Lower capital expenses, access to the newest technology, and operational efficiency are among some of the most documented benefits of moving to the Cloud. The conversation gets a bit complicated when somebody invariably asks: Is the Cloud secure? Can you trust a platform with limited security controls, new security paradigms, and unfamiliar management techniques?
The cloud services industry has grown tremendously over the past several years, resulting in new vulnerabilities and associated risk. How you protected your cloud environment in the recent past no longer suffices. This was a hot topic at this year’s RSA Conference as several sessions provided strategies for securing the cloud environment.
Maybe you’ve seen the latest security scare video that’s making its way across the Internet. A group of men are shown installing a credit card skimmer over the entire PIN pad in under three seconds. This latest attack example reinforces the importance of new requirements that were introduced in PCI 3.0 requiring organizations to inventory and conduct periodic physical inspections of PIN pads. So, what can you do to identify these issues quickly?
The best practices introduced in the PCI DSS v3 (6.5.10, 8.5.1, 9.9, 11.3, and 12.9) become mandatory requirements on July 1, 2015. One of the most formidable new requirements, especially for retailers with a large number of point of sale systems accepting card present transactions, will be Requirement 9.9. There are three basic goals of Requirement 9.9: maintain a list of devices, periodically inspect devices to look for tampering or substitution, and train personnel to be aware of suspicious behavior and to report tampering or substitution of POS devices. Let’s take a quick look at what merchants will need to do and what the QSA will be reviewing.
The great thing about working with a passionate team of professionals is the inclination to share information, techniques, and tools – a cycle of constant improvement. I was recently in the middle of one of those discussions when it turned towards a particular application designed to capture notes. It wasn't the first time I’d heard the praises about this particular application. I also remembered that it had finally been released on my platform of choice, Mac OS X. I popped open the App Store and had it downloaded before the conversation even concluded, excited to explore the potential of the tool. Upon launch, I was immediately required to create an account so the notes could be stored in the cloud.