{"id":5013,"date":"2019-03-18T14:11:57","date_gmt":"2019-03-18T14:11:57","guid":{"rendered":"http:\/\/dev1.replior.mobi\/?p=5013"},"modified":"2026-04-29T23:24:39","modified_gmt":"2026-04-29T21:24:39","slug":"the-dichotomy-of-a-service-provider","status":"publish","type":"post","link":"https:\/\/complior.se\/en\/the-dichotomy-of-a-service-provider\/","title":{"rendered":"The Dichotomy of a Service Provider"},"content":{"rendered":"<div class=\"wp-block-uagb-container uagb-block-1c95cc62 alignfull uagb-is-root-container\"><div class=\"uagb-container-inner-blocks-wrap\">\n<div class=\"wp-block-group blockera-block blockera-block-627ud4 is-vertical is-layout-flex wp-container-core-group-is-layout-fe9cc265 wp-block-group-is-layout-flex\">\n<div class=\"wp-block-kadence-advancedbtn kb-buttons-wrap kb-btns5013_47a50d-d8\"><a class=\"kb-button kt-button button kb-btn5013_d79d33-20 kt-btn-size-standard kt-btn-width-type-auto kb-btn-global-fill  kt-btn-has-text-true kt-btn-has-svg-true  wp-block-kadence-singlebtn\" href=\"https:\/\/complior.se\/en\/resources\/\"><span class=\"kb-svg-icon-wrap kb-svg-icon-fe_arrowLeft kt-btn-icon-side-left\"><svg viewbox=\"0 0 24 24\"  fill=\"none\" stroke=\"currentColor\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"  aria-hidden=\"true\"><line x1=\"19\" y1=\"12\" x2=\"5\" y2=\"12\"\/><polyline points=\"12 19 5 12 12 5\"\/><\/svg><\/span><span class=\"kt-btn-inner-text\">Tillbaka till resurser<\/span><\/a><\/div>\n\n\n\n<span class=\"kt-adv-heading5013_406daf-7f wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading5013_406daf-7f\">Blog<\/span>\n\n\n\n<h1 class=\"kt-adv-heading5013_2bac9e-5b animated fadeIn wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading5013_2bac9e-5b\">The Dichotomy of a Service Provider<\/h1>\n\n\n\n<div class=\"wp-block-group animated fadeIn is-nowrap is-layout-flex wp-container-core-group-is-layout-6c531013 wp-block-group-is-layout-flex\"><div class=\"publish-date-container\">\r\n\t<svg\r\n\t\twidth=\"16\"\r\n\t\theight=\"16\"\r\n\t\tviewbox=\"0 0 24 24\"\r\n\t\tfill=\"none\"\r\n\t\tstroke=\"#4b4b4b\"\r\n\t\tstroke-width=\"2\"\r\n\t\tstroke-linecap=\"round\"\r\n\t\tstroke-linejoin=\"round\"\r\n\t\txmlns=\"http:\/\/www.w3.org\/2000\/svg\"\r\n\t\taria-hidden=\"true\"\r\n\t>\r\n\t\t<rect x=\"3\" y=\"4\" width=\"18\" height=\"18\" rx=\"2\" ry=\"2\"><\/rect>\r\n\t\t<line x1=\"16\" y1=\"2\" x2=\"16\" y2=\"6\"><\/line>\r\n\t\t<line x1=\"8\" y1=\"2\" x2=\"8\" y2=\"6\"><\/line>\r\n\t\t<line x1=\"3\" y1=\"10\" x2=\"21\" y2=\"10\"><\/line>\r\n\t<\/svg>\r\n\t<span class=\"date-text\">\r\n\t\tMar 18, 2019\t<\/span>\r\n<\/div>\n\n\n<div class=\"kt-adv-heading5013_dac998-10 wp-block-kadence-advancedheading kt-adv-heading-has-icon animated fadeIn delay-100ms\" data-kb-block=\"kb-adv-heading5013_dac998-10\"><span class=\"kb-svg-icon-wrap kb-adv-heading-icon kb-svg-icon-fe_clock kb-adv-heading-icon-side-left\"><svg viewbox=\"0 0 24 24\"  fill=\"none\" stroke=\"currentColor\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"  aria-hidden=\"true\"><circle cx=\"12\" cy=\"12\" r=\"10\"\/><polyline points=\"12 6 12 12 16 14\"\/><\/svg><\/span><span class=\"kb-adv-text-inner\">4 min <\/span><\/div><\/div>\n<\/div>\n\n\n\n<figure class=\"wp-block-kadence-image kb-image5013_624c13-14 size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"314\" src=\"https:\/\/complior.se\/wp-content\/uploads\/2019\/03\/What-kinds-of-companies-can-benefit-from-using-a-WAF-1024x314.webp\" alt=\"Man sitting leaning over a desk working on a laptop\" class=\"kb-img wp-image-60228\" srcset=\"https:\/\/complior.se\/wp-content\/uploads\/2019\/03\/What-kinds-of-companies-can-benefit-from-using-a-WAF-1024x314.webp 