PCI Compliance on Rackspace public cloud

So you wanna be PCI compliant on the public cloud? You server can’t be. But YOU CAN BE PCI COMPLIANT whilst still using your server on the cloud! By using a payment gateway with tokenisation like worldpay or paypal you won’t have to change all your infrastructure. Here is why:

The public cloud, because of the shared environment makes it more difficult to be PCI compliant than in dedicated solutions Rackspace offer, mainly because of the shared environment. Specifically, on the Load Balancers, all of the ciphers are shared, so removing TLS 1.0 for you would affect all other customers load balancers.

You could potentially run your own load balancer, and/or even if Rackspace were able to remove the TLS 1.0 cipher from the load balancer for you, because of the nature of the shared hypervisor, and the shared network it would be really difficult for your rackspace public cloud server to be PCI compliant on public cloud. For you to achieve this I would recommend considering private cloud or dedicated, as this would be practical to accommodate such requirements. It would however cost more though.

Just to re-emphasise, removing TLS 1.0 from the Load Balancer will not make you PCI compliant because of the nature of shared cloud infrastructure, one other important aspect of compliance is to ensure that payment information is tokenised. For instance one alternative that is available to you, so that you could continue to use the cloud as you are and be PCI compliant without making too many large changes, is to use a 3rd party payment gateway service, and tokenisation, that way you should satisfy the compliance, without having to move your website infrastructure. Worldpay and paypal are examples of payment gateways.

I hope this helps clarify PCI compliance on the public rackspace cloud, and how to do it right. Use a 3rd party internet gateway, if you really must keep your ecommerce store on the public cloud.