Mail.ru Cloud Solutions Validates PCI DSS Compliance

2021: PCI DSS Compliance Confirmation

The cloud platform Mail.ru Cloud Solutions has received official confirmation of compliance with the international PCI DSS payment security standard. The standard helps protect payment card holders from risks posed by data storage and processing. This was announced on August 11, 2021 by Mail.ru Cloud Solutions.

PCI DSS compliance is important for Internet stores and services providers, including financial institutes and acquiring POS terminal services.

"To organize a fault-tolerant and safe infrastructure for online payments is a" headache "for various companies: from large retailers and banks to online services and online stores. They have to purchase servers, undergo certification and maintain a staff of specialists. The ability to get a ready-made, PCI DSS-certified cloud infrastructure will accelerate the transition to company clouds from finance and e-commerce. Those who already use cloud technologies will be able to use the Mail.ru Cloud Solutions solution in multi-cloud format, "said Leonid Anikin, Director of Business Development Mail.ru Digital Solutions.

IaaS PaaS The services of Mail.ru Cloud Solutions, including Kubernetes as a service, scalable and S3 Object Store databases PostgreSQL as a MySQL service, have also been certified. Moreover, the cloud provider confirmed compliance with the PCI DSS standard of all internal development processes: all new services at the time of the announcement are already properly protected, Mail.ru Cloud Solutions emphasized.

"Infrastructure deployed in the cloud may be subject to specific information security requirements. This is especially true for companies that process payment transactions. Now Mail.ru Cloud Solutions customers who operate with payment card data do not need to deploy their own infrastructure: they will receive a ready-made solution that fully complies with the PCI DSS standard. As a cloud provider, we assume this task and are responsible for the physical security of the data center, hypervisor operating systems and virtualization, "explained Anton Zhabolenko, head of information security at Mail.ru Cloud Solutions.

Preparation for certification lasted more than a year. The final audit of the compliance of security measures and documentation of the cloud platform Mail.ru Cloud Solutions was conducted by Card Security, a QSA certified auditor.

Cloud infrastructure Mail.ru Cloud Solutions is certified in accordance with the Federal Law "On Personal Data Protection" 152-FZ, the platform, in accordance with the requirements of the FSTEC, places personal data in the cloud on secure and certified servers with UZ-2 and UZ-3.

2020: Confirmation of compliance with the requirements of FSTEK UZ-2 and 152-FZ "On Personal Data"

The Mail.Ru Cloud Solutions (MCS) platform has confirmed compliance with the requirements of the FSTEC for the second level of data security (UZ-2) and 152-FZ "On Personal Data." This was announced on December 2, 2020 in Mail.ru Cloud Solutions, a vendor of a cloud platform for business.

This shows a high level of security of the provider's infrastructure and allows you to use the platform to store and process sensitive personal data, including biometrics. Compliance with UZ-2 makes the platform suitable, for example, for working with fingerprints, medical records and user photos, which is especially relevant for medical institutions and banking organizations.

The FSTEC certificate guarantees protection against 2 types of threats for any data and from 1 type for some of them. Thus, MCS guarantees the security of threats associated with undocumented capabilities in system software, for example, in the operating system.

To gain a second level of trust, MCS installed an intrusion detection system, protected customers from spam, and organized backup data, as well as reserving communication channels within the virtual infrastructure. In addition, the second layer of protection involves monitoring and responding to security incidents.

MCS clients have access to all data tools in a secure virtual environment, without having to self-evaluate the infrastructure. The physical security of the servers is also controlled by the provider.

The MCS cloud platform provides infrastructure and platform services that help companies of all sizes build and modernize their IT infrastructure to increase reliability, accelerate product development and launch, and optimize costs.

The largest Russian companies use cloud services of Mail.ru Cloud Solutions. Key requests for many of them are safety requirements and compliance with the FZ-152. We are constantly improving our platform to provide customers with reliable technological solutions, "commented Ilya Letunov, head of the platform Mail.ru Cloud Solutions and Tarantool.