PCI in the Cloud

Cloud Computing is here to stay

“By 2020, a corporate "no-cloud" policy will be as rare as a "no-internet" policy is today.”
Gartner, Market Insight: Cloud Computing's Drive to Digital Business Creates Opportunities for Providers, May, 2016, refreshed July 2017

Cloud computing is no longer a new paradigm, and yet, there is still uncertainty around how cloud computing affects PCI compliance for cloud providers, payment service providers, and merchants. But they face compliance and security challenges unique to their business models.

Merchants in the Cloud – It’s more than just ecommerce

Migration to the cloud presents a myriad of choices with different business opportunities and compliance challenges. Merchants at all stages of cloud adoption struggle with the implications of shared responsibility models and architectural choices. Coalfire has successfully advised and assessed Fortune 500 merchants with new and evolving cloud implementations.

Payment Service Providers

The cloud offers great business benefits for service providers – cost savings, IT flexibility and scalability, global reach, and new business models are just a few. However they face two significant challenges when migrating or managing payment services in the cloud. These include minimizing compliance risk and effort, and helping customers meet their compliance needs. Coalfire brings deep knowledge and experience to help our clients align their cloud strategies and compliance needs.

Cloud Providers

Cloud and managed service providers must support their customers’ (merchants and payments service providers) PCI compliance needs to differentiate themselves and maintain customer satisfaction. As more payments are performed online, cloud service providers need to understand how to maintain and simplify PCI compliance for their customers. Not only do we deliver an assessment and documentation, but we also partner with our customers to help our clients address their compliance needs and position themselves to support their end-users.

PCI Services

Coalfire has unparalleled experience applying the PCI standards to cloud-based architectures. We are the assessor for several of the largest Cloud Service Providers in the world. In addition to our core PCI Services, we provide a variety of advisory services tailored to meet our clients’ unique situations, such as providing advisory services for migrating to the cloud and maintaining their PCI compliance, developing a PCI responsibility matrix (Cloud Providers), and conducting a gap analysis with remediation recommendations for customers who have recently migrated to the cloud.

Why Choose Coalfire

Fortune 500 companies rely on Coalfire for our deep understanding of cloud technologies to help them navigate their cybersecurity needs and meet compliance requirements. Through our experience conducting thousands of PCI assessments and hundreds of “in the cloud” assessments and security projects, Coalfire knows how to simplify the assessment process and improve program management. As an industry and thought leader in PCI compliance, we bring unparalleled knowledge and experience. Our actionable guidance will enable clients to:

  • Realize benefits of Cloud adoption, without sacrificing PCI compliance
  • Reduce uncertainty around how PCI compliance is managed in the Cloud
  • Empower clients to understand the implications of Cloud implementations for future assessments
  • Position themselves for customer PCI compliance success.