Amazon Web Services gains PCI security approval

Powered by SC Magazine
 

Chases cards processing.

Merchants and services providers may now be able to shift applications that require Payments Card Industry (PCI) compliance to the public cloud after an overnight announcement by Amazon Web Services.

Amazon Web Services on Tuesday announced it had achieved Level 1 status of PCI data security standard (PCI DSS v2), covering providers that store, process or transmit more than 300,000 transactions per year.

Its certification may silence those who doubted that PCI compliance could be achieved in the public cloud on the basis that PCI DSS v2 did not cover multi-tenant environments, only virtualised ones.

Despite a lack of guidance on cloud computing in the PCI standard, AWS evangelist Jeff Barr said Amazon was still able to achieve compliance via its quality assurance assessor and will soon be included on Visa's approved list of PCI DSS v2 compliant providers.

"Even without multi-tenancy guidance, we were able to work with our PCI assessor to document our security management processes, PCI controls, and compensating controls to show how our core services effectively and securely segregate each AWS customer within their own protected environment," Barr wrote on the Amazon.com company blog.

"Our PCI assessor found our security and architecture conformed with the new PCI standard and verified our compliance," Barr said in a company statement.

The standard could prove a major boon for AWS as major card providers such as Visa and Mastercard increasingly demand merchants comply with the standard to improve merchant data security.

AWS' PCI DSS compliance covered EC2, its dedicated storage platform S3, Elastic Block Storage and Amazon's virtual private cloud.

Other vendors have pushed for PCI DSS standards for the cloud. Cisco and VMWare amongst others in November promoted their cloud implementation at service provider Savvis as a reference architecture for PCI DSS v2 compliance.

Copyright © iTnews.com.au . All rights reserved.


Amazon Web Services gains PCI security approval
 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  26%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 335

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  57%
 
No
  43%
TOTAL VOTES: 139

Vote