dcsimg

Amazon Web Services Can't Offer Level-One PCI Compliance

SHARE
Share it on Twitter  
Share it on Facebook  
Share it on Linked in  
Email  

If your business is one that accepts and processes credit card data and, thus, must maintain compliance with the PCI Data Security Standard, Gemini Security Solutions offered a great Monday reminder.

 

It is impossible to achieve Level 1 PCI compliance using Amazon's EC2 (computing) or S3 (storage) cloud services. One can, however, build a PCI Level 2 compliant application atop Amazon's cloud. The e-commerce giant explained the situation on a Web services discussion board as follows:

As for PCI level 2 compliance, that requires external scanning via a third party, PCI-approved vendor. It is possible for you to build a PCI level 2 compliant app in our Amazon Web Services cloud using EC2 and S3, but you cannot achieve level 1 compliance... If you have a data breach, you automatically need to become level 1 compliant which requires on-site auditing; that is something we cannot extend to our customers.

 

Gemini reiterates that "cloud computing isn't for everything" and gives Amazon props for admitting it.

NewsletterITBUSINESSEDGE DAILY NEWSLETTER

SUBSCRIBE TO OUR DAILY EDGE NEWSLETTERS