Security News > 2021 > August > Scoping cloud environments: Tips and best practices
The PCI Security Standards Council and the Cloud Security Alliance issued a joint bulletin to highlight the importance of properly scoping cloud environments.
At a high level, scoping involves the identification of people, processes, and technologies that interact with or could otherwise impact the security of payment data or systems.
When utilizing cloud security for payments, this responsibility is typically shared between the cloud customer and the cloud service provider.
Data breach investigation reports continue to find that organizations suffering compromises involving payment data were unaware that cardholder data was present on the compromised systems.
Proper scoping should be a critical and ongoing activity for organizations to ensure they are aware of where their payment data is located and that the necessary security controls are in place to protect that data.
"Cloud computing can be very secure when best practices are employed and all stakeholders understand their shared responsibility, which is learned through proper scoping. While companies of all sizes use the cloud, the knowledge gap is most evident with smaller businesses, which put them at risk of suffering a security incident. We are all in this together," said Jim Reavis, CEO, Cloud Security Alliance.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/SCEVNYO_pEw/