The G-Core Labs cloud has successfully achieved the certification of compliance with the requirements of the PCI DSS 3.2.1 standard in terms of storing, processing and transmitting payment cards data. The compliance was confirmed by annual QSA audit conducted by Compliance Control Ltd.
The presence of an internationally recognized PCI DSS certificate confirms the high level of protection of cards users personal information in the company’s cloud. This is especially important for the financial industry, online retail and any business that accepts payments with cards.
PCI DSS is a payment card industry data security standard developed by the Payment card industry security standards council (PCI SSC). It was established by Visa, MasterCard, American Express, JCB and Discover international payment systems. The standard is a set of detailed requirements for ensuring the security of data on payment cards users which is transmitted, stored and processed in information infrastructures of different organizations.
“Cloud infrastructure of G-Core Labs is located on all continents of the world, the company’s public cloud clusters operate in Luxembourg, Ashburn (USA), Moscow and Singapore, and during a year we also plan to connect Frankfurt am Main, Sydney, Sao Paulo (Brazil) and Khabarovsk. We pay great attention to the protection of our infrastructure at every point of presence, and obtaining the PCI DSS certificate is an international recognition of the quality of information security of our cloud,” says Vsevolod Vayner, head of the cloud platforms at G-Core Labs.
Also, he continues, the company has recently launched support for the advanced Intel SGX encryption standard at the IaaS layer of its cloud, which is intended to complement its security loop. “Intel SGX allows you to put user-level code in private memory areas, so-called enclaves, which are created to be protected against external processes and software running at more privileged levels, including operating systems and hypervisors”.
PCI DSS certification is an audit of a number of parameters of an organization’s information infrastructure, which can be grouped into 12 main categories: computer network protection; configuration of information infrastructure components; protection of stored cards users data; protection of transmitted data on cards users; anti-virus protection of information infrastructure; development and support of information systems; control of access to cards users data; authentication mechanisms; physical protection of information infrastructure; logging of events and actions; information infrastructure security control; information security management.