Amazon Web Services gains PCI security approval

Powered by SC Magazine
 

Chases cards processing.

Merchants and services providers may now be able to shift applications that require Payments Card Industry (PCI) compliance to the public cloud after an overnight announcement by Amazon Web Services.

Amazon Web Services on Tuesday announced it had achieved Level 1 status of PCI data security standard (PCI DSS v2), covering providers that store, process or transmit more than 300,000 transactions per year.

Its certification may silence those who doubted that PCI compliance could be achieved in the public cloud on the basis that PCI DSS v2 did not cover multi-tenant environments, only virtualised ones.

Despite a lack of guidance on cloud computing in the PCI standard, AWS evangelist Jeff Barr said Amazon was still able to achieve compliance via its quality assurance assessor and will soon be included on Visa's approved list of PCI DSS v2 compliant providers.

"Even without multi-tenancy guidance, we were able to work with our PCI assessor to document our security management processes, PCI controls, and compensating controls to show how our core services effectively and securely segregate each AWS customer within their own protected environment," Barr wrote on the Amazon.com company blog.

"Our PCI assessor found our security and architecture conformed with the new PCI standard and verified our compliance," Barr said in a company statement.

The standard could prove a major boon for AWS as major card providers such as Visa and Mastercard increasingly demand merchants comply with the standard to improve merchant data security.

AWS' PCI DSS compliance covered EC2, its dedicated storage platform S3, Elastic Block Storage and Amazon's virtual private cloud.

Other vendors have pushed for PCI DSS standards for the cloud. Cisco and VMWare amongst others in November promoted their cloud implementation at service provider Savvis as a reference architecture for PCI DSS v2 compliance.

Copyright © iTnews.com.au . All rights reserved.


Amazon Web Services gains PCI security approval
 
 
 
Top Stories
Photos: Global Switch opens Sydney East data centre
First stage opened, to some fanfare.
 
ATO releases long-awaited Bitcoin guidance
Everyday investors escape the tax man.
 
Why the Weather Bureau’s new supercomputer is a 'gamechanger'
IT transformation starts to reap results.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  68%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  12%
 
Denial of service attacks
  7%
 
Insider threats
  11%
TOTAL VOTES: 483

Vote