• Latest
  • All
  • How To
CipherCloud Outlines 5 Steps for Achieving PCI DSS Compliance in the Cloud

CipherCloud Outlines 5 Steps for Achieving PCI DSS Compliance in the Cloud

February 10, 2014
Period Tracker

Period Tracker: An App That Prioritizes Simplicity and Privacy

July 11, 2026
How to Block Muse Image From Downloading and Remixing Your Reels

Meta Halts Muse Image After Outcry Over Risks of AI-Generated Content

July 11, 2026
Biggest Taxpayers Remain a Small Group of Formal Businesses, KRA Data Shows

Biggest Taxpayers Remain a Small Group of Formal Businesses, KRA Data Shows

July 11, 2026
How to Block Muse Image From Downloading and Remixing Your Reels

Muse Image: How to Block Others From Generating AI Content Using Your Instagram Posts

July 11, 2026
DHgate Tablet Cases deals
African Game Studios Can Now Apply for Google’s New $1 Million Fund

Google Tightens Play Store Terms Around Data, Sharing, and Billing

July 10, 2026
IEBC Owns Up to Cracks in 2022’s Dispute Resolution Process, Eyes Fixes Before 2027

IEBC Owns Up to Cracks in 2022’s Dispute Resolution Process, Eyes Fixes Before 2027

July 10, 2026
Emissions test

New Bill Would Force Kenyan Motorists to Test Vehicle Emissions Every Year

July 9, 2026
SpaceXAI Grok 4.5

Elon Musk Rebrands xAI as SpaceXAI and Launches Grok 4.5

July 9, 2026
KOKO Networks Puts Its Ethanol Empire Up For Sale

KOKO Networks Puts Its Ethanol Empire Up For Sale

July 8, 2026
Betting

New Betting Rules Let Families Request Gambling Bans for Loved Ones

July 8, 2026
Vodafone’s 55% Stake Gives It Control Over Safaricom Boardroom

Vodafone’s 55% Stake Gives It Control Over Safaricom Boardroom

July 8, 2026
Starlink

Starlink Suspends New Signups Across 7 Kenyan Counties as Capacity Fills Up

July 8, 2026
Techweez | Tech News, Reviews, Deals, Tips and How To
  • News
  • Entertainment
  • Reviews
  • Features
  • Editorial
No Result
View All Result
Techweez | Tech News, Reviews, Deals, Tips and How To
  • News
  • Entertainment
  • Reviews
  • Features
  • Editorial
No Result
View All Result
Techweez | Tech News, Reviews, Deals, Tips and How To
No Result
View All Result

CipherCloud Outlines 5 Steps for Achieving PCI DSS Compliance in the Cloud

Carlos Ageng'o by Carlos Ageng'o
February 10, 2014
in News
Reading Time: 3 mins read
259
0

To complement the PCI Council’s cloud computing guidelines, CipherCloud has outlined five steps for achieving PCI DSS compliance in the cloud. PCI Council’s guidelines for cloud appliances provide a framework for storage, processing and transmission of cardholder information in any cloud environment (SaaS, PaaS, IaaS, hosted email). The Council’s 52-page guidance calls for shared responsibility between cloud providers and cloud customers, including banks, merchants, service providers, and payment processors to ensure that cardholder data is protected and PCI-DSS compliant.
payment card
While the document advocates shared responsibility between cloud providers and customers, the recommendation lays out new security responsibilities for cloud customers to protect their cardholder data according to applicable PCI DSS requirements. It also specifies that customers need to understand and have a level of oversight and visibility into their cloud provider’s security functions.

In the absence of these new guidelines, cloud customers assumed that the cloud provider satisfied many of the PCI requirements and they started to rely on cloud providers to take care of most of the PCI requirements. This new guidance is an eye-opener as it clarifies that cloud customers cannot shift responsibility to their cloud providers. Cloud customers are still responsible for ensuring their cardholder data is secure.
credit
Under the new guidelines, cloud customers who have been hesitant to go to the cloud now have clear guidance and choices: encrypt their cardholder data before sending it to cloud to minimize PCI scope, send their unencrypted cardholder data to the cloud and thus extend the PCI DSS scope to the cloud service, or refrain from sending their cardholder data to the cloud.

