With many ecommerce companies and retailers moving into cloud computing solutions, it has become more important than ever to have a security measure in place. The PCI Council recently released two sets of guidelines on how to secure the cloud and mobile environments when it comes to the storage of cardholder data. Bob Russo, general manager of the PCI Security Standards Council, said for the cloud, he wanted to make sure they were clearing up confusion for many of the businesses using the cloud that did not think they could go into a public version.

For example, one misconception is that companies have no more responsibility in the cloud once they put information in there. However, there is a lot of need for the company to keep an eye on security at this point in an effort to make sure its data is safe.

Walter Conway, a QSA for 403 Labs, said this has helped in his eyes.

"Some people might say the document was really biased toward private cloud - of course it was. Why would you expect any different?" Conway said, according to Dark Reading. "I've always taken it as a given that, practically speaking, the only way you wanted to go into the cloud with cardholder data is with a private cloud or virtual private cloud because you need that control to make your life easier. But to the council's credit, they then said, 'If you're not going to go private, here's the stuff you need to do.'"

Chris Bucolo, senior manager of security consulting for ControlScan, said there has been a lot of confusion in the cloud and retail world, so rules like these, set forth by the PCI DSS Cloud Computing Guidelines Information Supplement and the PCI Mobile Payment Acceptance Security Guidelines for Merchants as End-Users, were greatly needed.

In the mobile guidelines, Russo said the goal was to offer bare minimum security practices to help make sure companies don't have any foolish breaches that could have been very easily prevented.

"People are putting out all kinds of really good mobile payment solutions. We certainly don't want to stifle that, but we want to make sure the merchant knows that there are risks involved with using them," Russo said, according to Dark Reading. "Who among us hasn't left a mobile device in a cab at some point? And if I'm using this as an acceptance device and it's storing data in it, what happens if I do leave it in a cab?"

Merchants should use the power of mobile and cloud computing solutions to their advantage, but there needs to be a great measure of security in place.