With the cloud industry growing by leaps and bounds, it becomes crucial for service and solution providers to keep in compliance with security and privacy standards. MSP Ipswitch has done just that with the announcement that its MOVEit Cloud environment is certified for compliance with the Payment Card Industry Data Security Standards (PCI-DSS) 2.0 requirements.
The solution is designed for Level 1 service providers and Ipswitch is the first company offering Managed File Transfer (MFT) services to announce the certification. The designation means that customers who store, process or transmit sensitive cardholder data may incorporate Ipswitch’s PCI Report on Compliance for MOVEit Cloud service into their own third-party compliance assessments.
Ipswitch is making that integration easy for customers by providing a PCI Compliance Toolkit as an add-on to the MOVEit Cloud offering. The goal is to help customers reduce the time and costs associated with PCI compliance by reducing the scope of the required annual audits. The Toolkit includes everything customers need to demonstrate PCI certification within the scope of their assessment, as performed by an independent qualified security assessor (QSA).
Features of the Toolkit include additional terms and conditions for PCI like breach notification; an executive summary of report on compliance; a responsibility matrix of controls, a MOVEit Cloud compliance report providing information from cloud logs and settings; and counsel and support while working with the QSA.
"PCI certification for MOVEit Cloud marks an industry first and further solidifies Ipswitch's leadership position for developing and deploying secure MFT solutions," said Steve Hess, vice president of product management, Ipswitch File Transfer. "Security is infused in our DNA, and through the PCI Compliance Toolkit, we'll be able to impart this expertise to our customers."
The certification certainly benefits the company’s customers, and also marks a turning point for cloud services in general. As more and more companies use the cloud and cloud solutions to deliver their services and solutions, being able to safeguard customer and user transactions is critical.
"Ipswitch's decision to make its cloud environment compliant with PCI DSS is an important move for the company, but also for the entire cloud delivery model," said Michael Osterman, principal analyst with Osterman Research. "By enabling PCI compliance in a leading cloud offering, particularly in the wake of recent revelations about more than 100 million cardholders' information being compromised, retailers and others can be more confident about using the cloud to manage their sensitive data."
Edited by
Cassandra Tucker
