How customers store data for PCI Compliance on Blob Storage?

All replies

  • Hi Mital,

    For PCI Compliance you/your organization need to determine the extend of data encryption or where the data should be stored and how.
    However, you could consider using Azure Encryption Extensions to store data securely in Azure Blob Storage.
    You could refer the following link for details:


    Thursday, December 17, 2015 8:12 AM
  • Hi,

    Thanks for your quick response, and Azure Encryption Extensions helps to encrypt these sensitive information. My questions are as follow:

    1) As per PCI requirements, The system scan fails if port 80 (http) is opened. Currently, the blob storage has publicly accessible "http" endpoint (port 80), and must be blocked from the untrusted/public network. Please advise me if port 80 can be disabled in the blob storage.

    2) As per PCI requirements, the blob storage (https endpoint) must accept connection with specific/internal network zone only. It means, the blob storage must not accept any connection(s) publicly. Please advise me if the blob storage can be configured to allow communication from the specific network only.

    For more information, please have review PCI Requirement 1.3.7: Are system components that store cardholder data (such as a database) placed in an internal network zone, segregated from the DMZ and other untrusted networks?

    From my understanding, Azure storage service is PCI Compliance internally, but these limitations do not allow any customers to store card holder details in the blob storage. Just wondering if any customer have used Azure storage for card holder details with PCI compliance, and these requirements have been met?


    Tuesday, January 12, 2016 8:59 PM