Wednesday, August 12, 2009
Amazon EC2 and PCI Compliance
I saw a very informative forum post regarding Amazon's position on EC2 and S3 PCI compliance via a twitter update from @beaker (http://twitter.com/Beaker/statuses/3277444460). The post states merchants can not achieve level 1 PCI compliance within Amazon's cloud infrastructure, because Amazon will not allow customers to perform on-site assessments. Amazon recommends using their Flixible Payments Service to successfully handle credit card data within their cloud. Mosso, now "Rackspace Cloud", took a similar approach as discussed in my March 2009 blog post.