In an interview with Infosecurity, NeoSpire's Sean Bruton noted that many regulations do not include provisions for the cloud. Though the PCI DSS was designed to help organizations protect the credit card data, the most recent iteration includes best practices for cloud computing.
Bruton asserted that companies looking to deploy the cloud can use the PCI DSS to determine whether a services provider employs adequate cloud security practices. While noncompliance with the PCI DSS does not necessarily mean data security practices are lacking, a vendor that is compliant has been identified as operating with data security in mind.
"The report on compliance is important to have … [because] if you are not getting a PCI compliance report from your vendor, you’re not going to know which of the areas you can depend upon them for compliance, or which ones are being left on your shoulders," Bruton said.
Many organizations are working independently to establish cloud standards. The Institute of Electronics and Electrical Engineers, the Open Data Center Alliance and the Cloud Security Customer Council have each announced intentions to create standards that address concerns in the cloud.
-McAfee Cloud Security