The Schwartz
Cloud Report

Blog archive

Amazon Achieves PCI Compliance

Amazon Web Services (AWS) seems to be getting its house in order when it comes to compliance certifications. The company said last week it has achieved Level 1 compliance with the Payment Card Industry, or PCI, Data Security Standard.

PCI is the standard for storing, processing and transmitting credit card data. AWS lack of PCI compliance was a key barrier to those companies looking to use the cloud provider's service to handle transactions.

"Merchants and services providers with a need to certify against PCI DSS and to maintain their own certification can now leverage the benefits of the AWS cloud and even simplify their own PCI compliance efforts by relying on AWS's status as a validated service provider," said AWS lead Web services evangelist Jeff Barr, in a blog post.

The PCI validation covers its core cloud offerings used by merchants, notably Amazon Elastic Compute Cloud (EC2), the Amazon Simple Storage Service (S3), Amazon Elastic Block Storage (EBS) and the Amazon Virtual Private Cloud (VPC), Barr noted.

"This is big news, especially for small businesses that want to use EC2 and haven't because Amazon has not gone through PCI," said Douglas Barbin, director of assurance and compliance services at SAS 70 Solutions, a consultancy that specializes in auditing and compliance.

Large hosting providers such as Savvis, Rackspace and AT&T are already PCI-compliant as is Google's payment gateway, Barbin added.

The news comes just weeks after Amazon announced it has achieved ISO 27001 compliance, a standard based in 133 security process controls such as physical plant security, operational policies and how malicious code is handled, to name a few.

Earlier in the year, Amazon received its SAS 70 certification but was criticized for lacking ISO 27001 certification, Barbin said. That's because SAS 70 allows the provider to determine their own controls, while ISO 27001 is based on standard controls. "They got a lot of flack because they wouldn't disclose what those controls were," Barbin said. "This is an important milestone for Amazon."

Posted by Jeffrey Schwartz on December 14, 2010


Featured

  • Red Brick Graphic

    Microsoft To Pour Millions into Partner Incentives, Azure and Security in FY2025

    Microsoft's inaugural MCAPS Start for Partners event took place this week, marking the beginning of its fiscal 2025.

  • New Microsoft Security Releases Aim To Smooth the Road to Zero Trust

    IT teams often juggle multiple tools to monitor and maintain the security of their environments. Two new products released by Microsoft this week aim to consolidate their toolboxes and help organizations achieve zero trust faster.

  • Antitrust Worries Hound Microsoft Off OpenAI's Board: Report

    In a move likely meant to assuage antitrust regulators' concerns, Microsoft on Wednesday stepped down from its role as a non-voting OpenAI board member.

  • Image of a futuristic maze

    The 2024 Microsoft Product Roadmap

    Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.