complaint, its customers will be able to store, process and exchange cardholder information.

“PCI DSS provides a comprehensive and robust security framework for securing credit card information and transactions. Google is using these third-party audited standards to deliver a platform on which application developers can create and operate their own secure and compliant solutions,” Google Cloud Platform Product Manager Matthew O’Connor explained in a blog post.

One of the first companies to benefit from the PCI-DSS compliant Google Cloud Platform is the United States-based online payment services provider WePay.

“Moving our hosting entirely into the cloud is something we’ve wanted to do for a long time. It will enable us to add more servers in seconds to deal with spikes in demand and give us more flexibility to do systems maintenance without impacting our customers,” said David Nye, director of DevOps at WePay. “But as a payments facilitator, we protect our customers by complying with the highest level of the PCI DSS, and that has made the move into the cloud more complicated than it is for many tech firms who don’t deal directly with payment infrastructure.”

Version 2.0 of PCI-DSS is valid only until December 31, 2014. The new sub-requirements introduced by PCI-DSS 3.0 will be considered best practices until July 1, 2015, when the new standard becomes mandatory.

The changes introduced with PCI-DSS 3.0 are designed to help organizations focus on security, instead of compliance.

“A shift is needed in how businesses think and view compliance and security. Asking ‘Am I compliant?’ is not the same thing as ‘do I have a strong security strategy for protecting my customer’s payment card data?’ Security requires a daily coordinated focus on people, process and technology and must be part of business as usual,” Bob Russo, general manager at the PCI Security Standards Council, told SecurityWeek in June.

Advertisement. Scroll to continue reading.

The latest version of the standard also seeks to help organizations mitigate the risks posed by third-party service providers.

“Updates introduced with PCI DSS 3.0 and recent released Special Interest Group guidance aim to help organizations adequately address payments risks in their contracts with third parties and perform ongoing due diligence to ensure sufficient levels of card security are maintained by their business partners,” Troy Leach, CTO of the PCI Security Standards Council, told SecurityWeek last month.

 

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

Xage Security has appointed Russell McGuire as CRO and Ashraf Daqqa as VP of the META region.

Solana co-founder Stephen Akridge has been appointed the CEO of data protection firm Cyber Grant.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.