homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

Amazon EC2 cloud servers can be PCI compliant
Amazon confirms you can become PCI compliant on EC2

5+ Year Member

Msg#: 3976749 posted 8:52 am on Aug 22, 2009 (gmt 0)

EC2 is a service provided by Amazon where you can rent cloud servers (virtual servers) at relatively low cost. They have now clearly stated in an email exchange that you can set up these servers to become PCI compliant.
This confirms my research on this topic - and is good news if you have to set up a PCI compliant environment.
You can NOT become PCI "Level 1" compliant on EC2 servers - but that is only required for merchants who do more than 6 million transactions per year.
While we probably all wish that was us, the reality is different, and only very few companies have to meet level 1 compliance.
For the rest of us this means we can become PCI compliant on EC2 servers at very low cost.
If you don't know what EC2 is, Google will answer this for you.
The email exchange is here: [developer.amazonwebservices.com...]
It clearly states Level 1 is out, because they won't let anyone visit their database centres - but Level 2 and below are ok.
Their data centre and virtual servers meet all PCI requirements and you can set up all your servers and firewalls to meet PCI requirements as per PCI questionnaires. However you still have to set up your servers and logging and intrusion control and so on to meet PCI regulations, of course.
Nevertheless if you need PCI, this is another option you can look at. If you use open source solutions Ossec and Snort (ask Google) for logging and intrusion control, PCI compliance doesn't have to be hugely expensive.




10+ Year Member

Msg#: 3976749 posted 7:01 pm on Aug 24, 2009 (gmt 0)

will this affect the "ecommerce friendliness" of EC2 as it relates to ssl? we had looked at EC2 last year but backed away because of problems with ssl - if i recall, we needed to have a separate ssl for each virtual server - we operate lots of sites, so it didn't work... (they did have a ucc ssl option but it only works with windows...)


5+ Year Member

Msg#: 3976749 posted 1:07 am on Aug 25, 2009 (gmt 0)

UCCs also support Apache and Linux boxes. <snip> But I have also seen people using GoDaddy UCCs for this (cheaper but supposedly less service provided).

[edited by: lorax at 10:20 am (utc) on Aug. 25, 2009]
[edit reason] dead link removed [/edit]

Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved