April 26, 2017

Netsurion and EventTracker today announced that John Christly, Global CISO and an information security industry veteran, has been named to the PCI Security Standards Council (SSC) Cloud Special Interest Group (SIG). Christly is already heavily involved in the PCI SSC as a member of its small business task force while seeking a seat on its board of advisors, to be announced in May.

The goal of this new group for 2017 is to discuss and update the PCI SSC Cloud Computing Guidelines, first released in 2013, to reflect modern advancements in the technology and new security risks. The group began this month and is expected to publish deliverables by the end of this year.

The paper is intended to provide guidance on using cloud technologies and considerations for maintaining PCI DSS controls in cloud environments. This guidance builds on that provided in the PCI DSS Virtualization Guidelines and is intended for organizations using, or thinking of using, providing or assessing cloud technologies as part of a cardholder data environment (CDE).

According to the Council, considerations may include:

  • Exploring new cloud architectures and service models and changes in previously documented cloud service models
  • Identifying opportunities to enhance security when migrating to cloud technologies
  • Updating risks and security challenges to be considered when cardholder data environments utilize different cloud technologies
  • Clarifying how PCI DSS requirements can be applied to cloud technologies to address the identified risks and challenges
  • Updating guidance for cloud customers and cloud providers on their respective security and PCI DSS responsibilities
  • Expanding guidance on how to achieve isolation between in-scope and out-of-scope virtual component
Christly is well-qualified as a Cloud SIG representative, currently leading cybersecurity and compliance efforts for Netsurion and EventTracker, managed security services providers focusing on firewall and SIEM services for multi-location businesses. In this role, he provides information security support to in-house corporate teams, customers, and partners.

In addition, he already serves as a voice for SMBs and multi-location merchants with the PCI SSC Small Merchant Task Force. Deeply involved with small merchants in day-to-day security operations, Christly has his fingers on the pulse of the SMB operations world. He draws on this experience to provide insights and leadership to help merchants become safer from the threats of data breaches and hackers.

“The work the Cloud SIG is doing is essential as more and more merchants, service providers, assessors, and other entities move sensitive information to the cloud. With new threats to this environment emerging every day, the guidelines will be updated to keep up with the evolving landscape and help these organizations secure their cardholder data according to applicable PCI DSS requirements,” he said. “I am extremely honored to be accepted to this group and look forward to making a very valuable contribution to this important initiative.”

Christly has more than 25 years of experience in technical and cybersecurity-related operational, project, and program management, as well as vast knowledge of industry regulations, including PCI DSS, HIPAA, HITECH, and more. He formerly served as the CISO and HIPAA security officer for Nova Southeastern University in Florida. He was also the co-founder and CEO for OMC Systems, a Florida-based cybersecurity advisory firm. In addition, he served as the HIPAA security officer for Memorial Healthcare System, a multi-hospital public healthcare system.

For more information on the PCI SSC Cloud SIG, please visit https://www.pcisecuritystandards.org/get_involved/special_interest_groups.

Tweet this: .@Christly, CISO of @Netsurion + EventTracker (@LogTalk) appointed to @PCISSC #CloudSIG #cloudcomputingResources
Netsurion Security Insights Articles
Netsurion Videos and Webcasts
Netsurion White Papers

About Netsurion

Flexibility and security within the IT environment are two of the most important factors driving business today. Netsurion’s managed cybersecurity platforms enable companies to deliver on both. Netsurion Managed Threat Protection combines our ISO-certified security operations center (SOC) with our own award-winning cybersecurity platform to better predict, prevent, detect, and respond to threats against your business. Netsurion Secure Edge Networking delivers our purpose-built edge networking platform with flexible managed services to multi-location businesses that need optimized network security, agility, resilience, and compliance for all branch locations. Whether you need technology with a guiding hand or a complete outsourcing solution, Netsurion has the model to help drive your business forward. To learn more visit netsurion.com or follow us on Twitter or LinkedIn. Netsurion is #23 among MSSP Alert’s 2021 Top 250 MSSPs.

Contact
Deb Montner, Montner Tech PR
dmontner@montner.com
203-226-9290