The Schwartz Cloud Report

Blog archive

Amazon Achieves PCI Compliance

Amazon Web Services (AWS) seems to be getting its house in order when it comes to compliance certifications. The company said last week it has achieved Level 1 compliance with the Payment Card Industry, or PCI, Data Security Standard.

PCI is the standard for storing, processing and transmitting credit card data. AWS lack of PCI compliance was a key barrier to those companies looking to use the cloud provider's service to handle transactions.

"Merchants and services providers with a need to certify against PCI DSS and to maintain their own certification can now leverage the benefits of the AWS cloud and even simplify their own PCI compliance efforts by relying on AWS's status as a validated service provider," said AWS lead Web services evangelist Jeff Barr, in a blog post.

The PCI validation covers its core cloud offerings used by merchants, notably Amazon Elastic Compute Cloud (EC2), the Amazon Simple Storage Service (S3), Amazon Elastic Block Storage (EBS) and the Amazon Virtual Private Cloud (VPC), Barr noted.

"This is big news, especially for small businesses that want to use EC2 and haven't because Amazon has not gone through PCI," said Douglas Barbin, director of assurance and compliance services at SAS 70 Solutions, a consultancy that specializes in auditing and compliance.

Large hosting providers such as Savvis, Rackspace and AT&T are already PCI-compliant as is Google's payment gateway, Barbin added.

The news comes just weeks after Amazon announced it has achieved ISO 27001 compliance, a standard based in 133 security process controls such as physical plant security, operational policies and how malicious code is handled, to name a few.

Earlier in the year, Amazon received its SAS 70 certification but was criticized for lacking ISO 27001 certification, Barbin said. That's because SAS 70 allows the provider to determine their own controls, while ISO 27001 is based on standard controls. "They got a lot of flack because they wouldn't disclose what those controls were," Barbin said. "This is an important milestone for Amazon."

Posted by Jeffrey Schwartz on 12/14/2010 at 1:14 PM


Featured

  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

comments powered by Disqus