Wednesday, August 12, 2009

Amazon EC2 and PCI Compliance

I saw a very informative forum post regarding Amazon's position on EC2 and S3 PCI compliance via a twitter update from @beaker (http://twitter.com/Beaker/statuses/3277444460). The post states merchants can not achieve level 1 PCI compliance within Amazon's cloud infrastructure, because Amazon will not allow customers to perform on-site assessments. Amazon recommends using their Flixible Payments Service to successfully handle credit card data within their cloud. Mosso, now "Rackspace Cloud", took a similar approach as discussed in my March 2009 blog post.

1 comment:

Alex said...

I don't know much about PCI, but I heard that all level 2's require an onsite by July of 2010. That would make the impact of this much larger (well, at least proportional to the amount of L1's to L2's, which I assume is large).