1024w, https:\/\/complior.se\/wp-content\/uploads\/2019\/03\/What-kinds-of-companies-can-benefit-from-using-a-WAF-300x92.webp 300w, https:\/\/complior.se\/wp-content\/uploads\/2019\/03\/What-kinds-of-companies-can-benefit-from-using-a-WAF-768x236.webp 768w, https:\/\/complior.se\/wp-content\/uploads\/2019\/03\/What-kinds-of-companies-can-benefit-from-using-a-WAF-18x6.webp 18w, https:\/\/complior.se\/wp-content\/uploads\/2019\/03\/What-kinds-of-companies-can-benefit-from-using-a-WAF.webp 1140w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div><\/div>\n\n\n\n<div class=\"wp-block-uagb-container uagb-block-2eeb7bfc alignfull uagb-is-root-container\"><div class=\"uagb-container-inner-blocks-wrap\">\n<div class=\"wp-block-group blockera-block blockera-block-124jqp5 is-vertical is-layout-flex wp-container-core-group-is-layout-b2c973f4 wp-block-group-is-layout-flex\">\n<p class=\"kt-adv-heading5013_0ecd30-f8 wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading5013_0ecd30-f8\"><em>Dichotomy: Stemming from the 17<sup>th<\/sup>\u00a0Century Greek\u00a0word Dicho- (Duality) -Tomia (incision, cutting) means: A division into two parts or classifications, esp. when they are sharply distinguishable or opposed. (wordreference.com)<\/em><\/p>\n\n\n\n<h2 class=\"kt-adv-heading5013_8eb34c-8a wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading5013_8eb34c-8a\">An Introduction of Cloud Service Provider Actors, Approach, and Gray Areas<\/h2>\n\n\n\n<p class=\"kt-adv-heading5013_70049d-58 wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading5013_70049d-58\">This is the first of a series of posts about the mutual relationship between a Cloud Service Provider (SP) and its customers, within the realm of PCI-DSS.<br><br>As a QSA and a former PCI DSS compliance manager at one of the biggest PCI DSS certified level 1 SPs in Sweden, I have often experienced the challenges that the mutual responsibilities of a SP and a customer present, from both perspectives.<br><br><strong>As a PCI DSS compliance manager, I had to deal with:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"blockera-block blockera-block-up4qmp has-manrope-font-family\" style=\"font-size:clamp(14px, 0.875rem + ((1vw - 3.2px) * 0.227), 16px);font-style:normal;font-weight:500\">My company System engineers<\/li>\n\n\n\n<li class=\"blockera-block blockera-block-11eb6uh has-manrope-font-family\" style=\"font-size:clamp(14px, 0.875rem + ((1vw - 3.2px) * 0.227), 16px);font-style:normal;font-weight:500\">My company management<\/li>\n\n\n\n<li class=\"blockera-block blockera-block-1i6oq67 has-manrope-font-family\" style=\"font-size:clamp(14px, 0.875rem + ((1vw - 3.2px) * 0.227), 16px);font-style:normal;font-weight:500\">My company QSA<\/li>\n<\/ul>\n\n\n\n<p class=\"kt-adv-heading5013_75f568-2a wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading5013_75f568-2a\"><strong>For my company audit:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"blockera-block blockera-block-wedpyh has-manrope-font-family\" style=\"font-size:clamp(14px, 0.875rem + ((1vw - 3.2px) * 0.227), 16px);font-style:normal;font-weight:500\">Customer System engineers<\/li>\n\n\n\n<li class=\"blockera-block blockera-block-9pg57q has-manrope-font-family\" style=\"font-size:clamp(14px, 0.875rem + ((1vw - 3.2px) * 0.227), 16px);font-style:normal;font-weight:500\">Customer management<\/li>\n\n\n\n<li class=\"blockera-block blockera-block-qcc99q has-manrope-font-family\" style=\"font-size:clamp(14px, 0.875rem + ((1vw - 3.2px) * 0.227), 16px);font-style:normal;font-weight:500\">Customer QSA<\/li>\n<\/ul>\n\n\n\n<p class=\"kt-adv-heading5013_370a1e-09 wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading5013_370a1e-09\">There are at least six different actors working toward one goal for a normal customer\u2019s audit: the compliance of the customer.