Is there an update to PCI DSS guidelines? What do PCI DSS updates mean to my enterprise?
Commerce in our modern world relies on electronic payments using credit or debit "payment cards," and the Payment Card Industry (PCI) has long-established a Data Security Standard (DSS). The PCI DSS provides guidance and support to enhance security for payment cards, which includes specifications, tools and metrics. The idea is to help organizations that accept payment cards to protect sensitive cardholder data.
The last update to PCI DSS took place in late 2012 with a move from version 1.2.1 to version 2.0. Although there are no major revisions on the horizon, it is certainly important for organizations to consider the implications for any changes to PCI DSS.
For example, a principal goal of PCI DSS is to build and maintain a secure network. This means an organization must take a proactive role in network security and respond to any threats that might potentially compromise cardholder data. For example, no business should use equipment vendor defaults for passwords or security setups. Organizations must also take steps to protect cardholder data through physical security -- such as least-privilege storage access -- and encryption for data both at rest and in flight.
Organizations must manage vulnerabilities by maintaining anti-malware software and applying security patches to operating systems, applications, firmware and other potential points of vulnerability. Networks should also be monitored for access, especially to cardholder data, and tested regularly for potential security gaps.
Cloud computing can bring significant cost and management benefits to organizations, but those benefits are not automatic. Organizations must understand the role that cloud services play, the limitations of cloud services on important tasks such as data storage, the mixed benefits of formal cloud education and the impact of changing security standards on cloud users.
About the Author
Stephen J. Bigelow, senior technology editor in the data center and virtualization media group at TechTarget Inc., has more than 20 years of technical writing experience in the PC and technology industry. He holds a bachelor of science in electrical engineering, along with CompTIA A+, Network+, Security+ and Server+ certifications, and has written hundreds of articles and more than 15 feature books on computer troubleshooting, including Bigelow's PC Hardware Desk Reference and PC Hardware Annoyances.
Dig deeper on Data security in the cloud
Related Q&A from Stephen J. Bigelow
Cisco and VMware offer competing products to bring virtualization to the networking world, and each has a different way to implement the technology.continue reading
Using a network virtualization product such as VMware NSX can help administrators who want to be sure data won't leak from VMs.continue reading
VMware's network virtualization offering promises to speed up tasks that traditionally have slowed an enterprise from responding to immediate needs.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.