We notice you are visiting from a U.S. Internet provider. 
29/01/2010 -
Cloud computing, for all of the benefits it brings both business and individual users, can create a sticky situation with compliance regulations such as payment processing's PCI DSS requirements.According to Ellen Rubin, writing for Virtualization Journal, shifting computing to a public cloud-based model may make an organisation noncompliant with regulations such as SAS 70 and PCI, because the organisation no longer has control over the protection placed around data hosted in the cloud.
Some cloud computing platforms may be PCI compliant in and of themselves, but this is not always - or even often - the case, so organisations should do their due diligence before choosing a provider.
Organisations may also want to keep their systems containing payment processing data isolated from the cloud provider's infrastructure.
"Placing protection mechanisms into your resources in the cloud can assure that data moving across the cloud provider's networks and all data stored in their systems is encrypted," Rubin noted. "This still requires that the cloud provider run its data center with proper physical security, power management, etc., but can greatly enhance the application level security that the enterprise needs."
An increasing number of companies are turning to cloud computing deployments, as they typically are more cost-effective and energy-efficient than on-premise deployments, studies have shown.
