Google has announced that its Cloud Platform has finally been validated by payment industry standard PCI DSS, in a move which will allow PCI compliant businesses to use the infrastructure to scale their services according to demand without breaking the regulations.
The Mountain View giant now follows cloud rivals Amazon and Microsoft in gaining PCI certification for its cloud platform, which includes elements such as the Compute Engine, App Engine, Storage Engine and Big Query.
Now that it’s certified PCI DSS compliant, it “will enable our customers to hold, process, or exchange cardholder information from any branded credit card on Google Cloud Platform,” product manager Matthew O’Connor said in a blog post.
PCI compliant payment service providers and other businesses which need to store or manage large volumes of card data can now benefit from using the Google Cloud to scale up or down in a cost effective manner, according to demand.
One such ‘developer’ is WePay which offers a payments API for crowdfunding sites, marketplaces and the like.
“Google Cloud Platform will enable WePay to process our partners’ transactions in a fully scalable, highly available environment with robust security features," said David Nye, WePay director of DevOps.
“The new PCI DSS certification that Google Cloud Platform has achieved enables WePay to dynamically grow our infrastructure as fast as our business and our partners’ businesses demand.”
Although not without its share of criticism over the years, PCI DSS is still the de facto standard for the payment card industry.
On paper it offers a set of steps businesses can take to improve data protection, while compliance shields them from liability if a breach does occur.
However, it has been criticized in the past for being too onerous – costing businesses vast amounts of man hours and money to achieve compliance, and even then without any guarantee they won’t be breached.