RightScale Blog

Cloud Management Blog
Cloud Management Blog

Add new comment

Choosing the right provider is step #1. I have heard it said that, “PCI compliance should be the salesman of the year.” In other words, don’t just view PCI compliance as a “check box” prerequisite for entry, take that next step to better understand what the CSP in question is actually claiming when they state PCI compliance. What have they actually scoped in versus what is still the responsibility of you the customer? This demarcation line will also vary depending on the XaaS at hand, the higher up the stack, like a SaaS offering, the more the CSP is responsible for and vice versa for IaaS. So although it should be straightforward…PCI compliant, is not PCI compliant, is not PCI compliant. Ultimately it is you the customer that has to “face the auditor”, so you need to understand exactly what your CSP is claiming. Checking to see if they are posted as an approved service provider is an important first screening step. Then spend the time, buckle down and review their ROC in detail, to ensure you understand what you can rely on the CSP for and what you cannot. Note, I work for Dell and this is my opinion
Posted by Kevin Linderman (not verified)   Ι   July 24, 2012   Ι   11:24 AM