BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ
News Articles Presentations Podcasts Guides

Topics

Choose your language

QCon San Francisco

Learn what's next in software from world-class leaders pushing the boundaries. Attend in-person or get video-only pass to recordings.
QCon London

Discover new ideas and insights from senior practitioners driving change in software. Attend in-person.
The Software Architects' Newsletter

Your monthly guide to all the topics, technologies and techniques that every professional needs to know about. Subscribe for free.

InfoQ Homepage PCI DSS Content on InfoQ

News

RSS Feed
  • Cloud

    Microsoft Releases Azure Payment HSM in Public Preview for the Payment Card Industry

    Recently, Microsoft announced the public preview of a bare-metal infrastructure as a service (IaaS) Azure Payment HSM that provides cryptographic key operations for real-time payment transactions in Azure. It uses the Thales payShield 10K payment HSMs, which delivers a suite of payment security functionality proven in critical environments.

    Steef-Jan Wiggers
    on Feb 08, 2022 1
  • DevOps

    Reconciling Kubernetes and PCI DSS for a Modern and Compliant Payment System

    Ana Calin, systems engineer at Paybase, gave an experience report at QCon London [slides PDF] on how the end-to-end payments service provider solution managed to achieve PCI DSS level 1 compliance (the highest) with 50+ Node.js microservices running on Google Cloud Kubernetes Engine (GKE), and using Terraform for infrastructure provisioning and Helm for service deployment.

    Manuel Pais
    on Apr 21, 2019
  • DevOps

    DevOps Survival in the Highly Regulated Financial Industry

    Robert Scherrer, head of application engineering at SIX, on how the company leveraged DevOps principles and benefits in the highly regulated Swiss financial industry. Engaging with compliance auditors to collaboratively agree on solutions early before it's too costly to change and avoiding legacy internal directives (not actually required by external regulations) are the main takeaways.

    Manuel Pais
    on Jul 31, 2016

  • S is for Security

    Frank Breedijk, security officer at Schuberg Philis, talks about the friction points between security and DevOps and how to collaborate to avoid them. Examples include automating security tests and environments, reducing scope of security audits to relevant system components only or allowing security fixes to jump the queue of changes to production.

    Manuel Pais
    on Jun 22, 2013

  • New DMTF WorkGroup To Address Cloud Security Concerns Through Cloud Audit Standards

    Security concerns still remain the top inhibitor of cloud adoption and cloud audits will alleviate some of these concerns. DMTF instituted the Cloud Audit Data Federation Work Group (CADFWG) to define specifications which will empower organizations to audit cloud-based IT resources, regardless of their chosen cloud provider.

    Jeevak Kasarkod
    on May 08, 2011
BT