April 26, 2017

Netsurion and EventTracker today announced that John Christly, Global CISO and an information security industry veteran, has been named to the PCI Security Standards Council (SSC) Cloud Special Interest Group (SIG). Christly is already heavily involved in the PCI SSC as a member of its small business task force while seeking a seat on its board of advisors, to be announced in May.

The goal of this new group for 2017 is to discuss and update the PCI SSC Cloud Computing Guidelines, first released in 2013, to reflect modern advancements in the technology and new security risks. The group began this month and is expected to publish deliverables by the end of this year.

The paper is intended to provide guidance on using cloud technologies and considerations for maintaining PCI DSS controls in cloud environments. This guidance builds on that provided in the PCI DSS Virtualization Guidelines and is intended for organizations using, or thinking of using, providing or assessing cloud technologies as part of a cardholder data environment (CDE).

According to the Council, considerations may include:
  • Exploring new cloud architectures and service models and changes in previously documented cloud service models
  • Identifying opportunities to enhance security when migrating to cloud technologies
  • Updating risks and security challenges to be considered when cardholder data environments utilize different cloud technologies
  • Clarifying how PCI DSS requirements can be applied to cloud technologies to address the identified risks and challenges
  • Updating guidance for cloud customers and cloud providers on their respective security and PCI DSS responsibilities
  • Expanding guidance on how to achieve isolation between in-scope and out-of-scope virtual component
Christly is well-qualified as a Cloud SIG representative, currently leading cybersecurity and compliance efforts for Netsurion and EventTracker, managed security services providers focusing on firewall and SIEM services for multi-location businesses. In this role, he provides information security support to in-house corporate teams, customers, and partners.

In addition, he already serves as a voice for SMBs and multi-location merchants with the PCI SSC Small Merchant Task Force. Deeply involved with small merchants in day-to-day security operations, Christly has his fingers on the pulse of the SMB operations world. He draws on this experience to provide insights and leadership to help merchants become safer from the threats of data breaches and hackers.

“The work the Cloud SIG is doing is essential as more and more merchants, service providers, assessors, and other entities move sensitive information to the cloud. With new threats to this environment emerging every day, the guidelines will be updated to keep up with the evolving landscape and help these organizations secure their cardholder data according to applicable PCI DSS requirements,” he said. “I am extremely honored to be accepted to this group and look forward to making a very valuable contribution to this important initiative.”

Christly has more than 25 years of experience in technical and cybersecurity-related operational, project, and program management, as well as vast knowledge of industry regulations, including PCI DSS, HIPAA, HITECH, and more. He formerly served as the CISO and HIPAA security officer for Nova Southeastern University in Florida. He was also the co-founder and CEO for OMC Systems, a Florida-based cybersecurity advisory firm. In addition, he served as the HIPAA security officer for Memorial Healthcare System, a multi-hospital public healthcare system.

For more information on the PCI SSC Cloud SIG, please visit https://www.pcisecuritystandards.org/get_involved/special_interest_groups.

Tweet this: .@Christly, CISO of @Netsurion + EventTracker (@LogTalk) appointed to @PCISSC #CloudSIG #cloudcomputing

Netsurion Security Insights Articles
Netsurion Videos and Webcasts
Netsurion White Papers

About Netsurion
Netsurion powers secure and agile networks for highly distributed and small-to-medium enterprises and the IT providers that serve them. In such environments, the convergence of threat protection and network management are driving the need for greater interoperability between the NOC (network operations center) and the SOC (security operations center) as well as solutions that fuse technology and service to achieve optimal results. To this end, Netsurion has converged purpose-built network hardware, innovative security software, and flexible managed services. Netsurion’s SD-Branch solution, BranchSDO, is a comprehensive network management and security solution consisting of SD-WAN, next-gen security, cellular, Wi-Fi, and PCI DSS compliance tools and support. At the heart of the solution is the CXD, Netsurion’s SD-WAN edge appliance. Netsurion’s Security Operations solution, EventTracker, delivers advanced threat protection and compliance benefits in a variety of deployment options: a SIEM platform, a co-managed SIEM service with 24/7 SOC, and a managed SIEM for MSPs.

www.netsurion.com, Twitter: @Netsurion, LinkedIn: https://www.linkedin.com/company/netsurion/

Deb Montner, Montner Tech PR