Exploring PCI Compliance Issues in the Public Cloud

https_%2F%2Fblogs-images.forbes.com%2Fforbesagencycouncil%2Ffiles%2F2018%2F01%2F960x0-1-51.jpg

The public cloud is a cloud computing deployment model in which a service provider makes IT resources and services, such as virtual machines, database applications, and storage, available for use via an Internet connection.  

In the public cloud, the data of companies or individuals who are clients of the service provider remains secure and visible only to that specific user or group of users. The word public refers to the fact that the underlying infrastructure is shared by all the service provider’s customers and that you access the services over the public Internet.  

Some of the main service providers in the public cloud are:

  • Microsoft Azure, which provides a range of service delivery models including software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS.
  • AWS, which provides over 90 services, spanning areas such as computing, AWS storage, networking, database, analytics, application services, and IoT. A thriving sub-market has emerged composed of third-party services that link to AWS services and expand their functionality. Enterprise storage extends enterprise storage to the cloud using AWS storage services.
  • Google Cloud Platform, which provides cloud computing services that use the same infrastructure as that used for Google’s own internal services.

Being PCI-compliant is a major concern for businesses and organizations that accept credit card as payment for their products or services. Formally known as the Payment Card Industry Data Security Standard (PCI DSS), the regulation specifies a set of security standards organizations must meet if they are to store, process, and transmit cardholder data.

The regulation assigns organizations to one of four merchant levels depending on their volume of Visa transactions in a given twelve month period. The transaction volume includes debit, credit, and prepaid Visa transactions. There are specific requirements to meet at each of these merchant levels.

From the perspective of organizations that use public cloud infrastructure, a range of important issues need addressing in terms of whether they will remain PCI-compliant in the cloud.

First and foremost is the issue of responsibility. Organizations want to know whether it is them or the cloud provider that is responsible for PCI compliance in the cloud, and the answer is both. The difficulty lies in the fact that that there is no specific guidance or method in terms of assigning responsibility to achieve PCI compliance in public cloud services because of the vastly different ways organizations choose to deploy those services.

Furthermore, while cloud providers typically operate on a shared responsibility basis, the exact responsibilities assigned between provider and customer are unique to and at the discretion of each service provider.

General recommendations from the PCI DSS Virtualization Guidelines relate to cloud service models and the responsibility for compliance as follows:

  • In SaaS services, cloud customers may be responsible for PCI compliance for credit card data only.
  • In PaaS services, cloud customers may be responsible for PCI compliance for data and user applications.
  • In IaaS services, cloud customers may be responsible for PCI compliance for data, user applications, operating systems, databases, and virtual infrastructure.

A more recent document published in April 2018 specifically on cloud computing guidelines for PCI DSS says that the more aspects of a customer’s operations that a cloud provider manages, the more responsibility the provider has for maintaining PCI DSS controls.

Thankfully, all of the major cloud service providers are now PCI-compliant. This means that you can create your own create your own cardholder data environment (CDE) using the services of such providers safe in the knowledge that their systems comply with PCI DSS.

If a customer decides to store cardholder data in the public cloud, however, another challenge is the lack of visibility or control over where that data is physically located. Additionally, the location can change and data might be stored in multiple locations at once.

Another challenge is the lack of separation of duties that often exists when using virtualized cloud environments. It can be difficult to define explicit roles for users with proper access policies in such a computing environment. Lack of separation through improperly defined roles and policies can result in an individual user gaining access to key infrastructure where payment card information is processed and stored.

Lastly, the very nature of the public cloud is that it is accessible anytime and from anywhere via the Internet. This, in itself, presents PCI compliance challenges.