<br><br>In the next posts I will dig into the technical and governance nuances involved, detailing who is who and who does what. For now, let\u2019s just assume that a common approach is to establish a mutual responsibilities Matrix between a customer and service provider similar to the one depicted in the\u00a0<a href=\"https:\/\/www.pcisecuritystandards.org\/pdfs\/PCI_DSS_v2_Cloud_Guidelines.pdf\">PCI SSC council supplement for cloud guidelines<\/a>, based on the kind of service(s) that the SP provides to the customer.<br>Such a matrix is a crucial part of the audit since it depicts which requirements are applicable.<br><br>The Matrix is often very technical and detailed. The more detailed it is, the clearer the role of the actors involved becomes and the easier the audit. Yes, it is a large task that requires periodic tweaking and tuning according to the agreement between the SP and the customer.<br>Depending on the agreement, there might be five different scenarios for each sub requirement of PCI DSS compliance:<br><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"blockera-block blockera-block-t71wt0 has-manrope-font-family\" style=\"font-size:clamp(14px, 0.875rem + ((1vw - 3.2px) * 0.227), 16px);font-style:normal;font-weight:500\">N\/A to SP<\/li>\n\n\n\n<li class=\"blockera-block blockera-block-9j8kh7 has-manrope-font-family\" style=\"font-size:clamp(14px, 0.875rem + ((1vw - 3.2px) * 0.227), 16px);font-style:normal;font-weight:500\">N\/A to Customer<\/li>\n\n\n\n<li class=\"blockera-block blockera-block-1m46i7 has-manrope-font-family\" style=\"font-size:clamp(14px, 0.875rem + ((1vw - 3.2px) * 0.227), 16px);font-style:normal;font-weight:500\">Applicable only to Customer<\/li>\n\n\n\n<li class=\"blockera-block blockera-block-owawvn has-manrope-font-family\" style=\"font-size:clamp(14px, 0.875rem + ((1vw - 3.2px) * 0.227), 16px);font-style:normal;font-weight:500\">Applicable only to SP<\/li>\n\n\n\n<li class=\"blockera-block blockera-block-v29mej has-manrope-font-family\" style=\"font-size:clamp(14px, 0.875rem + ((1vw - 3.2px) * 0.227), 16px);font-style:normal;font-weight:500\">Mutual Responsibility<\/li>\n<\/ul>\n\n\n\n<p class=\"kt-adv-heading5013_51e01b-2d wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading5013_51e01b-2d\">For each PCI DSS standard requirement, a detailed description of the reason and type of applicability, alongside compliance description (when present), must be provided in the Report on Compliance (RoC). If the SP is not PCI DSS certified, the customer is fully responsible for all the 12 requirements (and all the sub requirements) of the standard.<br><br>If the SP is PCI DSS certified, the customer is only responsible for those Requirements that are applicable to the customer, since the SP is being audited by an independent third party QSA on the services that the SP sells, e.g., if the SP sells colocation on its data centers which are PCI-DSS certified, part of the physical security of Req. 9 is not applicable to the customer. Well, such distinctions seem to be difficult to digest for some QSAs. Every year, for every customer audit they are supposed to see and audit an SP\u2019s process, data centers, hardening standards, etc\u2026<br><br>Every time, even with the same QSA through different years, I\u2019ve had to say that this isn\u2019t possible since it is a waste of time, money, and effort for both the SP and the customer. An independent third party QSA already certified our services and our AoC was there to guarantee our compliance. Try to imagine what would happen if all the PCI DSS entities hosted at AWS (Amazon Web Services) wanted to have Amazon data centers (which are PCI-DSS certified) audited every time such entities had an audit:<br><br>It would be impossible.<br><br>Nowadays, as a QSA, I have to audit if the assessed entity monitors the compliance of its SPs and I often see that it is still a gray area. Personally, I trust the competence and the judgement of all the QSA who are out there. If one of them deemed an SP PCI DSS compliant and worth the AoC, I would never challenge his\/her compliance manager against the customer.<br><br>Each QSA has undergone the same process as I have to become a QSA, and therefore his\/her opinion should be respected if they deemed an SP PCI DSS compliant.<br><br>This ends the first post; next time we will cover the Theorem of the four Ws: Who is Who, Who does What. A consolidated approach to define boundaries between a SP and a customer within PCI DSS.<br><br><\/p>\n<\/div>\n<\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>This is the first of a series of PCI-DSS posts about the mutual relationship between a Cloud Service Provider (SP) and its customers<\/p>","protected":false},"author":2,"featured_media":60228,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"blogg","format":"standard","meta":{"_editorskit_title_hidden":false,"_editorskit_reading_time":0,"_editorskit_is_block_options_detached":false,"_editorskit_block_options_position":"{}","_eb_attr":"","inline_featured_image":false,"_uag_custom_page_level_css":"","wpm_timeformat":"","_wpm_styles":"","footnotes":""},"categories":[118],"tags":[117,128],"class_list":["post-5013","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blogg","tag-blog","tag-pci-dss"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>The Dichotomy of a Service Provider - Complior<\/title>\n<meta name=\"description\" content=\"This is the first of a series of PCI-DSS posts about the mutual relationship between a Cloud Service Provider (SP) and its customers\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/complior.se\/en\/the-dichotomy-of-a-service-provider\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Dichotomy of a Service Provider - Complior\" \/>\n<meta property=\"og:description\" content=\"This is the first of a series of PCI-DSS posts about the mutual relationship between a Cloud Service Provider (SP) and its customers\" \/>\n<meta property=\"og:url\" content=\"https:\/\/complior.se\/en\/the-dichotomy-of-a-service-provider\/\" \/>\n<meta property=\"og:site_name\" content=\"Complior\" \/>\n<meta property=\"article:published_time\" content=\"2019-03-18T14:11:57+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-29T21:24:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/complior.se\/wp-content\/uploads\/2019\/03\/What-kinds-of-companies-can-benefit-from-using-a-WAF.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1140\" \/>\n\t<meta property=\"og:image:height\" content=\"350\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Kikki Bostrom\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kikki Bostrom\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/complior.se\\\/the-dichotomy-of-a-service-provider\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/complior.se\\\/the-dichotomy-of-a-service-provider\\\/\"},\"author\":{\"name\":\"Kikki Bostrom\",\"@id\":\"https:\\\/\\\/complior.se\\\/#\\\/schema\\\/person\\\/841f8a57425589a6d7f13c201d345016\"},\"headline\":\"The Dichotomy of a Service