A PCI WALK IN THE CLOUDS

November 21, 2019, Melbourne, Australia

atsec China participated in the PCI Security Standards Council’s 2019 Asia-Pacific Community Meeting held in Melbourne, Australia from the 20th to 21st of November, and also hosted a booth.

atsec’s principal consultants provided a presentation on “a PCI Walk in the Clouds.” atsec shared their experience in Payment Card Industry Data Security Standard (PCI DSS) assessment, especially the challenges and proposed solutions for assessments in a cloud environment. atsec also invited Tencent Cloud, as a cloud service provider, to share their compliance experience and data security model.

The presentation focused on two common cloud service models: cloud payment products (software as a service based) and cloud-based payment services (infrastructure as a service based). Challenges and opportunities for both models were discussed. In addition, atsec shared the “White Paper for Cloud Customer Data Security Standards Based on PCI DSS.” which was released by Tencent Cloud and atsec in July 2019, and related to shared responsibility between cloud service providers and cloud customers. The paper is a valuable resource for cloud customers selecting appropriate technical solutions to meet PCI DSS requirements.


In addition, a bamboo book (a condense version), titled “PCI Valuable Book” was demonstrated. It includes a checklist for critical security requirements in order to maintain compliance. atsec encouraged our customers to integrate their PCI DSS requirements into daily job activities. The information expressed in old books, such as the Art of Warfare written by Sun Wu in old China, could be simplified and summarized; however the impact of that short work can be huge. On the other hand, modern standards are complete and accurate in order to address all different types of situations applicable for the standard. No matter if it’s an old book or a modern standard like PCI DSS, a high quality implementation and validation assessment are always important.

Compliance and assessment processes could be viewed as “romantic dramas.” Although there could be challenges for entities doing remediation based on the security standards, finally the benefits of being compliant can be realized. Just as in “A Walk in the Clouds”, the characters in the movie are looking for true love; atsec hopes that the industry works together to get ready for changes that come with new technologies such as Cloud computing, IoT security, mobile payment, AI, etc., and seeks the true meaning of compliance and to improve overall information security.

The presentation can be downloaded at the following link:
http://www.atsec.cn/downloads/pdf/A_PCI_Walk_In_The_Clouds.pdf