Best Practices for PCI Compliance in The Cloud:

  • Identify data security needs for cardholder information before moving to the cloud.
  • Make sure when using cloud storage services that you are always aware of the services in which cardholder data is stored and that you take steps to protect the information within each service. Backups or snapshots are prime examples.
  • Only give access to systems or services containing cardholder data to those who need such access to perform their jobs.  
  • Always encrypt and cardholder data you store in the cloud.
  • Store cardholder data in private subnets if possible, using the virtual private cloud option provided by many leading vendors.
  • When transmitting cardholder information between two endpoints, make sure you use later TLS as the encryption channel instead of SSL or early TLS because the former is PCI-compliant while the latter are no longer compliant.
  • Use two-factor authentication for user access accounts to cloud systems.  
  • Use vulnerability scanning tools in your cloud environments.

There is a plethora of challenges involved in using the public cloud while remaining PCI-compliant. Many organizations consider the hassle not worth the additional complexities and they opt to keep their cardholder data environments strictly on-premise.

For organizations that don’t have such an option, the above best practices can help provide guidance on maintaining PCI compliance in the public cloud.

Healthy Sleep and Well Being: Scientific Explanations for Key Concepts

image001.jpg

A good and productive day requires a reasonable amount of rest and the correlation between human health and sleep cannot be ignored for those seeking maximum well-being and productivity. The market for goods and products aimed at helping those with a dire need for good sleeping habits is also quite vivid, showcasing anything and everything from anti-aging pillows to the best orthopedic mattresses , from electric beds to personalized blankets. The more people learn about the importance of sleep for a healthy life, the more the market will grow. It is up to the consumer to understand the important mechanisms at play and make the right decision regarding their purchases. It is always a good idea to keep track of novelties and news in the given market to stay in touch with the dominant trends, access the right products for the right purpose, and improve on their sleeping habits to get more out of life during the day.

Although there are various theories regarding the functions and reasons of sleep for human beings, studies show that one to three adults go through symptoms of insomnia today, and one out of ten such individuals are likely to develop insomnia as a chronic disorder. Other studies show that drivers who get less than six hours of sleep a night have 33% higher risk of causing an accident compared to others who sleep for seven to eight hours a night. The prevalent theory regarding the function of sleep for human beings is that sleep strengthens synapses and therefore enables the person to learn and remember better. In conjunction with this hypothesis, a research team at the University of Texas Southwestern discovered the existence of ‘Sleep-Need-Index-Phosphoproteins (SNIPPPS) which are activated by a ‘kinase protein’ SIK3, as the responsible actors in the sleep function for mice. Such proteins have also been found to regulate synaptic plasticity in the mice’s brain functions, creating a molecular link between synaptic plasticity and sleep regulation, bridging the thinking and sleeping processes. The phosphate molecules accumulating on such proteins therefore determine the length and quality of sleep in the test subjects, leading the researchers to conclude that research into such molecules and their interactions in human brain will be utile in understanding the most important determinants of sleeping for human beings as well.

Along with such functions and reasons, little is known regarding the actual experiences of a person while sleeping, leading one to question whether if human beings are conscious during dreamless sleep or not.  The current established view is that people are not conscious during sleep until they start dreaming which only occurs during the REM phase. In a recent study published in ‘Trends in Cognitive Sciences’, the authors Jennifer Windt, Tore Nielsen, and Evan Thompson are opposing this current view, believing that lumping all the experiences under a single heading is wrong, while asserting that “storylike, immersive, hallucinatory episodes” during one’s sleep can also be considered as conscious non-dream experiences. The researchers claim that sleepwalkers are a good example, as they experience “isolated visual, auditory or kinesthetic imagery” during, along with insomniacs who claim that they are not sleeping when indeed they have been sleeping without being aware of it. The researchers infer that by observing sleepers through neural and physiological measures, they discovered the existence of “a state of deep, dreamless sleep in which a bare form of conscious awareness remains present.” They also conclude that the absence of “the subject-object structure of ordinary experience and the phenomenology of being a cognitive agent” makes it impossible for people to understand the given phenomenon. The philosophical interpretations of the given issue dictate that human beings do indeed experience and observe during sleeping phases, necessitating a new definition of experience and observation to understand the given issue.

