PCI DSS compliance island

FireHost has announced the availability of its ‘Payment Island’ service in Europe. The service helps customers keep sensitive data secure and is specifically designed to enable payment-focused businesses to meet the stringent Payment Card Industry Data Security Standards (PCI DSS).
Companies that are found to be non-compliant with the PCI DSS regulations can face significant fines. By providing a virtual safe haven for regulated data, the FireHost Payment Island helps ensure compliance with the latest PCI DSS requirements. The Payment Island is updated regularly to ensure alignment with updates to the PCI DSS standard, and will help companies handling payment card data achieve compliance with PCI DSS 3.0, which was introduced on the 7th of November 2013.

“Steep penalties make handling card data a high stakes proposition. The latest revision to the standard could leave a number of organisations falling out of compliance,” said Kurt Hagerman, director of information security for FireHost. “With the launch of the new standards, PCI compliance will be a key priority for CIOs and CISOs, and FireHost’s Payment Island solution is designed to ease the pain of meeting stringent payment card regulations.”
The FireHost Payment Island is an effective way for organisations to reduce their scope of PCI DSS compliance, better secure their customer data, and meet their audit requirements by reducing the risk profile associated with cardholder data. Already available in the US, FireHost’s Payment Island enabled ecommerce, retail, payments and other financial customers to process nearly £15 million of transactions in the last year.

FireHost’s Payment Island solution was created to mitigate payment card industry compliance burdens by decoupling regulated data from staple or legacy IT environments, thus reducing risk. However, this kind of advanced protection requires specialised tools and expertise, and navigating these cyber threats and the regulatory landscape should only be trusted to a secure, managed cloud IaaS.

By isolating the payment engine through network segmentation, a Payment Island essentially provides a secure vault for businesses to process transactions and store data in the cloud. Connecting this secure vault into a customer’s own infrastructure within a data centre allows the customer to maintain their existing backend financial, inventory and other systems with low latency to the systems in the vault and scales to provide resources on demand.

“This is a game changing, managed cloud compliance solution,” Hagerman said. “FireHost’s Payment Island provides customers with a private cloud experience that protects transactional applications by removing regulated data from local or regular hosting facilities and storage and operating them in the most secure cloud infrastructure available. The Payment Island segregates sensitive data from the corporate environment, so that customers can more tightly lock down and protect the information from internal threats.”

This concept was covered in a Dec. 2012 Gartner Research Note, “Become PCI Compliant by Choosing the Right Hosting Service Provider.”
According to Tiny Haynes, research director for Gartner and author of the research note, “Any site that handles credit card information needs to put in place the correct, far-reaching security processes and infrastructure to be PCI DSS compliant.”

He also recommends isolating the payment engine from the rest of the hosted infrastructure via network segmentation to reduce the scope of the PCI DSS requirements, and to “choose service providers that have already certified their operations as being PCI compliant. This will help you save time and resources, since you are obligated to use only PCI-certified providers.”