The Schwartz
Cloud Report

Blog archive

Amazon Achieves PCI Compliance

Amazon Web Services (AWS) seems to be getting its house in order when it comes to compliance certifications. The company said last week it has achieved Level 1 compliance with the Payment Card Industry, or PCI, Data Security Standard.

PCI is the standard for storing, processing and transmitting credit card data. AWS lack of PCI compliance was a key barrier to those companies looking to use the cloud provider's service to handle transactions.

"Merchants and services providers with a need to certify against PCI DSS and to maintain their own certification can now leverage the benefits of the AWS cloud and even simplify their own PCI compliance efforts by relying on AWS's status as a validated service provider," said AWS lead Web services evangelist Jeff Barr, in a blog post.

The PCI validation covers its core cloud offerings used by merchants, notably Amazon Elastic Compute Cloud (EC2), the Amazon Simple Storage Service (S3), Amazon Elastic Block Storage (EBS) and the Amazon Virtual Private Cloud (VPC), Barr noted.

"This is big news, especially for small businesses that want to use EC2 and haven't because Amazon has not gone through PCI," said Douglas Barbin, director of assurance and compliance services at SAS 70 Solutions, a consultancy that specializes in auditing and compliance.

Large hosting providers such as Savvis, Rackspace and AT&T are already PCI-compliant as is Google's payment gateway, Barbin added.

The news comes just weeks after Amazon announced it has achieved ISO 27001 compliance, a standard based in 133 security process controls such as physical plant security, operational policies and how malicious code is handled, to name a few.

Earlier in the year, Amazon received its SAS 70 certification but was criticized for lacking ISO 27001 certification, Barbin said. That's because SAS 70 allows the provider to determine their own controls, while ISO 27001 is based on standard controls. "They got a lot of flack because they wouldn't disclose what those controls were," Barbin said. "This is an important milestone for Amazon."

Posted by Jeffrey Schwartz on December 14, 2010


Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.