FireHost’s Payment Island Simplifies PCI Compliance and Boosts Security for Online Payments Processing Businesses
September 25, 2013 No CommentsSOURCE: FireHost
(Dallas Sept. 25, 2013) — FireHost, the secure cloud hosting company, is further protecting payments processing cloud applications with its Payment Island solution. By decoupling credit card databases and transactional applications from monolithic IT environments, institutions responsible for storing, processing or transmitting credit card data can reduce their scope of compliance, provide better security, and achieve audits faster by reducing the risk profile associated with cardholder data. Presently, FireHost processes more than $20 billion in transactions per year in its Payment Island on behalf of eCommerce and retail companies (merchants), payments processors, card issuers and other financial institutions.
Kurt Hagerman, director of information security for FireHost, said that by improving performance within the cloud environment, a Payment Island provides responsible organizations with a safe haven for regulated payment card data. This kind of advanced protection requires specialized tools and expertise, and navigating these cyber threats and the regulatory landscape should only be trusted to a secure, managed cloud IaaS. FireHost Payment Islands were created to mitigate its customers¹ compliance burden by decoupling their regulated data from their own IT environments, thus reducing risk.
By isolating the payment engine through network segmentation, Payment Island essentially provides a data vault for businesses that process transactions in the cloud. By cross-connecting into a customer¹s own infrastructure within a data center and storing data outside typical administrative permission controls, the service eliminates latency and scales to provide resources on demand.
Now, in version 3.0, the FireHost Payment Island is updated regularly to ensure alignment with currentPayment Card Industry Data Security Standard (PCI DSS) standards, but that¹s really just a starting point.
³This is a game changing, managed cloud compliance solution,² Hagerman said. ³FireHost¹s Payment Island provides customers a private cloud experience that protects transactional applications by removing regulated data from local or regular hosting facilities and storage and masking and cloaking it in the most sophisticated cloud infrastructure available. The Payment Island provides administrative controls by segregating data from the corporate active directory (AD) permissions, so that customers can more tightly lock down and protect the information from internal threats.²
This concept was covered in a Dec. 2012 Gartner Research Note, ³Become PCI Compliant by Choosing the Right Hosting Service Provider.²
According to Tiny Haynes, research director for Gartner and author of the research note, ³Any site that handles credit card information needs to put in place the correct, far-reaching security processes and infrastructure to be PCI DSS compliant.²
He also recommends isolating the payment engine from the rest of the hosted infrastructure via network segmentation to reduce the scope of the PCI DSS requirements, and to ³choose service providers that have already certified their operations as being PCI compliant. This will help you save time and resources, since you are obligated to use only PCI-certified providers.²
Jed Danner, head of IT development at gotoBilling, agreed. The company, which has built its business model around offering a secure, compliant and easy payment platform, uses FireHost¹s Payment Island to protect its customers¹ personal and financial information in the cloud.
³FireHost understands PCI compliance unlike any other cloud services provider, and that makes a huge difference to our business,² Danner said.
³The network design of FireHost¹s Payment Island makes it easy for us to keep our clients secure and meeting compliance, which is mandatory for our success.²
The PCI DSS 3.0 standard is currently in its final phases of development.
The final standard will be published in November and will then become effective Jan. 1, 2014. Although PCI DSS 3.0 becomes effective in January, compliance with 3.0 is not mandatory until January 2015.
To see the Payment Island solution in action, go here.
About FireHost
FireHost offers the most secure, manage cloud IaaS available, protecting sensitive data and brand reputations of some of the largest companies in the world. With private, cloud infrastructure built for security, compliance, performance and managed service, responsible businesses choose FireHost to reduce risk and improve the collection, storage and transmission of their most confidential data. FireHost¹s secure, managed cloud IaaS is available in Dallas, Phoenix, London and Amsterdam, offer robust, geographically redundant business continuity options across all sites. Based in Dallas, FireHost is the chosen secure private cloud service provider for brands that won’t compromise on the security of their payment card, healthcare, and other regulated data.