Remaining PCI DSS compliant in the cloud

Cloud computing technology is changing the game for interactions between organizations, individuals and partners. Organizations are adopting cloud computing technology at a rapid pace as the solutions enable instant access to real-time data as well as communication and file-sharing capabilities that connect users to networks and each other for accelerated decision making. Access to information and communications from any location is enabling a more mobile work environment, which can increase convenience and reduce costs - both significant perks for nonprofits struggling to sustain donation levels in an uncertain economy.

With the many benefits of cloud computing technology comes some challenges, as organizations look to migrate their computing systems onto the new platform while remaining compliant with industry rules and regulations.

Council warns of security issues
The PCI Security Standards Council recently shared recommendations on how to remain compliant with regulations aimed at organizations worldwide that handle transactions and are migrating to the cloud. The council offers guidance on how to follow regulations governing payments made via cards including credit, debit and prepaid. Nonprofit organizations that have an online donation page and are considering implementing cloud computing technology throughout their organization must be aware of potential security issues that could threaten compliance statuses and the safety of donors submitting information.

According to the council, remote card payments and mobile transactions must update their security features to ensure these alternative sources of funding are as secure as those made via standard POS. Nonprofit organizations should migrate to the cloud, determine the deployment of controls, implement data encryption and make other cloud-specific security adjustments before accepting donations from mobile devices. Additional security features should include:

  • Physical firewalls and network segmentation
  • Data-loss prevention tools
  • Two-factor authentication
  • Continual monitoring of perimeter traffic

SC Magazine, however, pointed out the council fails to explain that many existing securities used in traditional platforms will not scale well when the organization migrates to the cloud. Most nonprofits will find it easier to adopt new solutions specifically designed for cloud computing technology and mobile transactions.

Back to News