Amazon Web Services gains PCI security approval

Powered by SC Magazine
 

Chases cards processing.

Merchants and services providers may now be able to shift applications that require Payments Card Industry (PCI) compliance to the public cloud after an overnight announcement by Amazon Web Services.

Amazon Web Services on Tuesday announced it had achieved Level 1 status of PCI data security standard (PCI DSS v2), covering providers that store, process or transmit more than 300,000 transactions per year.

Its certification may silence those who doubted that PCI compliance could be achieved in the public cloud on the basis that PCI DSS v2 did not cover multi-tenant environments, only virtualised ones.

Despite a lack of guidance on cloud computing in the PCI standard, AWS evangelist Jeff Barr said Amazon was still able to achieve compliance via its quality assurance assessor and will soon be included on Visa's approved list of PCI DSS v2 compliant providers.

"Even without multi-tenancy guidance, we were able to work with our PCI assessor to document our security management processes, PCI controls, and compensating controls to show how our core services effectively and securely segregate each AWS customer within their own protected environment," Barr wrote on the Amazon.com company blog.

"Our PCI assessor found our security and architecture conformed with the new PCI standard and verified our compliance," Barr said in a company statement.

The standard could prove a major boon for AWS as major card providers such as Visa and Mastercard increasingly demand merchants comply with the standard to improve merchant data security.

AWS' PCI DSS compliance covered EC2, its dedicated storage platform S3, Elastic Block Storage and Amazon's virtual private cloud.

Other vendors have pushed for PCI DSS standards for the cloud. Cisco and VMWare amongst others in November promoted their cloud implementation at service provider Savvis as a reference architecture for PCI DSS v2 compliance.

Copyright © iTnews.com.au . All rights reserved.


Amazon Web Services gains PCI security approval
 
 
 
Top Stories
Earning the right to innovate
Breaking down the barriers to innovation is a long, but rewarding process, says Bank of Queensland Group CIO, Julie Bale.
 
A call for timely reporting
[Blog post] Businesses need incentives to keep customer data secure.
 
Doubts cast on Queensland's ICT Dashboard
Opposition, former Govt CIO say it can't be trusted.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  26%
 
Application integration concerns
  3%
 
Security and compliance concerns
  29%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  23%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  5%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 828

Vote