Re: Cloud Computing and PCI Compliance
Re: Cloud Computing and PCI Compliance
- Subject: Re: Cloud Computing and PCI Compliance
- From: Simon <email@hidden>
- Date: Mon, 23 Aug 2010 19:10:38 +0100
Based on some other internet "research", a possible approach to deal with this scenario might be building a hybrid cloud architecture having most of the deployment in the could while having a separate secure webservices application hosted physically and securely inhouse for storing the encrypted cc records and processing the credit card transactions themselves.
this is exactly our plan. when we're big enough to warrant level 1 we'll make use of amazon virtual private cloud to bridge out to an environment that can be PCI level 1. interestingly if you read the marketing material on VPC it pretty much describes what you have:
"AmazonVPC enables enterprises to connect their existing infrastructure to a set of isolated AWS compute resources via a Virtual Private Network (VPN) connection, and to extend their existing management capabilities such as security services, firewalls, and intrusion detection systems to include their AWS resources"
Simon
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden