After the initial announcement in March, Microsoft has announced a second Azure PCI AoC. According to the company, Azure now has the biggest PCI coverage in the industry, and attested services total forty.
For those unfamiliar, the Payment Card Industry Data Standard (PCI DSS) is a security standard used for cards such as Visa, MasterCard, American Express and more. It prevents fraud through better control of credit card data.
An external Qualified Security Assessor usually carries out validation of compliance checks yearly to ensure organizations meet the standards. However, Microsoft has opted for a bi-yearly model to keep with Azure's rate of growth.
Azure is compliant at Service Provider Level 1, the highest possible. This supports up to six million transactions per year.
The new add-on extends the AoC to a number of additional Azure services, including:
- “IoT Hub
- Service Fabric
- API Management
- Operations Management Suite
- Azure Automation
- Log Analytics
- Azure Backup
- Azure Site Recovery
- Microsoft Intune
- Azure Container Service
- Stream Analytics
- Power BI“
Microsoft has plans to increase this list further by the next round of assessments.
“Azure has the biggest PCI coverage in the industry,” says Alice Rison, Senior Director, “we are rapidly creating new services and features that our PCI customers want to leverage in their compliant solutions.”
The certification of the platform allows customers to develop a card processing environment that utilizes Azure's validation. This means they don't need to go through the process themselves, saving both time and costs.
However, customers are still responsible for their PCI DSS compliance in some areas. As a result, Microsoft has published a guide on the matter with further details.
You can also visit the Azure blog post to read more about the addition and what it means for businesses.