We notice you are visiting from a U.S. Internet provider. 
02/02/2010 -
With the recent explosion of cloud computing, many companies have wondered how the technology fits with their payment processing compliance and security initiatives.Unfortunately, the verdict has not been a favorable one so far, and Qualified Security Assessor Phil Cox recently added to the skepticism.
In an article for Search Cloud Computing, Cox - who provided the caveat that his position as a QSA does not make his opinion representative of that of the PCI Security Standards Council - reported that "if you do store or process cardholder data in a public cloud, however, then it is my opinion that it would not be possible to currently achieve PCI DSS compliance."
The only way a company could maintain PCI security while still using a public cloud is by using the cloud only for securely transmitting cardholder data, which is essentially the equivalent of the internet.
"Until cloud providers are willing to open up and show us (i.e., customers and auditors) what the insides look like, PCI DSS compliance for storing and processing of cardholder data remains a pipe dream," he wrote.
This issue is of increasing importance as cloud computing continues to grow rapidly - a recent survey from Mimecast found that 70 percent of companies currently using cloud computing have plans to increase their cloud deployments, ChannelWeb reported.
