Re: PCI and banks that use Akamai

["Daniel, Jack" <jdaniel () CONCORDANT COM>]

I believe it would be only for static content however if a bank were using Akamai for transaction exchange they do 
offer a PCI compliant service: http://www.akamai.com/html/about/press/releases/2007/press_103007.html 


~Jack

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of John 
Ladwig
Sent: Monday, June 14, 2010 2:20 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] PCI and banks that use Akamai

I'd like to think it's just static content, but Akamai's been making a big push of late for their "application 
performance enhancement" capabilities, which means you deploy Javascript and possibly other code (eg 
Javascript-generating J2EE app server code) out into their cloud for customer-facing apps.  I'd guess there's at least 
one bank somewhere that's decided to do one or the other, or will soon.

   -jml

> > > Jeffrey Schiller <jis () MIT EDU> 2010-06-14 13:14 >>>
On 06/14/2010 02:11 PM, Valdis Kletnieks wrote:
> Urp. The banking sites handle sensitive data through Akamai?  What a scary
> thought...  What say the list?  Is that an offense worthy of a name-n-shame?
>   
Actually, I would suspect that the banking sites are using Akamai to
distribute static content, images, etc. I doubt Akamai his touching
anything sensitive. This is a standard thing to do if you need to handle
significant load.

            -Jeff

-- 
========================================================================
Jeffrey I. Schiller
MIT Network Manager/Security Architect
PCI Compliance Officer
Information Services and Technology
Massachusetts Institute of Technology
77 Massachusetts Avenue  Room W92-190
Cambridge, MA 02139-4307
617.253.0161 - Voice
jis () mit edu 
http://jis.qyv.name 
========================================================================