CipherCloud’s recommendations for safeguarding cardholder and payment information and complying with the new PCI Cloud security guidelines include:

  • Cloud Encryption of Cardholder Data: As noted by the PCI Council, “ensuring that clear-text account data is never accessible in the cloud may also assist to reduce the number of PCI DSS requirements applicable to the cloud environment.” This can be achieved by applying the CipherCloud gateway to encrypt sensitive pieces of cardholder information transparently in real time before they are sent to the cloud using operations-preserving encryption and tokenization that do not impact the usability of the applications.
  • Customers Retain Encryption Key Control: With CipherCloud’s approach encryption key management remains in the hands of the cloud customers. This contrasts sharply with other approaches in which the cloud provider retains control over the keys that can decrypt cardholder information. This ensures that payment information remains secure even if a cloud provider is compromised.
  • Key Management: The keys need to be stored and managed independently from the encrypted data. At a minimum they should be maintained in a completely separate network segment, and preferably not accessible by the cloud provider.
  • Full Data Sovereignty and Legal Compliance: Due to the dynamic nature of cloud operations, it may not be known in which country the information is actually stored and whether it’s accessible by foreign authorities and system administrators. This may result in concerns over data ownership and potential conflicts between domestic or international jurisdictional and regulatory requirements. By encrypting the data before sending it to the cloud, cloud customers using CipherCloud can be assured that no information will be shared, even with law enforcement, without their direct involvement.
  • Restrict Business Card Holder Data On Need-to-Know Basis: By exclusively controlling the decryption keys, the data owner can be confident that all data access is controlled by their own authorized personnel and will comply with the organization’s internal need-to-know policies. No one at the cloud provider can access the information.

dikline
“These new PCI Cloud guidelines are very helpful,” said Pravin Kothari, founder and CEO of CipherCloud. “They provide very important clarifications to cloud customers as to their responsibility for protecting their cardholder data in the cloud, as well as defining clear steps for customers that have been hesitant to adopt the cloud on how to do so.”

Globally, CipherCloud has more than 1.2 million users. Over 100 million customer records are protected by CipherCloud’s 256-bit encryption gateways, this allows organizations to retain control over data in transit and at-rest in the cloud.

Tags: Data Security
SendShare147Tweet92
Carlos Ageng'o

Carlos Ageng'o

Bringing you news on information systems, business intelligence and IT innovations. Contact me on @aKhadiemik and c [dot] agengo [at] techweez [dot] com

Related Posts

PayPal

PayPal Confirms Data Breach Linked to Working Capital Loan Product

February 24, 2026
M-Tiba

2.15TB of Sensitive Patient Data Stolen in Alleged M-Tiba Hack

October 28, 2025
PayPal logins hacked

Hacker Claims to Sell 15.8 Million PayPal Logins in Massive Data Dump

August 19, 2025
women phone password usage

Study Shows Women Less Likely to Secure Phone With Passwords

July 21, 2025
How to Secure Your Phone and Yourself During Protests

How to Secure Your Phone (and Yourself) During Protests

May 25, 2026
NSSF Hacking Claims Disputed: Fund Says No Member Data Compromised

NSSF Denies Allegations of Massive 2.5TB Data Breach

October 28, 2025

Latest

Period Tracker

Period Tracker: An App That Prioritizes Simplicity and Privacy

July 11, 2026
How to Block Muse Image From Downloading and Remixing Your Reels

Meta Halts Muse Image After Outcry Over Risks of AI-Generated Content

July 11, 2026
Biggest Taxpayers Remain a Small Group of Formal Businesses, KRA Data Shows

Biggest Taxpayers Remain a Small Group of Formal Businesses, KRA Data Shows

July 11, 2026
How to Block Muse Image From Downloading and Remixing Your Reels

Muse Image: How to Block Others From Generating AI Content Using Your Instagram Posts

July 11, 2026
African Game Studios Can Now Apply for Google’s New $1 Million Fund

