Microsoft announced today that Windows Azure has met two significant milestones. The milestones are related to compliance and security. The lack of PCI compliance is one thing that has kept some potential Windows Azure customers away from building services and applications on the platform. Compliance with the Payment Card Industry (PCI) Data Security Standards (DSS) will allow you to build credit card processing and transmission applications and services on Windows Azure. The ISO Certification was expanded to include several additional services provided by Windows Azure.
See a snippet from the announcement below:
Windows Azure Validated for PCI DSS Compliance Payment fraud continues to be a huge concern for the growing number of organizations that accept credit card payments. We are pleased to announce that Windows Azure has been validated for compliance with the Payment Card Industry (PCI) Data Security Standards (DSS) by an independent Qualified Security Assessor (QSA).
The PCI DSS is the global standard that any organization of any size must adhere to in order to accept payment cards, and to store, process, and/or transmit cardholder data. By providing PCI DSS validated infrastructure and platform services, Windows Azure delivers a compliant framework for you to run your own secure and compliant applications. You can more easily achieve PCI DSS certification for those applications using Windows Azure.
To assist customers in achieving PCI DSS certification, Microsoft is making the Windows Azure PCI Attestation of Compliance and Windows Azure Customer PCI Guide available for immediate download.
Visit the Trust Center for a full list of in scope features or for more information on Windows Azure security and compliance.
ISO Certification expanded to Include SQL Database and Many More Windows Azure Features
Windows Azure has successfully completed its annual ISO audit. In addition to Windows Azure Cloud Services, Storage, Virtual Machines and Virtual Networks, the ISO audit scope has been significantly expanded to include SQL Database, Active Directory, Traffic Manager, Web Sites, BizTalk Services, Media Services, Mobile Services, Service Bus, Multi-Factor Authentication, and HDInsight among others. This includes the Information Security Management System (ISMS) for Windows Azure, encompassing infrastructure, development, operations, and support for these features.
This expanded certification reaffirms Microsoft’s commitment to implementing internationally recognized information security controls so that customers can comply with the laws and regulations applicable to their use scenarios.
Visit the Trust Center for a full list of in scope features or for more information on Windows Azure security and compliance.
You can read more details on the announcement directly from Microsoft here.
