CloudPassage Streamlines PCI Compliance Across Any Cloud Environment

Halo cloud security platform certified as PCI-ready solution to automate PCI-DSS security controls for merchants and payment providers leveraging cloud infrastructure

San Francisco, Calif— July 9, 2013—CloudPassage®, the leading cloud infrastructure security provider, today announced that its Halo cloud security platform has been certified as a Level 1 Payment Card Industry-Data Security Standard (PCI-DSS) service provider. With its own certification, CloudPassage now reduces the complexity of becoming and remaining PCI-DSS compliant when leveraging cloud infrastructure. Companies like RightScale, Spindle, and Martini Media – along with several Fortune 500 consumer media enterprises – rely on the Halo platform to enable PCI compliance in private and public clouds. CloudPassage engaged GuidePoint Security, a Payment Card Industry-Qualified Security Assessor (PCI-QSA), to conduct their certification audit.

"The cloud has introduced a host of new challenges for companies that need to prove PCI compliance for regulatory reasons or satisfy customer demands. These new challenges slow down businesses from achieving the agility and business scalability of cloud delivery models," said Carson Sweet, co-founder and CEO, CloudPassage. "Our Halo platform eliminates many PCI compliance challenges, and automates the demands of maintaining compliance, enabling companies to focus less on compliance drudgery and more on enhancing their businesses. Our PCI certification shows our commitment to enabling our customers to adopt cloud easily."

"Achieving PCI compliance entails passing a series of audits and meeting strict criteria that represent a strong benchmark for cloud security and data security overall. This benchmark ensures that sensitive information is always accounted for in any environment," said Justin Morehouse, founder and principal, GuidePoint Security. “CloudPassage demonstrated that its own systems are PCI-ready during the auditing process, a benefit for its customers as they can be sure CloudPassage will not introduce non-compliant factors into their businesses.”

CloudPassage’s Level 1 certification against PCI-DSS means businesses operating in public, private or hybrid cloud environments can far more quickly establish and maintain PCI compliance. CloudPassage Halo automates major portions of the following PCI-DSS objectives and their respective requirements for cloud infrastructure:

  1. Build and Maintain a Secure Network
  2. Protect Cardholder Data
  3. Maintain a Vulnerability Management Program
  4. Implement Strong Access Control Measures
  5. Regularly Monitor and Test Networks

"PCI compliance in the cloud is a tricky endeavor, as the environment, be it private, hybrid or public like ours, is so dynamic that tracking and validating configurations for compliance can be more than a full-time job," said Phil Cox, Director of Security and Compliance, RightScale. “By automating security controls, including configuration management and file integrity monitoring, proving compliance at any time is now possible and we have been able to exceed the PCI standards for security.”