Securing Card data on the Cloud: Application of the Cloud Card Compliance Checklist

El Alloussi, Hassan; Fetjah, Laila; Chaichaa, Abdelhak

Home // International Journal On Advances in Security, volume 9, numbers 1 and 2, 2016 // View article

Securing Card data on the Cloud: Application of the Cloud Card Compliance Checklist

Authors:
Hassan El Alloussi
Laila Fetjah
Abdelhak Chaichaa

Keywords: Cloud Computing; PCI-DSS; Card Industry; PCI-SSC; Cloud Computing Alliance (CSA); Cloud Controls Matrix (CCM), Checklist

Abstract:
Cloud Computing did come up with so many attractive advantages such as scalability, flexibility, accessibility, rapid application deployment, user self-service and mainly cost effectiveness. However, security issues and lack of governance let users hesitating before deciding. In the other side, with the advent of many means of payment, other than coins and banknotes, the security is also the big issue. Many tools has been developed to help Card Industry stakeholder to develop their products with minimal concern, like Payment Card Industry Data Security Standard. In fact, the Payment Card Industry Data Security Standard is a standard that aims to harmonize and strengthen the protection of Card Data in the whole lifecycle. Since its introduction, it has always been an efficient tool for controlling Card data on a platform deployed internally. In addition, it has been proved that this standard is among the best one for gauging data security, because it dictates a series of scrupulous controls and how they could be implemented. However, with the coming of the Cloud, the strategies have changed and the issues in protecting Card data become more complex. In this paper, we work on developing a checklist that will be a reference for the Cloud tenant to control the security of Card data and information on the Cloud Computing. Also, we will evaluate our result by applying our checklist on a real Cloud environment. In next steps, we will focus on evaluating Risk Management of deployed Card Transaction Platform on a Public Cloud and all the strategies to reduce impacts of all potential risks.

Pages: 36 to 48

Publication date: June 30, 2016

Published in: journal

ISSN: 1942-2636