Teen behavior has been an issue of concern for psychiatrists and behavioral scientists alike lately, and as revealed in a study published in the ‘JAMA Pediatrics’ journal, there exist strong associations between mood and sleep for teenagers. Sleeping less than six hours per night resulted in participants to consider, plan or attempt a suicide more frequently while those who slept for eight or more hours reported far less such ideas, plans or attempts. Unfortunately, according to the data provided by the Youth Risk Behavior Survey between the years 2007 and 2015, 70% of high school students are currently getting less than eight hours of sleep per night. Such inadequate sleeping habits lead to increased risks of adverse self-behaviors as well as risk taking behaviors, validating the common notion that a good night’s sleep is indeed the path to personal satisfaction and fulfillment. However, the researchers also point out that there exists no direct correlation between low quality/duration sleep and higher risk behaviors but there exists such correlation with adverse self-behaviors. As teens become more susceptible to damaging themselves due to low quality/duration sleep, their social cognition changes in an unacceptable manner. In the following step, such individuals become more likely to take risky actions, as their perception of social distances, norms and limits get blurred out in the process. In such a scenario, the teens find it easier and more acceptable to initially hurt themselves and eventually others around them, creating an intriguing source of socio- psychological trouble.

Sleep is serious business and several scientists have managed to challenge the relationship between sleep and human health in numerous fields of study, including genetics. A recent study by scientists at the University of Surrey focused on “the influence of sleep on gene functions” to understand the effects of sleep on human biological functions such as stress, immunity, inflammation, metabolism and circadian rhythms, finding out that sleep was responsible for altering the activities of more than 700 genes. The 26 participants were led to sleep for less than six hours per night for a week and then were let to sleep for 8.5 hours the following week to be able to understand the effects of differing sleep durations as reflected on their blood samples. Results revealed that low durations of sleep altered the activities of 711 genes in total, and following a week of sleep deprivation, there was a seven times increase in the total number of genes influenced by sleeping. With respect to the circadian rhythms, insufficient sleep for one week led to a reduction of the number of genes that work coordinately with circadian rhythms from 1,855 to 1,481. This is an alarming reality because circadian functions are associated with psychiatric disorders, dementia, metabolic disorder and cancer. Due to incurred changes in the person’s metabolism, low quality/duration sleep has also been linked to obesity, diabetes and cardiovascular disease, while such poor sleeping habits have also been associated with problems within the immune system, creating disruptions and stress during the day for the person.

Nutrition is an extremely important concept in human health and its connections with the circadian rhythms in human body have a direct impact on sleeping quality, patterns and duration for humans. The body clocks in every metabolism are connected to every cell in the human body and therefore influence all sorts of human activity by regulating blood pressure, body temperature, and hormone levels. Chrono-nutrition is the field of study that focuses on such relationships and research has proven that wrong types or quantities of food being consumed might easily lead to out-of-sync metabolic processes that hamper sleep quality and duration. As human beings become less capable of processing food in the evening, having a late dinner might easily lead to disruptions in one’s sleep. The body uses extra energy that was originally allocated to the sleeping process, making it harder for the individual to sleep or sleep less than demanded. In the long run, such disruptions lead to larger problems such as obesity, as unhealthy and untimely eating patterns alter the natural rhythms for eating and sleeping in an individual’s system without them noticing it. To avoid such complications, people should focus on not just what they eat but also when they eat to improve their sleeping health. Considering that 20% of all people in the workforce are shift workers, having large numbers of out-of-sync people will surely create large-scale problems for the society as a whole. Such individuals over time will become more aggressive, impotent and impulsive during the day, bringing down their productivity and increasing the risk of confrontations with others.