Provider\",\"datePublished\":\"2019-03-18T14:11:57+00:00\",\"dateModified\":\"2026-04-29T21:24:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/complior.se\\\/the-dichotomy-of-a-service-provider\\\/\"},\"wordCount\":745,\"publisher\":{\"@id\":\"https:\\\/\\\/complior.se\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/complior.se\\\/the-dichotomy-of-a-service-provider\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/complior.se\\\/wp-content\\\/uploads\\\/2019\\\/03\\\/What-kinds-of-companies-can-benefit-from-using-a-WAF.webp\",\"keywords\":[\"Blog\",\"PCI DSS\"],\"articleSection\":[\"Blogg\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/complior.se\\\/the-dichotomy-of-a-service-provider\\\/\",\"url\":\"https:\\\/\\\/complior.se\\\/the-dichotomy-of-a-service-provider\\\/\",\"name\":\"The Dichotomy of a Service Provider - Complior\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/complior.se\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/complior.se\\\/the-dichotomy-of-a-service-provider\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/complior.se\\\/the-dichotomy-of-a-service-provider\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/complior.se\\\/wp-content\\\/uploads\\\/2019\\\/03\\\/What-kinds-of-companies-can-benefit-from-using-a-WAF.webp\",\"datePublished\":\"2019-03-18T14:11:57+00:00\",\"dateModified\":\"2026-04-29T21:24:39+00:00\",\"description\":\"This is the first of a series of PCI-DSS posts about the mutual relationship between a Cloud Service Provider (SP) and its customers\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/complior.se\\\/the-dichotomy-of-a-service-provider\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/complior.se\\\/the-dichotomy-of-a-service-provider\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/complior.se\\\/the-dichotomy-of-a-service-provider\\\/#primaryimage\",\"url\":\"https:\\\/\\\/complior.se\\\/wp-content\\\/uploads\\\/2019\\\/03\\\/What-kinds-of-companies-can-benefit-from-using-a-WAF.webp\",\"contentUrl\":\"https:\\\/\\\/complior.se\\\/wp-content\\\/uploads\\\/2019\\\/03\\\/What-kinds-of-companies-can-benefit-from-using-a-WAF.webp\",\"width\":1140,\"height\":350,\"caption\":\"Man sitting leaning over a desk working on a laptop\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/complior.se\\\/the-dichotomy-of-a-service-provider\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/complior.se\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The Dichotomy of a Service Provider\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/complior.se\\\/#website\",\"url\":\"https:\\\/\\\/complior.se\\\/\",\"name\":\"Complior\",\"description\":\"Security beyond compliance\",\"publisher\":{\"@id\":\"https:\\\/\\\/complior.se\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/complior.se\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/complior.se\\\/#organization\",\"name\":\"Complior\",\"url\":\"https:\\\/\\\/complior.se\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/complior.se\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/complior.se\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/Complior_logo_dark-scaled.png\",\"contentUrl\":\"https:\\\/\\\/complior.se\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/Complior_logo_dark-scaled.png\",\"width\":2560,\"height\":960,\"caption\":\"Complior\"},\"image\":{\"@id\":\"https:\\\/\\\/complior.se\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/complior.se\\\/#\\\/schema\\\/person\\\/841f8a57425589a6d7f13c201d345016\",\"name\":\"Kikki Bostrom\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3a78a33b10cfcbf5a04f53b522f24d176544c6ab014b5174854b6bb92287e13?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3a78a33b10cfcbf5a04f53b522f24d176544c6ab014b5174854b6bb92287e13?