The Schwartz Cloud Report

Blog archive

Amazon Achieves PCI Compliance

Amazon Web Services (AWS) seems to be getting its house in order when it comes to compliance certifications. The company said last week it has achieved Level 1 compliance with the Payment Card Industry, or PCI, Data Security Standard.

PCI is the standard for storing, processing and transmitting credit card data. AWS lack of PCI compliance was a key barrier to those companies looking to use the cloud provider's service to handle transactions.

"Merchants and services providers with a need to certify against PCI DSS and to maintain their own certification can now leverage the benefits of the AWS cloud and even simplify their own PCI compliance efforts by relying on AWS's status as a validated service provider," said AWS lead Web services evangelist Jeff Barr, in a blog post.

The PCI validation covers its core cloud offerings used by merchants, notably Amazon Elastic Compute Cloud (EC2), the Amazon Simple Storage Service (S3), Amazon Elastic Block Storage (EBS) and the Amazon Virtual Private Cloud (VPC), Barr noted.

"This is big news, especially for small businesses that want to use EC2 and haven't because Amazon has not gone through PCI," said Douglas Barbin, director of assurance and compliance services at SAS 70 Solutions, a consultancy that specializes in auditing and compliance.

Large hosting providers such as Savvis, Rackspace and AT&T are already PCI-compliant as is Google's payment gateway, Barbin added.

The news comes just weeks after Amazon announced it has achieved ISO 27001 compliance, a standard based in 133 security process controls such as physical plant security, operational policies and how malicious code is handled, to name a few.

Earlier in the year, Amazon received its SAS 70 certification but was criticized for lacking ISO 27001 certification, Barbin said. That's because SAS 70 allows the provider to determine their own controls, while ISO 27001 is based on standard controls. "They got a lot of flack because they wouldn't disclose what those controls were," Barbin said. "This is an important milestone for Amazon."

Posted by Jeffrey Schwartz on 12/14/2010 at 1:14 PM


Featured

  • SharePoint Framework 1.8 Now Generally Available

    Microsoft this week announced that SharePoint Framework 1.8 had reached "general availability" status, although some features are still at the preview stage.

  • How To Create Office 365 User Accounts in Bulk

    Manual account creation can be tedious, time-consuming and prone to human error, especially if you have more than a handful of Office 365 users to set up. Brien shows you a better way.

  • System Center 2019 Reaches General Availability

    System Center 2019 has now reached the "general availability" product stage, Microsoft indicated in a Thursday update.

  • SharePoint Online Users Getting News Improvements This Month

    Microsoft plans to roll out new capabilities for SharePoint Online users this month that will add greater control over how News articles appear in SharePoint sites, according to a Wednesday announcement.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.