Amazon Web Services gains PCI security approval

Powered by SC Magazine
 

Chases cards processing.

Merchants and services providers may now be able to shift applications that require Payments Card Industry (PCI) compliance to the public cloud after an overnight announcement by Amazon Web Services.

Amazon Web Services on Tuesday announced it had achieved Level 1 status of PCI data security standard (PCI DSS v2), covering providers that store, process or transmit more than 300,000 transactions per year.

Its certification may silence those who doubted that PCI compliance could be achieved in the public cloud on the basis that PCI DSS v2 did not cover multi-tenant environments, only virtualised ones.

Despite a lack of guidance on cloud computing in the PCI standard, AWS evangelist Jeff Barr said Amazon was still able to achieve compliance via its quality assurance assessor and will soon be included on Visa's approved list of PCI DSS v2 compliant providers.

"Even without multi-tenancy guidance, we were able to work with our PCI assessor to document our security management processes, PCI controls, and compensating controls to show how our core services effectively and securely segregate each AWS customer within their own protected environment," Barr wrote on the Amazon.com company blog.

"Our PCI assessor found our security and architecture conformed with the new PCI standard and verified our compliance," Barr said in a company statement.

The standard could prove a major boon for AWS as major card providers such as Visa and Mastercard increasingly demand merchants comply with the standard to improve merchant data security.

AWS' PCI DSS compliance covered EC2, its dedicated storage platform S3, Elastic Block Storage and Amazon's virtual private cloud.

Other vendors have pushed for PCI DSS standards for the cloud. Cisco and VMWare amongst others in November promoted their cloud implementation at service provider Savvis as a reference architecture for PCI DSS v2 compliance.

Copyright © iTnews.com.au . All rights reserved.


Amazon Web Services gains PCI security approval
 
 
 
Top Stories
Photos: iTnews Benchmark Awards countdown begins
Just a few days left until entries close for 2014.
 
Australian Govt to rethink cyber security strategy
Six-year old policy to be refreshed.
 
The failure of the antivirus industry
[Blog post] Insights from AVAR 2014.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 1070

Vote