InfoQ Homepage PCI DSS Content on InfoQ
News
RSS Feed-
Reconciling Kubernetes and PCI DSS for a Modern and Compliant Payment System
Ana Calin, systems engineer at Paybase, gave an experience report at QCon London [slides PDF] on how the end-to-end payments service provider solution managed to achieve PCI DSS level 1 compliance (the highest) with 50+ Node.js microservices running on Google Cloud Kubernetes Engine (GKE), and using Terraform for infrastructure provisioning and Helm for service deployment.
-
DevOps Survival in the Highly Regulated Financial Industry
Robert Scherrer, head of application engineering at SIX, on how the company leveraged DevOps principles and benefits in the highly regulated Swiss financial industry. Engaging with compliance auditors to collaboratively agree on solutions early before it's too costly to change and avoiding legacy internal directives (not actually required by external regulations) are the main takeaways.
-
S is for Security
Frank Breedijk, security officer at Schuberg Philis, talks about the friction points between security and DevOps and how to collaborate to avoid them. Examples include automating security tests and environments, reducing scope of security audits to relevant system components only or allowing security fixes to jump the queue of changes to production.
-
New DMTF WorkGroup To Address Cloud Security Concerns Through Cloud Audit Standards
Security concerns still remain the top inhibitor of cloud adoption and cloud audits will alleviate some of these concerns. DMTF instituted the Cloud Audit Data Federation Work Group (CADFWG) to define specifications which will empower organizations to audit cloud-based IT resources, regardless of their chosen cloud provider.