Amazon Web Services gains PCI security approval

Powered by SC Magazine
 

Chases cards processing.

Merchants and services providers may now be able to shift applications that require Payments Card Industry (PCI) compliance to the public cloud after an overnight announcement by Amazon Web Services.

Amazon Web Services on Tuesday announced it had achieved Level 1 status of PCI data security standard (PCI DSS v2), covering providers that store, process or transmit more than 300,000 transactions per year.

Its certification may silence those who doubted that PCI compliance could be achieved in the public cloud on the basis that PCI DSS v2 did not cover multi-tenant environments, only virtualised ones.

Despite a lack of guidance on cloud computing in the PCI standard, AWS evangelist Jeff Barr said Amazon was still able to achieve compliance via its quality assurance assessor and will soon be included on Visa's approved list of PCI DSS v2 compliant providers.

"Even without multi-tenancy guidance, we were able to work with our PCI assessor to document our security management processes, PCI controls, and compensating controls to show how our core services effectively and securely segregate each AWS customer within their own protected environment," Barr wrote on the Amazon.com company blog.

"Our PCI assessor found our security and architecture conformed with the new PCI standard and verified our compliance," Barr said in a company statement.

The standard could prove a major boon for AWS as major card providers such as Visa and Mastercard increasingly demand merchants comply with the standard to improve merchant data security.

AWS' PCI DSS compliance covered EC2, its dedicated storage platform S3, Elastic Block Storage and Amazon's virtual private cloud.

Other vendors have pushed for PCI DSS standards for the cloud. Cisco and VMWare amongst others in November promoted their cloud implementation at service provider Savvis as a reference architecture for PCI DSS v2 compliance.

Copyright © iTnews.com.au . All rights reserved.


Amazon Web Services gains PCI security approval
 
 
 
Top Stories
Content, cost & constant innovation: How Foxtel plans to take on Netflix
Nell Payne inhabits the “brave new world of blue strings and networking”. Just don't ask her to put a TV screen on your microwave.
 
Sending in the drones
Margins are getting tighter in the industrial services industry, so Transfield Services' Stephen Phillips looks offshore - and to the skies - for the solutions he needs to keep pace.
 
Westpac fires starting pistol on core banking upgrade
St George readies itself for move to Celeriti.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Should Optus make a bid for iiNet?

   |   View results
Yes
  43%
 
No
  57%
TOTAL VOTES: 530

Vote