Countries marked “dangerous” for tourists and how it will affect the travel industry in 2019

Rio-de-Janeiro-s.jpg

Travelers with a thirst for offbeat adventure were reveling earlier this month to learn that in 2019, Iran will be as safe as the United Kingdom and Slovenia are for travelers, according to the 2019 Travel Risk Map. The interactive map, which identifies the level of danger for travelers in each country of the world, judges a country’s safety level according to its capacity for political violence (including terrorism, politically motivated unrest and war), social unrest (including communal and ethnic violence) and violent and petty crime.  While those countries considered ‘extremely’ risky in 2019 tend to fit into the Africa and Middle East regions – including Syria, Yemen, Afghanistan, Libya, South Sudan and Somalia, there are a few unexpected surprises on the list. This is why it is important to choose a respectable tour company before heading on Egypt tours.

In Europe, parts of Eastern Ukraine are considered unsafe for travel in the next 12 months, and in the South East Asia region travelers are advised to steer clear of Papa New Guinea. Parts of Mexico, Colombia and India are independently highlighted as high to extreme risk destinations, while African countries such as South Sudan, Niger, Ivory Coast, and Sierra Leone offer travelers a higher risk of contracting a disease or experiencing a medical issue.

But will such information deter or entice travelers with a thirst for offbeat or thrilling adventure in the year to come?

According to other recent travel risk assessments that looked at data from the World Economic Fund on crime, the World Risk Report on natural disasters and the UK government’s assessments of terrorism risk, some of the West’s favourite holiday destinations have similarly been named no-go destinations in 2019 – Turkey, Thailand, India and Mexico, to name a few. Italy and Greece even made their way onto the list, deemed among those countries with the highest risk of crime, and Japan ranking number one on the list of countries with the highest risk of natural disaster.  In 2018, the lush green meadows of the Isle of Skye, Scotland, were considered not fit for travelers due to overcrowding and inadequate tourism infrastructure, while Egypt topped the list in 2017 as one of the most dangerous destinations in the world for female travelers, according to the US Department of State and Skyscanner’s List of Most Dangerous Places. But before you cancel whatever tours you already have lined up for next year think twice, because for some travelers that element of risk only makes traveling more authentic, and far more thrilling.

For some deeply curious travelers, seeing a destination firsthand is the only way to properly mitigate commonly held fears and to bust the myths that surround the world’s most ‘dangerous’ places. There is something to be said for considering a risk, taking it anyway, diving in and becoming absorbed by the task of truly uncovering a country’s personality, beyond the negative headlines it attracts, of course. Traveling in 2018 has become so unbearably dull – so posed, so planned, so perfectly photographic, that we often forget the entire purpose of travel is (debatably, I’ll admit) to challenge oneself, to learn, and to explore new and unexplored frontiers. Travel ought to be about putting oneself in an uncomfortable situation – one with which you aren’t familiar, at least – and seeing how you react in that situation. It’s about seeing the way the rest of the world lives.

Instead Instagram, Facebook, Skyscanner and SnapChat have led modern travelers to believe snapping the right photo in front of the Eiffel Tower is the be-all-and-end-all of travelling; that Googling the best hotels in Barcelona and then reading all reviews before deciding on one is an adventure; that a country without Coca Cola or Wi-Fi isn’t worth visiting. It is a sad and confronting reality that traveling has lost its appeal to adventurers.

Or has it? Research is showing that into the future, travelers will begin taking greater risks on their own, conducting their own research and booking their own trips thanks to the ease in online bookings. And the travel they will indulge in will be experiential, as more and more travelers actively seek to experience destinations on a local, cultural level while learning new skills. Sixty-seven per cent more travelers in 2018 chose to book an outdoor activity such as glacier hiking, bungee jumping, scuba diving, or mountain biking than they did in 2017, while 59% more travelers preferred to engage in a cultural excursion or an historically-themed tour than simply relax by a pool. Slowly but surely, the nature of travel is changing – and if the past twelve months is anything to go by I would say that travelers of the future will become more and more willing to travel to offbeat destinations considered dangerous by the majority, in order to pursue new and undocumented experiences.

