Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

(SEC308) Navigating PCI Compliance in the Cloud | AWS re:Invent 2014


Published on

Navigating Payment Card Industry (PCI) compliance on AWS can be easier than in a traditional data center. This session discusses how PaymentSpring implemented a PCI level-1 certified payment gateway running entirely on AWS. PaymentSpring will talk about how they designed the system to make PCI validation easier, what AWS provided, and what additional tools PaymentSpring added. Along the way, they'll cover some things they did to reduce costs and increase the overall security of the system.

Published in: Technology

(SEC308) Navigating PCI Compliance in the Cloud | AWS re:Invent 2014

  1. 1.
  2. 2.
  3. 3.
  4. 4.
  5. 5.
  6. 6. Snort IDS instance EC2 Instance eth0 tap0
  7. 7.
  8. 8. Customer Master Key (CMK) •I would recommend a unique CMK for each data record type (one to encrypt sensitive configuration files, one to protect SSL private keys, etc.) •The CMK is used to generate Data Encryption Keys. Returns
  9. 9. •Generate the DEK using the AWS SDK to call AWS KMS. It will return cipherTextwhich you must store with the record and a plaintext string which is the encryption key you will encrypt the record with. •Pass an Encryption Context value when creating DEK to map the key against the record you’re encrypting. This value will appears in AWS KMS audit logs. •Each record should have a unique DEK generated for it. Returns
  10. 10. Returns
  11. 11. Returns
  12. 12. Returns
  13. 13. Please give us your feedback on this session. Complete session evaluations and earn re:Invent swag.