Recorded: November 6 | 2013 View
Organizations outsourcing card data to the cloud face significant security risks. Storing, processing and transmitting cardholder data in the cloud brings the cloud environment into scope for the PCI Data Security Standard (PCI DSS). And as soon as an organization adds other players to the offsite card-management mix, ensuring compliance with the PCI DSS becomes increasingly challenging.
In this new environment cloud users and cloud service providers need to clearly understand what their roles and responsibilities are when it comes to protecting this data. Organizations need to know where their data is at all times yet they have limited or no control over cardholder data storage. These are all things that you have to take into consideration when you're thinking about outsourcing to a cloud provider. In this webcast our panel will address ways to navigate the main PCI security challenges in the cloud, and attendees will gain insights on:
- Emerging PCI security risks in the cloud
- Processes for assessing risk when card data could potentially be stored in multiple locations
- Recommendations for achieving PCI compliance across virtual environments
- How to use a data-centric approach to maintain PCI scope management
Brandon Dunlap is the Managing Director of research at Brightfly. He has more than 15 years of experience managing business technology risk in large and small organizations. He has served in a variety of roles across heavily regulated industries, successfully leading all aspects of IT security programs, including policy and procedure management, oversight and control, strategy, architecture, development, and training. Currently, he is the Managing Director of Research of Brightfly, an independent, advisory and research firm that focuses on building a collaborative IT practitioner communities and bridging the gaps within information technology, security, risk, compliance, and audit disciplines.
Bob Russo, the General Manager of the PCI Security Standards Council, works with representatives from American Express, Discover, JCB International, MasterCard Worldwide, and Visa Inc. to drive awareness and adoption of the PCI Data Security Standard. Mr. Russo is responsible for driving the organization's growth and development, as well as meeting its goals to create educational programs, establish pools of certified Qualified Security Assessors (QSAs), Internal Security Assessors (ISAs), PCI Forensic Investigators (PFIs), and Approved Scanning Vendors (ASVs), and incorporate feedback from all stakeholders across the payment chain into the work of the Council and the development of new standards. In addition, Mr. Russo oversees the PCI Security Standards Council's training, testing, and certification programs for QSAs, ISAs, PFIs, and ASVs.
Jason Yaeger is the Director of Operations/Risk Management & Security Officer, at Online Tech. In his three years at Online Tech, Jason has guided the company through successful completion of many audits, including SAS 70 Type I, SAS 70 Type II, SSAE 16, HIPAA, PCI, & Safe Harbor. In addition to overseeing operations across all of Online Tech's data centers, Jason is also the Vice President of the Southeast Michigan Chapter of 7x24 Exchange. Prior to Online Tech, Jason was Director of Internet Operations at 20/20 Communications where he spent 8 years developing the company's wireless and internet initiatives.
Randal Asay is Catbird's Chief Technology Officer. He has over 15 years of experience in network security, architecture, implementation and security best practices in large commercial and governmental environments. Prior to Catbird, Randal served as a Director of Engineering at Walmart Stores Inc. In his time with the company he developed industry-leading code analysis practices to support security and compliance initiatives while also helping to establish an outsourcing governance body. Randal served numerous roles in the information security department, addressing enhancements to perimeter and network security as well as overall policy enforcement. In addition to his leadership in theInformation Security domain, Randal lead the E-commerce Infrastructure teams through extensive growth, delivering capacity management and technology refresh methods impacting network design, storage capacity and database tuning. Prior to joining Walmart, Mr. Asay brought his security expertise to governmentalagencies, servicing the Information Assurance division of the United States Air Force. Randal received his Bachelors of Science from Weber State University, and his Masters in Information Technology Management and Masters of Business Administrationfrom Webster University.