Archive for the ‘Fastdomain Discount Code’ Category.

Q&A: Sean Bruton of NeoSpire, on PCI Compliance Services

July 31, 2011, 7:00 am

Sean Bruton of NeoSpire talks to the WHIR about PCI compliance and hosting

(WEB HOST INDUSTRY REVIEW) — Payment Card Industry Compliance is required for all website owners that authorize, process or store credit card numbers. Merchants are required to run a quarterly PCI Scan and provide it to their merchant bank for compliance.

So it only makes sense for hosting providers to ensure that they offer merchants a secure hosting environment that will pass these PCI scanning tests.

Of the more than 200 security controls required to comply with the PCI DSS Standard, 75 percent of them relate to issues that can be addressed by web hosting providers that specialize in PCI compliance support.

These areas range from the physical security of the data center to requirements involving application firewalls, host intrusion detection systems, anti-virus software and security patches, penetration testing and many other technical areas.

In an email interview, NeoSpire (www.neospire.com) senior director of security Sean Bruton discusses how hosting providers can ensure that they offer hosting services for e-commerce customers that will protect cardholder data of their end users and ensure they are PCI compliant.

WHIR: what aspects of PCI compliance can hosting providers offer as tools or services for their ecommerce customers?

Sean Bruton: The only services a hosting provider could not provide would be the official PCI auditing performed by a Qualified Security Assessor. Hosting providers are not able to register with the PCI Security Standard Council as a QSA given that they are involved in the operation of the servers and applications handling cardholder information, a clear conflict of interest as audits should be performed by a neutral third-party.

WHIR: what are the barriers for hosting providers in offering these kinds of tools?

SB: Security services are very costly to implement as they are generally a large human resource time sink – it takes a lot of manual effort to do things like penetration testing, managing application firewalls, responding to logged events on servers and firewalls. most hosting providers simply choose to bring in third-parties that specialize in one particular security service or lease the security technology to their customers, leaving them will the responsibility to actually make it useful.

WHIR: what are the challenges for hosting customers?

SB: Hosting buyers must consider how much effort they are willing to put into the solution before purchasing. Even the third-party solutions are almost always monitoring-only, meaning that the customer may not have to run the security systems but they are still going to get that 3 a.m. phone call and be expected to respond to a security breach on their own.

WHIR: what factors do web hosts need to address in offering PCI compliance tools?

SB: at a minimum, hosts will need to address the physical security requirements of the PCI DSS, as they cannot outsource these responsibilities to their customers or third-parties. The more support you provide for your customers, the deeper your obligations under PCI DSS will be.

WHIR: Why is it important for web hosts to offer these tools?

SB: Merchants accepting credit and debit cards for payments and the service providers that support them cannot host at a location that does not comply with the PCI DSS. Larger merchants and most service providers are greatly burdened by their annual compliance validation obligations. Without a strong set of compliance tools and support services, many of these organizations will have such a hard time with their annual QSA audits that they will simply need to seek an easier solution.

Popular Tags:

Tags: , , , ,
Category: Fastdomain Discount Code  |  Comment