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3a78a33b10cfcbf5a04f53b522f24d176544c6ab014b5174854b6bb92287e13?s=96&d=mm&r=g\",\"caption\":\"Kikki Bostrom\"},\"url\":\"https:\\\/\\\/complior.se\\\/en\\\/author\\\/kikki\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Dichotomy of a Service Provider - Complior","description":"This is the first of a series of PCI-DSS posts about the mutual relationship between a Cloud Service Provider (SP) and its customers","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/complior.se\/en\/the-dichotomy-of-a-service-provider\/","og_locale":"en_GB","og_type":"article","og_title":"The Dichotomy of a Service Provider - Complior","og_description":"This is the first of a series of PCI-DSS posts about the mutual relationship between a Cloud Service Provider (SP) and its customers","og_url":"https:\/\/complior.se\/en\/the-dichotomy-of-a-service-provider\/","og_site_name":"Complior","article_published_time":"2019-03-18T14:11:57+00:00","article_modified_time":"2026-04-29T21:24:39+00:00","og_image":[{"width":1140,"height":350,"url":"https:\/\/complior.se\/wp-content\/uploads\/2019\/03\/What-kinds-of-companies-can-benefit-from-using-a-WAF.webp","type":"image\/webp"}],"author":"Kikki Bostrom","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Kikki Bostrom","Estimated reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/complior.se\/the-dichotomy-of-a-service-provider\/#article","isPartOf":{"@id":"https:\/\/complior.se\/the-dichotomy-of-a-service-provider\/"},"author":{"name":"Kikki Bostrom","@id":"https:\/\/complior.se\/#\/schema\/person\/841f8a57425589a6d7f13c201d345016"},"headline":"The Dichotomy of a Service Provider","datePublished":"2019-03-18T14:11:57+00:00","dateModified":"2026-04-29T21:24:39+00:00","mainEntityOfPage":{"@id":"https:\/\/complior.se\/the-dichotomy-of-a-service-provider\/"},"wordCount":745,"publisher":{"@id":"https:\/\/complior.se\/#organization"},"image":{"@id":"https:\/\/complior.se\/the-dichotomy-of-a-service-provider\/#primaryimage"},"thumbnailUrl":"https:\/\/complior.se\/wp-content\/uploads\/2019\/03\/What-kinds-of-companies-can-benefit-from-using-a-WAF.webp","keywords":["Blog","PCI DSS"],"articleSection":["Blogg"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/complior.se\/the-dichotomy-of-a-service-provider\/","url":"https:\/\/complior.se\/the-dichotomy-of-a-service-provider\/","name":"The Dichotomy of a Service Provider - Complior","isPartOf":{"@id":"https:\/\/complior.se\/#website"},"primaryImageOfPage":{"@id":"https:\/\/complior.se\/the-dichotomy-of-a-service-provider\/#primaryimage"},"image":{"@id":"https:\/\/complior.se\/the-dichotomy-of-a-service-provider\/#primaryimage"},"thumbnailUrl":"https:\/\/complior.se\/wp-content\/uploads\/2019\/03\/What-kinds-of-companies-can-benefit-from-using-a-WAF.webp","datePublished":"2019-03-18T14:11:57+00:00","dateModified":"2026-04-29T21:24:39+00:00","description":"This is the first of a series of PCI-DSS posts about the mutual relationship between a Cloud Service Provider (SP) and its customers","breadcrumb":{"@id":"https:\/\/complior.se\/the-dichotomy-of-a-service-provider\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/complior.se\/the-dichotomy-of-a-service-provider\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/complior.se\/the-dichotomy-of-a-service-provider\/#primaryimage","url":"https:\/\/complior.se\/wp-content\/uploads\/2019\/03\/What-kinds-of-companies-can-benefit-from-using-a-WAF.webp","contentUrl":"https:\/\/complior.se\/wp-content\/uploads\/2019\/03\/What-kinds-of-companies-can-benefit-from-using-a-WAF.webp","width":1140,"height":350,"caption":"Man sitting leaning over a desk working on a laptop"},{"@type":"BreadcrumbList","@id":"https:\/\/complior.se\/the-dichotomy-of-a-service-provider\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/complior.se\/"},{"@type":"ListItem","position":2,"name":"The