PCI Security: Q&A with Anton Chuvakin, PCI Compliance Expert, PART 2

by VPNHaus | 07/20/2010 |Expert Q&A, PCI

 

In the second of a two-part series, VPN Haus talks to PCI compliance expert Anton Chuvakin about cloud compliance and the prevalence of the “it won’t happen to my company” attitude. Last week, we spoke to Chuvakin about the way the industry has misunderstood – and undervalued – PCI standards.

VPN Haus: You've mentioned that some companies take a "nobody wants to hack us" attitude to compliance. What kinds of companies tend to take this approach? What kinds of companies tend to be most vigilant - ones that have already had a breach?

In regards to more vigilant organizations, you are correct: breached companies are indeed more the vigilant - but only for a certain time. Some say a breach gives a boost to security awareness elevated vigilance for about a year.

VPN Haus: Are the consequences of a security breach for PCI companies enough of a deterrent?

VPN Haus: How would you describe PCI's approach to the cloud? Everyone seems to have an opinion on the cloud, but it seems like PCI has been quiet on this front.

VPN Haus: So basically, the PCI compliance applies to service providers or cloud providers if they have cardholder data?

VPN Haus: Is there anything that we haven't covered that you think is relevant or that you'd like to discuss?

Anton Chuvakin is a principal at Security Warrior Consulting, specializing in PCI DSS, SIEM and log management services for security vendors and enterprises. He also runs the Security Warrior blog and is based in San Francisco.

[tweetmeme source=”vpnhaus” only_single=false]