Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

How to do pci compliance in google apps


Published on

Learn how Compliance to PCI can be achieved in Google Apps

Published in: Technology
  • Be the first to comment

  • Be the first to like this

How to do pci compliance in google apps

  1. 1. How Compliance to PCI Can Be Achieved in Google Apps
  2. 2. What is PCI compliance? Critical requirements of PCI compliance Problems that companies experience in PCI compliance Introduction to Google Apps Requirements that organizations fail to meet and how Google Apps can help
  3. 3. What is PCI compliance? Terms Payment Card Industry = PCI (Visa, Mastercard, Discover, etc.) Data security standard = DSS Compliance adherence to the PCI DSS, which is created and revised by the PCI Data Security Council. The Data Security Council was created by the PCI but acts independently of the member companies. Adherence is monitored by Qualified Security Assessors for larger payment card processing companies.
  4. 4. SIX control objectives 12 requirements that fulfill control objectives1. Build and maintain a secure network 2. Protect cardholder data 3. Maintain a vulnerability management program 4. Implement strong access control measures 5. Regularly monitor and test networks 6. Maintain an information security policy Restrict access to cardholder data on a business need to know basis. Critical requirements of PCI compliance EXAMPLE:
  5. 5. Introduction to Google Apps CLOUD COMPUTING TOOL SUITE Increases productivity Aids document creation and management More collaboration Improved communication and conferencing Apps include GMAIL GOOGLE DRIVE GOOGLE DOCS GOOGLE CALENDAR GOOGLE HANGOUTS
  6. 6. Requirements that organizations fail to meet and how Google Apps can help Google Apps was not specifically designed to handle credit card transactions, but built-in features of Google Apps can be used to make compliance easier for sensitive data stored or transmitted by a company. HERE ARE THREE IMPORTANT AREAS . . .
  7. 7. STORAGE Google Drive data needs careful management Data is not automatically purged Third party software can enable automated management Google Vault enables controls over access and retention of emails and stored chats. TRANSMISSION Google Admin allows control over sending of credit card data and can prevent sending of sensitive data and attachments Protect cardholder data Data need protection during both storage and transmission. #1
  8. 8. Implement strong access control measures Admin can define access to specific users and groups on an app or file basis. STANDARD PRACTICE REQUIRES Limiting access to business need only Cutting off access immediately for terminated employees Ensuring sufficient complexity of passwords Ensuring employee awareness of requirements #2
  9. 9. Track and Monitor Access to Cardholder Data Admin audit console log allows monitoring of all admin actions by company. Regular scans of all data within Google Apps for sensitive data (e.g., credit card numbers). Review of transmission of sensitive data within the network to identify security lapses or risks. #3
  10. 10. thank you