Microsoft recently announced that Windows Azure has been issued Payment Card industry (PCI) Data Security Standards (DSS) Compliance. This was issued by an independent Qualified Security Assessor having audited Azure against the PCI DSS standard.
Our Microsoft Practice Head, Mark Jones said “The news of Windows Azure expanding its ISOs and compliances is awesome news. With the latest addition of PCI, Retail companies can move more of their data and infrastructure including the Database layer, including both SQL Server and Oracle Database, into the Windows Azure platform safe in the knowledge that they are compliant, allowing them to reduce Hardware and licensing costs. The fact that cloud platforms are gaining more and more ISOs show they are truly the way forward.”
What is PCI DSS?
The Payment Card Industry Data Security Standard (PCI DSS) is a security standard to try and prevent fraud on credit card information through increased controls around credit card data. The PCI standard and certificate is required for all companies that process credit card transactions.
What Azure services come under the new PCI DSS?
Windows Azure Information Security Management system, including infrastructure, development, operations and support for Compute, Data Services, App Services and Network Services are in scope for the PCI DSS Attestation of Compliance. Also many of The Windows Azure datacentres are in scope, including: Hong Kong, Singapore, Ireland, Netherlands, Illinois, Texas, Virginia, and California.
Annual ISO Audit
The annual ISO audit has been completed for the Windows Azure platform. The ISO scope has been expanded to include SQL Database, Active Directory, Web Site, Traffic Manager, BizTalk, HDInsight and many others. All alongside Azure Cloud Services, Storage, Virtual Machines and Networks
The E.U. Model Contractual Clauses, HIPAA BAA and Data Processing Agreement are currently in process of being updated so they will include more Windows Azure services. Mark Jones of dsp said “I am looking forward to the next update from Windows Azure, the more ISO and Compliances the Azure platform can achieve the better.”