Decolar needed to ensure that PCI Data Security Standard (PCI DSS) controls were being maintained in its cloud environment. Working with a third-party cloud service provider (CSP), the company built a new networking environment, which involved installation and configuration of all communication and security devices under PCI DSS.
Key takeaways:
- CSPs offer many services to help assure that the infrastructure is properly secured
- A company itself is ultimately responsible for the security of its data as well as the configuration of the services running on the network
- Decolar recommends developing a written agreement that covers your company’s responsibilities and the CSP’s responsibilities