Google Tightens Play Store Terms Around Data, Sharing, and Billing

July 10, 2026
IEBC Owns Up to Cracks in 2022’s Dispute Resolution Process, Eyes Fixes Before 2027

IEBC Owns Up to Cracks in 2022’s Dispute Resolution Process, Eyes Fixes Before 2027

July 10, 2026

Best devices

Best Infinix Phones of 2025

Best Infinix Phones of 2025: Budget Prices With Premium Features

December 31, 2025

The Best Infinix Accessories Worth Buying in 2025

November 26, 2025

Best Budget Wireless Earbuds To Buy in Kenya (2025)

October 8, 2025

Samsung Galaxy A36 5G vs Samsung Galaxy A56 5G: Comparison Review

August 29, 2025

Infinix Hot 60 Pro+ vs Infinix Hot 60i: Comparison Review

August 22, 2025

Best Budget Smartwatches To Buy in Kenya 2025

February 13, 2025

Techweez is where tomorrow’s tech stories break today, thanks to intelligent analysis, real-world insight, and visionary storytelling.

Follow Us

Editorials

Period Tracker: An App That Prioritizes Simplicity and Privacy

Inside Bumble, the Dating App Where Women Call the Shots

Locket: Photo Sharing App With No Feed, No Likes, and No Algorithms

Couple Joy: A Long-Distance Dating App That Builds Intimacy in Small Daily Acts

Airbuds: The App That Turns Your Music Into a Social Feed

Kenya Might Need to Crack Down on Wealth Porn Like China

More News

New Bill Would Force Kenyan Motorists to Test Vehicle Emissions Every Year

Elon Musk Rebrands xAI as SpaceXAI and Launches Grok 4.5

KOKO Networks Puts Its Ethanol Empire Up For Sale

New Betting Rules Let Families Request Gambling Bans for Loved Ones

Vodafone’s 55% Stake Gives It Control Over Safaricom Boardroom

Starlink Suspends New Signups Across 7 Kenyan Counties as Capacity Fills Up

  • Terms Of Use
  • Techweez Brand
  • Privacy & Policy
  • Contact Us

© 2024 Techweez - Palahala Media Group may earn a commission when you buy through links on our sites.
A Palahala Media Group Brand. All rights reserved.
.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

Techweez | Tech News, Reviews, Deals, Tips and How To
Crunchy Cookies 🍪 Ahead!

Hey there! Just a heads-up: we're big fans of cookies - both the digital and edible kind! 🍪 We use our cookies and some from third parties to ensure your browsing experience on our site is smooth sailing and secure.

 

But wait, there's more! We also use cookies to gather stats and insights on how you navigate our site. It's like getting a behind-the-scenes peek at your digital adventures!

 

Don't worry, you're in control. You can adjust your cookie settings anytime to suit your preferences. Feeling curious? Dive into our Privacy Policy for all the juicy details. Happy browsing! 🚀

Functional Always active
Listen, this legal stuff is about as exciting as watching paint dry. But it basically says we only use your stuff for what you asked us to do, and nobody else gets to peek!
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
It's those sneaky cookie crumbs websites leave behind to count visitors, like counting ants at a picnic! Totally harmless, just for fun facts. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
Hey there! Just letting you know we use some fancy gizmos to remember your preferences. This way, we can show you ads that are, well, not completely bananas.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Make cookies
{title} {title} {title}
Techweez | Tech News, Reviews, Deals, Tips and How To
Crunchy Cookies 🍪 Ahead!
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
Listen, this legal stuff is about as exciting as watching paint dry. But it basically says we only use your stuff for what you asked us to do, and nobody else gets to peek!
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
It's those sneaky cookie crumbs websites leave behind to count visitors, like counting ants at a picnic! Totally harmless, just for fun facts. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
Hey there! Just letting you know we use some fancy gizmos to remember your preferences. This way, we can show you ads that are, well, not completely bananas.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Make cookies
{title} {title} {title}
No Result
View All Result
  • News
  • Reviews
  • Features
  • Editorial
  • Automotive
  • Entertainment

© 2024 Techweez - Palahala Media Group may earn a commission when you buy through links on our sites.
A Palahala Media Group Brand. All rights reserved.
.