Microsoft's Windows Azure gets payment-card compliance nod

Summary:Windows Azure is is compliant with the PCI DSS, a standard designed to help thwart credit-card data fraud. Meanwhile, Azure's Hyper-V Recovery Manager is now generally available.

The Windows Azure team is starting 2014 with yet another of its regularly delivered bundles of new features and updates.

azurepcicompliant

As of this month, Windows Azure is now considered "Level 1 compliant" under the Payment Card Industry (PCI) Data Security Standards (DSS). The PCI DSS is a security standard designed to help thwart credit-card data fraud. PCI certification is required for all organizations that store, process or transmit payment-cardholder data, Microsoft officials said on January 16.

Microsoft Technical Evangelist Niall Moran explained in a blog post why PCI DSS is a big deal:

"I remember building a PCI DSS compliant infrastructure in the past and it's no joke. First off, achieving compliance involves an interrogation of every aspect of how card details travel from a user's browser to your back end servers and every touch point in between. Kind of like a chain, if any link in the chain is weak, then the chain is weak. So from a PCI DSS perspective every system that touches the card details must be audited.

"This of course presents a problem for cloud data centres like Azure, where it's impossible to allow auditors every time a customer requires a certification. So, the way around this is for Microsoft to achieve compliance. Today's announcement means customers can now deploy applications and have them certified, so this opens up Azure for a new type of workload."

PCI DSS is just one of a growing number of compliance certifications that Azure now meets. Azure completed its annual ISO audit, according to Azure General Manager Steven Martin.

"In addition to Windows Azure Cloud Services, Storage, Virtual Machines and Virtual Networks, the ISO audit scope has been significantly expanded to include SQL Database, Active Directory, Traffic Manager, Web Sites, BizTalk Services, Media Services, Mobile Services, Service Bus, Multi-Factor Authentication, and HDInsight among others," Martin blogged on January 16.

The Windows Azure team also announced this week that Azure Hyper-V Recovery Manager is now generally available. Hyper-V Recovery Manager is a disaster-recovery offering that automates the replication of running virtual machines (VMs) to a secondary, external site.

Microsoft MVP Aidan Finn noted in a blog post that Hyper-V Recovery Manager is a simple product that allows users to configure complex orchestration. However, he also said that the price is "stupid expensive." Finn said the service's reliance on System Center may put it outside the realm of potential small-to-medium-sized customers. The notion of backing up a system outside of one's own disaster-recovery site may be problematic for instances when Internet access is spotty or nonexistent, too, he said.

Details about these latest Azure updates, along with some additional ones made to Windows Azure Web Sites and Mobile Services, are available on Microsoft Vice President Scott Guthrie's blog.

Topics: Cloud, Disaster Recovery, IT Policies, Microsoft

About

Mary Jo Foley has covered the tech industry for 30 years for a variety of publications, including ZDNet, eWeek and Baseline. She is the author of Microsoft 2.0: How Microsoft plans to stay relevant in the post-Gates era (John Wiley & Sons, 2008). She also is the cohost of the "Windows Weekly" podcast on the TWiT network. Got a tip? Se... Full Bio

Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.