Microservices and containers offer some unique characteristics that support the Payment Card Industry - Data Security Standard (PCI-DSS). For example, microservices emphasize an architecture with one function per service/container, aligning well with PCI-DSS 2.2.1: implementing only one primary function per server. Similarly, containers by design offer reduced functionality, aligning with PCI-DSS 2.2.2: enabling only necessary protocols and services. At the same time, other aspects of microservices and containers make PCI-DSS compliance a significant challenge. For example, the ephemeral nature of containers - potentially only "living" for a few minutes - means monitoring must be real-time and embedded to monitor and enforce all container activity. And, as containers come and go, so too does the scope of the Cardholder Data Environment (CDE). A continually changing CDE scope may be one of the most significant impacts of containers on monitoring and maintaining PCI-DSS compliance.
This webinar will show the most recent updates to PCI-DSS and how to achieve visibility and control of containers to monitor, protect, and define the in-scope CDE successfully.
Overview of PCI DSS 3.2.1 (Issued May 2018)
- PCI 6 categories and 12 requirements
Microservices and containers as PCI opportunity?
- Limited functionality and one function per container
- CI/CD opens the door to better vulnerability scanning
Microservices and Containers as PCI challenge
- East-West Traffic
- Ephemeral nature of containers
- The velocity of CI/CD
- Managing CDE scope
Role of a DPI container FW beyond Requirement 1
Ted Ritter, CISSP Senior Consultant, CyberEdge Group
Glen Kosaka, VP of Products, NeuVector