Microsoft's Windows Azure gets payment-card compliance nod

Microsoft's Windows Azure gets payment-card compliance nod

Summary: Windows Azure is is compliant with the PCI DSS, a standard designed to help thwart credit-card data fraud. Meanwhile, Azure's Hyper-V Recovery Manager is now generally available.

SHARE:

The Windows Azure team is starting 2014 with yet another of its regularly delivered bundles of new features and updates.

azurepcicompliant

As of this month, Windows Azure is now considered "Level 1 compliant" under the Payment Card Industry (PCI) Data Security Standards (DSS). The PCI DSS is a security standard designed to help thwart credit-card data fraud. PCI certification is required for all organizations that store, process or transmit payment-cardholder data, Microsoft officials said on January 16.

Microsoft Technical Evangelist Niall Moran explained in a blog post why PCI DSS is a big deal:

"I remember building a PCI DSS compliant infrastructure in the past and it's no joke. First off, achieving compliance involves an interrogation of every aspect of how card details travel from a user's browser to your back end servers and every touch point in between. Kind of like a chain, if any link in the chain is weak, then the chain is weak. So from a PCI DSS perspective every system that touches the card details must be audited.

"This of course presents a problem for cloud data centres like Azure, where it's impossible to allow auditors every time a customer requires a certification. So, the way around this is for Microsoft to achieve compliance. Today's announcement means customers can now deploy applications and have them certified, so this opens up Azure for a new type of workload."

PCI DSS is just one of a growing number of compliance certifications that Azure now meets. Azure completed its annual ISO audit, according to Azure General Manager Steven Martin.

"In addition to Windows Azure Cloud Services, Storage, Virtual Machines and Virtual Networks, the ISO audit scope has been significantly expanded to include SQL Database, Active Directory, Traffic Manager, Web Sites, BizTalk Services, Media Services, Mobile Services, Service Bus, Multi-Factor Authentication, and HDInsight among others," Martin blogged on January 16.

The Windows Azure team also announced this week that Azure Hyper-V Recovery Manager is now generally available. Hyper-V Recovery Manager is a disaster-recovery offering that automates the replication of running virtual machines (VMs) to a secondary, external site.

Microsoft MVP Aidan Finn noted in a blog post that Hyper-V Recovery Manager is a simple product that allows users to configure complex orchestration. However, he also said that the price is "stupid expensive." Finn said the service's reliance on System Center may put it outside the realm of potential small-to-medium-sized customers. The notion of backing up a system outside of one's own disaster-recovery site may be problematic for instances when Internet access is spotty or nonexistent, too, he said.

Details about these latest Azure updates, along with some additional ones made to Windows Azure Web Sites and Mobile Services, are available on Microsoft Vice President Scott Guthrie's blog.

Topics: Cloud, Microsoft, Disaster Recovery, IT Policies

About

Mary Jo has covered the tech industry for 30 years for a variety of publications and Web sites, and is a frequent guest on radio, TV and podcasts, speaking about all things Microsoft-related. She is the author of Microsoft 2.0: How Microsoft plans to stay relevant in the post-Gates era (John Wiley & Sons, 2008).

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Faulty supposition

    I am glad to see the PCI DSS compliance finally getting done for Azure, and Hyper-V Recovery Manager is fantastic. However the statement that "The notion of backing up a system outside of one's own disaster-recovery site may be problematic for instances when Internet access is spotty or nonexistent," is a faulty statement as the VM is not actually being backed up to the cloud. HVR only sees the 2 SCVMM servers at the different Datacenters and it coordinates the Failover plans. It relies on Hyper-V Replica that replicates the VM from one datacenter to another.
    evill_genius
  • Faulty Statement on HVRM

    I am glad to see the PCI DSS compliance finally getting done for Azure, and Hyper-V Recovery Manager is fantastic. However the statement that "The notion of backing up a system outside of one's own disaster-recovery site may be problematic for instances when Internet access is spotty or nonexistent," is a faulty statement as the VM is not actually being backed up to the cloud. HVRM only sees the 2 SCVMM servers at the different Datacenters and it coordinates the Failover plans. It relies on Hyper-V Replica that replicates the VM from one datacenter to another.
    evill_genius
  • Hope it works better than what Target uses.

    A LOT better... At least there, it was possible to track it after the fact.

    In the "cloud" the path will be "cloudy", with a big chance of rain of credit cards.
    jessepollard