Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Google Cloud Platform Receives PCI-DSS Compliance Certification

The Google Cloud Platform is now compliant with the Payment Card Industry Data Security Standard (PCI-DSS), the search engine company announced on Tuesday.

The Google Cloud Platform is now compliant with the Payment Card Industry Data Security Standard (PCI-DSS), the search engine company announced on Tuesday.

PCI-DSS is a security standard for organizations that handle payment card information. Now that Google’s Cloud Platform is complaint, its customers will be able to store, process and exchange cardholder information.

“PCI DSS provides a comprehensive and robust security framework for securing credit card information and transactions. Google is using these third-party audited standards to deliver a platform on which application developers can create and operate their own secure and compliant solutions,” Google Cloud Platform Product Manager Matthew O’Connor explained in a blog post.

One of the first companies to benefit from the PCI-DSS compliant Google Cloud Platform is the United States-based online payment services provider WePay.

“Moving our hosting entirely into the cloud is something we’ve wanted to do for a long time. It will enable us to add more servers in seconds to deal with spikes in demand and give us more flexibility to do systems maintenance without impacting our customers,” said David Nye, director of DevOps at WePay. “But as a payments facilitator, we protect our customers by complying with the highest level of the PCI DSS, and that has made the move into the cloud more complicated than it is for many tech firms who don’t deal directly with payment infrastructure.”

Version 2.0 of PCI-DSS is valid only until December 31, 2014. The new sub-requirements introduced by PCI-DSS 3.0 will be considered best practices until July 1, 2015, when the new standard becomes mandatory.

The changes introduced with PCI-DSS 3.0 are designed to help organizations focus on security, instead of compliance.

“A shift is needed in how businesses think and view compliance and security. Asking ‘Am I compliant?’ is not the same thing as ‘do I have a strong security strategy for protecting my customer’s payment card data?’ Security requires a daily coordinated focus on people, process and technology and must be part of business as usual,” Bob Russo, general manager at the PCI Security Standards Council, told SecurityWeek in June.

The latest version of the standard also seeks to help organizations mitigate the risks posed by third-party service providers.

“Updates introduced with PCI DSS 3.0 and recent released Special Interest Group guidance aim to help organizations adequately address payments risks in their contracts with third parties and perform ongoing due diligence to ensure sufficient levels of card security are maintained by their business partners,” Troy Leach, CTO of the PCI Security Standards Council, told SecurityWeek last month.

 

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cloud Security

Orca Security published details on four server-side request forgery (SSRF) vulnerabilities impacting different Azure services.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cloud Security

Cloud Disaster Recovery - Ingredients for a Recipe that Saves Money and Offers a Safe, More Secure Situation with Greater Accessibility