Dichotomy of a Service Provider"}]},{"@type":"WebSite","@id":"https:\/\/complior.se\/#website","url":"https:\/\/complior.se\/","name":"Complior","description":"Security beyond compliance","publisher":{"@id":"https:\/\/complior.se\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/complior.se\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/complior.se\/#organization","name":"Complior","url":"https:\/\/complior.se\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/complior.se\/#\/schema\/logo\/image\/","url":"https:\/\/complior.se\/wp-content\/uploads\/2025\/06\/Complior_logo_dark-scaled.png","contentUrl":"https:\/\/complior.se\/wp-content\/uploads\/2025\/06\/Complior_logo_dark-scaled.png","width":2560,"height":960,"caption":"Complior"},"image":{"@id":"https:\/\/complior.se\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/complior.se\/#\/schema\/person\/841f8a57425589a6d7f13c201d345016","name":"Kikki Bostrom","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/secure.gravatar.com\/avatar\/d3a78a33b10cfcbf5a04f53b522f24d176544c6ab014b5174854b6bb92287e13?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3a78a33b10cfcbf5a04f53b522f24d176544c6ab014b5174854b6bb92287e13?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3a78a33b10cfcbf5a04f53b522f24d176544c6ab014b5174854b6bb92287e13?s=96&d=mm&r=g","caption":"Kikki Bostrom"},"url":"https:\/\/complior.se\/en\/author\/kikki\/"}]}},"uagb_featured_image_src":{"full":["https:\/\/complior.se\/wp-content\/uploads\/2019\/03\/What-kinds-of-companies-can-benefit-from-using-a-WAF.webp",1140,350,false],"thumbnail":["https:\/\/complior.se\/wp-content\/uploads\/2019\/03\/What-kinds-of-companies-can-benefit-from-using-a-WAF-150x150.webp",150,150,true],"medium":["https:\/\/complior.se\/wp-content\/uploads\/2019\/03\/What-kinds-of-companies-can-benefit-from-using-a-WAF-300x92.webp",300,92,true],"medium_large":["https:\/\/complior.se\/wp-content\/uploads\/2019\/03\/What-kinds-of-companies-can-benefit-from-using-a-WAF-768x236.webp",768,236,true],"large":["https:\/\/complior.se\/wp-content\/uploads\/2019\/03\/What-kinds-of-companies-can-benefit-from-using-a-WAF-1024x314.webp",1024,314,true],"1536x1536":["https:\/\/complior.se\/wp-content\/uploads\/2019\/03\/What-kinds-of-companies-can-benefit-from-using-a-WAF.webp",1140,350,false],"2048x2048":["https:\/\/complior.se\/wp-content\/uploads\/2019\/03\/What-kinds-of-companies-can-benefit-from-using-a-WAF.webp",1140,350,false],"trp-custom-language-flag":["https:\/\/complior.se\/wp-content\/uploads\/2019\/03\/What-kinds-of-companies-can-benefit-from-using-a-WAF-18x6.webp",18,6,true]},"uagb_author_info":{"display_name":"Kikki Bostrom","author_link":"https:\/\/complior.se\/en\/author\/kikki\/"},"uagb_comment_info":0,"uagb_excerpt":"This is the first of a series of PCI-DSS posts about the mutual relationship between a Cloud Service Provider (SP) and its customers","_links":{"self":[{"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/posts\/5013","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/comments?post=5013"}],"version-history":[{"count":2,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/posts\/5013\/revisions"}],"predecessor-version":[{"id":80671,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/posts\/5013\/revisions\/80671"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/media\/60228"}],"wp:attachment":[{"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/media?parent=5013"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/categories?post=5013"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/tags?post=5013"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}