Skytap is pleased to announce that we are on track to achieving compliance with the Payment Card Industry Data Security Standard (PCI DSS) and ISO/IEC 27001:2013 in Q1 2021. IBM clients will be able to run IBM Power, x86, and hybrid application workloads while ensuring their data is secured to internationally recognized standards.
Skytap on IBM Cloud allows you to migrate workloads to the cloud without change and immediately enjoy the benefits of cloud speed and scale. Migrated applications can run as-is or be modernized to incorporate native IBM Cloud services like IBM Watson, Cloud Object Storage and a wide portfolio of capabilities to extend the value of your applications.
PCI DSS compliance provides assurance to customers that Skytap’s infrastructure meets standards set by the payment card industry to keep credit card information secure, such as encrypting transmission of cardholder data and using a firewall to protect it. Any business that transmits, stores, handles or accepts credit card data—regardless of size or processing volume—must comply with the PCI. ISO 27001 is a more general international standard for data security. In addition to these two security standards, Skytap also conducts annual SOC 2 Type 2 compliance audits performed by an independent third-party audit firm and can provide SOC 2 audit reports to customers upon request. Audited compliance with these security standards provides customers with assurance that Skytap is a safe foundation on which you can build and run applications that comply with all three standards.
Skytap and IBM’s dedication to providing customers with secure cloud infrastructure services is reflected throughout development and production operations practices. The responsibility of maintaining overall security and compliance in the cloud is shared between IBM, Skytap and you, our customers. Skytap is responsible for the security of the Skytap cloud platform, including all underlying people, processes and technology supporting the hosting infrastructure. You are responsible for security inside your customer environment. For example, Skytap implements antivirus software on all appropriate systems hosting the Skytap platform while you are responsible for implementing antivirus software on systems you deploy and manage within your Skytap environments.
With Skytap achieving PCI and ISO 27001 compliance, it removes yet another barrier of cloud transformation. For many IBM clients, especially those in highly regulated industries like finance, lack of PCI compliance is an additional factor preventing them from moving to the cloud, on top of the time and difficulty of rewriting and refactoring traditional applications. Now, IBM users can easily migrate their workloads and modernize their applications without risking their PCI or ISO 27001 compliance status.