Of course, if one does intend to visit one of the world’s most dangerous destinations it is a good idea to take no unnecessary risks and to prepare oneself in the following ways: keep on top of the news in the lead-up to departure to ensure the country’s situation hasn’t become worse; keep your plans flexible at all times; try to avoid attention when traveling through the country (dressing conservatively is always a good idea); respect the locals advice at all times; ensure your family are aware of your whereabouts; and ensure you have the details of your embassy on hand at all times.

Online education continues to climb in popularity

The-10-Most-Popular-Free-Online-Courses-For-eLearning-Professionals.jpg

The higher education industry has found itself amid a whirlwind of change lately. Digital disruption and further technological advancement have correlated with the rise of the modern workforce, driving a shift in course content as well. The world that we live in is so different from the one that past generations experienced, and industries like education are evolving to reflect those changes. The workforce today is nothing like it was even ten years ago. With the rise of technology, jobs are consistently in a state of change, as the old methods and models no longer apply in this modern society. Therefore, how we educate the students of today – and tomorrow, and beyond – also must change. The answer to effectively preparing students for this new type of workforce lies in the introduction of online education. While traditional higher education is not necessarily outdated, there is a definitive realisation that it no longer suits most students – not even by half.

Traditional education by its very nature was exclusive (deliberately or not). Through traditional education, students had to decide to either go to university on a campus for every class, structuring their lives around their classes, or put off study until they were in a better position to commit to that kind of process. The modern student must also work to make a living, and this is often where the complication comes into play. With traditional university degrees being primarily or solely on-campus, and demanding a set broad attendance schedule, many people simply cannot make it work. Similarly, some individuals who wanted so desperately to take on higher education study simply could not because of their geographical location. The reality is that some individuals who want to study do not live anywhere near a campus, and do not have adequate means or transport to make it to one to complete their studies. Relocation is expensive, and so traditional university courses are simply not an option.

Online education, however, eliminates both core issues. Students can choose their courses and schedule when they study, effectively allowing them to structure in their studies around other commitments like work, family, friends, and personal time. Students these days can study from anywhere – if they have a steady and reliable internet connection, the rest is easy as pie. There are even handy (and reliable) online companies that help with some of the more intricate parts of higher education assessment, such as postgraduate assessment fine-tuning and even PhD dissertation help. The world is anyone’s oyster, and online education has effectively given students the world over the opportunity and the means to break into their higher education academic careers, forging a stronger and more exciting future for themselves.

While online education is exciting, it is also important to remember that it does demand a lot of responsibility on the student’s behalf. The reality of studying largely – or solely – online is that it demands quite a lot of self-discipline. When students make the decision to learn online, they also make the active choice to commit to their studies wholeheartedly. Studying online puts every ounce of the accountability into the hands of the student, and they oversee every aspect of their education experience. There is no traditionally set out classroom to guide them, and they must be conscious of committing enough time to their studies while also balancing college or university commitments with other aspects of their lives. This increased responsibility should not be viewed as a downfall of online education, however. Online education gives students all the tools that students in traditional higher education institutions amass during their time as a student, in addition to teaching them the value of personal accountability and responsibility to their commitments. The education industry has long needed an evolution, and this is it.

The increase in technological dependence has resulted in subsequent transformations to all industries – big or small – but it is the change in education that is among the most prominent. The higher education sector is one that has experienced its fair share of evolution. Traditional education experiences have been shifted to correlate and expand, allowing for modern online education to find its way into the fold. The result of this is that millions of individuals previously unable to take on higher education studies are finally able to join the ranks of millions of modern students working towards their careers and futures. With the introduction of online education came the rise in its popularity, and it is a rise that, as of yet, has shown no signs of slowing down. Online education has revolutionised the industry, and the best part is that we are only now seeing the introductory stages of what is likely to be a very fruitful future for education – and its students turned graduates and industry professionals.