Safe Passage: Fluid Consulting Contributor in SC Magazine
With cloud computing becoming popular for e-commerce, what are the security and privacy concerns moving forward, asks Jim Romeo.
That warehouse of personal data and information, the desktop computer, is going the way of the dodo bird. All the essential bits and bytes once available right from the hard drive inside the computer will soon be migrating to servers far, far away in a mysterious realm known as the cloud.
According to research conducted by the Pew Research Center, by 2020 the majority of computer users will access software applications online, and share and access information by way of remote server networks. The survey predicts that cloud computing will trump the desktop and will use con- nections to servers operated by outside firms. For many of the survey respon- dents, this raises questions about the security of their data.
Combine this with the fact that the burgeoning payment card industry – with about 180 million credit card users and a fast-growing number of debit card users – has seen a slew of regulatory reform from Congress in the past two years. Additionally, an industry-wide movement of self-imposed standards has given retailers and commercial enterprises governance and best practice guidelines, such as those from the PCI Security Standards Council, which describes its Payment Card Industry- Data Security Standard (PCI-DSS), as providing “an actionable framework for developing a robust payment card data security process – including prevention, detection and appropriate reaction to security incidents.”
Users buy everything from a new car to a week’s groceries on their purchase card. But is PCI enough, given the com- ing proliferation of card activity by way of cloud computing?
“PCI-DSS standards are just one of many standards agencies that must be met for certain industry types,” says Wade Yeaman, founder and CEO of Texas-based Fluid Consulting. “A key component is to know the data center where your cloud is being provided. Data centers are classified in tiers for availability and failover, but also in their adherence to standards, such as SAS-70, PCI-DSS, ISO 9001, external audits and other industry specific standards.”
The data center should be willing and happy to provide this information, he says. A cloud provider should then be able to offer additional security practices. “The most important factor is to know your business and which standards apply to you,” Yeaman says. “With new laws and regulations being released on a regular basis, this becomes an ongoing endeavor.”