Blog Series: Reducing Risk with PCI-Compliant and Secure Community Clouds, Part II

By Jeff Reich, Chief Risk Officer, Layered Tech

In the first installment of this series, we looked at the magnitude in which companies are experiencing security data breaches and how PCI compliance can help businesses overcome these issues.  In this installment, we’ll examine how community clouds are emerging as an alternative environment for companies looking to achieve PCI compliance and robust security while also reaping benefits including reduced overhead.

The 1, 2, 3’s of securing data and achieving PCI compliance

Many technology security experts agree that securing company and customer data involves three steps:  1) identifying which data is critical and therefore needs to remain secure; 2) implementing the controls needed to protect that data; and 3) validating those controls.  As simple as this may seem, one misstep can result in not achieving PCI compliance, opening the door for highly damaging data breaches to occur.  For example, Verizon stated in its 2011 Data Breach Investigations Report that of the 761 data breaches it examined, more than 95 percent could have been avoided through simple controls.

By contracting with a PCI-compliant managed services provider, companies are able to put their security concerns in the hands of experts who stay up-to-date on security requirements and ensure that PCI compliance is maintained.  Managed hosting providers like Layered Tech make certain that regular monitoring occurs, audits run smoothly and all data is as safe as possible, allowing companies to focus resources on their businesses and customers.

Community clouds as an alternative

Community clouds are becoming a popular hosting environment option because they offer many advantages, including lower costs and more flexibility.  By utilizing community clouds, companies avoid expensive upfront hardware costs and don’t have to worry about the additional expenditures associated with hardware updates and maintenance.  In addition, companies with fluctuating data requirements can easily increase or decrease the services they receive and only pay for services used at any given time.

Community clouds also provide companies with “hidden” benefits.  For instance, if a cloud provider notices targeted malicious activity against one company, it can take actions to prevent the attack or similar attacks from affecting other companies.  Experienced cloud providers will place businesses with similar security needs and services on the same server to use the same pool of resources.

A hosting provider’s experience and expertise in the community cloud should be an important factor when selecting a vendor. Layered Tech pioneered virtualized and PCI-compliant environments and has years of accumulated experience in designing, implementing and hosting in the cloud. To learn more about Layered Tech’s services, check out the compliant hosting and managed cloud hosting information on our website or send us an email.

In the final installment of this blog series, we will explore security in the community cloud and explain the importance of security and how PCI compliance doesn’t necessarily ensure that data is secure.

Image credit: Kirsty Hall


Jeff Reich, Layered Tech Chief Risk OfficerAbout the Author: As Chief Risk Officer at Layered Tech, Jeff Reich (@LayeredTechCRO+Jeff Reich) drives the company’s security and compliance services and guides risk mitigation efforts for clients. With more than 30 years of experience, Reich is a well-known risk management and security expert in the industry. He holds CRISC, CISSP and CHS-III certifications and is an ISSA Distinguished Fellow.