New! Magalix Kubernetes PCI DSS Compliance Policies

Incorporating general IT security measures while adhering to industry regulations requires a new level of skills and considerations, making it difficult to see the value exchange of complexity for increased innovation and delivery. This story is all too familiar businesses that have chosen to adopt the cloud. One of the primary challenges for organizations is to adhere to compliance standards such as PCI DSS.

Understanding the PCI DSS

What is PCI DSS?

The payment card industry Data Security Standard (PCI DSS) is a set of security standards put in place to ensure the security of credit card transactions in the payment industry. The compliance standards refer to the technical and operational standards that businesses must adhere to to secure and protect credit card data provided by cardholders and transmitted through car processing transactions.

The standards for compliance are managed and developed by the PCI Security Standards Council, an independent body created by major players in the credit card industry (Visa, MasterCard, American Express, ..among others).

Who Must Comply with PCI DSS?

Organizations, however big or small, must be PCI compliant if they accept, transmit, or store any cardholder data, regardless of the size or number of transactions.

Requirements for PCI Compliance

PCI DSS Compliance has 12 key requirements, 78 base requirements, and over 400 test procedures - all considered best security practices. The requirements include aspects such as implementing firewalls to protect data to testing security systems on a regular basis, among many others. . A full copy of the PCI DSS can be found here.

Magalix Introduces PCI DSS Compliance Policies

Understanding the complexity of the PCI DSS compliance first hand, we are proud to announce the general availability of PCI-DSS support within our extensive Magalix Policy Library. We have partnered with FinTech organizations, PCI-auditors, and our own collective experiences within the space to provide a one-to-one mapping of Policies to PCI requirements, covering all 12 PCI-DSS controls.

Our main objectives were to rapidly enhance your understanding of the various PCI requirements, while providing insights to know which components in your Kubernetes clusters are impacted. We’ve taken on those tasks behind the scenes so you can focus on your compliance story without having to endure an elongated ramp up period.

It's not just the Policies

Magalix already greatly reduces the effort it takes to understand your security posture at build-time, deploy-time, and run-time. Knowing the current state of your infrastructure at any given time is a must, but a dashboard and your word won’t be enough to become certified, or remain compliant. By mapping our Policies to PCI Requirements, we are able to provide robust reporting that captures the perspective of several different stakeholders.

Conclusion

Being responsible for protecting cardholder data doesn’t mean you’re instantly an expert in all things PCI. There is a learning curve that will take time, but when dealing with security, hackers won’t wait. Your customers demand the features that make their lives easier but in industries where risk is high, and customer trust can make or break your business, you need to be ready as quickly as possible.

Magalix fastracks your PCI-DSS compliance initiatives by taking the legwork out of identifying the coverage area. We want you to know which components fall under PCI, what’s impacted, and what to prioritize when securing your cardholder data and reputation.

Magalix Policy Enforcement Platform has 100s out-of-the-box policies and templates that you can hit the ground running with.