From the earliest days of Twistlock, we’ve always tried to build things that solve real problems for customers. If we’ve talked, you’ve probably heard me mention that >60% of the features we’ve shipped have been co-designed with a customer (or several) based on their own security and operational requirements. That mindset doesn’t stop at the product bits, though; we’ve also invested many hours in creating comprehensive documentation and support systems as well.
In recent months, we’ve been proud to win dozens of new customers, many of which are in financial services or, at the very least, process credit card transactions on behalf of their own customers. These organizations want to leverage all the great benefits of containers across their environment, even in the most sensitive areas that deal with personal financial data. These environments are subject to a variety of regulatory and compliance requirements, though, so to be able to take a new technology into them requires being able to operate it in a way that meets those requirements.
As we worked with these customers, we realized that while there’s a lot of great information on container security in general, like the Center for Internet Security’s Docker Security Benchmark and OpenShift’s Docker Security eBook, there’s relatively little information specifically about PCI compliance for containers. So, in the spirit of helping customers solve real problems, we decided to change that through two main actions.
First, we’re proud to announce today that Twistlock has joined the PCI Security Standards Council as a new Participating Organization. We’ll work with the Council to achieve and improve payment data security worldwide through the ongoing development of the PCI Security Standards, including the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) requirements and the Payment Application Data Security Standard (PA-DSS).
As a Participating Organization, Twistlock adds its voice to the standards setting process and will receive previews of drafts of standards and supporting materials in order to provide feedback to shape their final versions, as well as engage a growing community of more than 700 organizations united to improve payment security worldwide. Because Twistlock is specifically focused on full stack container security, we’re able to provide a deep, technically relevant perspective to help integrate container thinking into these future PCI standards and guidance.
Second, we invested significant R&D time to build, test, and document a detailed guide specifically focused on PCI compliance for containers. This first of its kind document is designed to provide clear alignment between the PCI DSS requirements, container ecosystem capabilities, and specific features customers can use within Twistlock to help enforce compliance–think of it like a checklist for maintaining and achieving PCI compliance. Our guide breaks down the standard section by section, discusses threats and countermeasures, and provides specific implementation guidance to help you implement necessary controls. All the recommendations in the guide are fully tested and supported directly by us for our customers.
Since so many organizations rely on electronic payments today, we hope these actions will be broadly valuable to everyone using containers and we’re happy to make the guidance available for free on twistlock.com.
- Download the guide to PCI Compliance for Containers and know the ins and outs of the PCI DSS requirements!
- Read about how Twistlock is protecting customers from the Cisco CloudCenter CVE through compliance enforcement.
- Check out other articles pertaining to Compliance for Containers.
- Twistlock 2.0 version is released, which contains a feature called Compliance Explorer.
Follow us on Twitter
Follow us on Twitter for real time updates on the cloud native ecosystem, Twistlock product, and cloud native security threats.
Baking Compliance in your CI/CD PipelineRead the Blog
Serverless Security Suggestions: Tips for Keeping Serverless Functions SecureRead the Blog
Why a Common Security Toolset is Essential for DevSecOpsRead the Blog
Putting the “Ops” in DevSecOps: Why It’s Hard and How to Do ItRead the Blog
Why the Point Solution Mindset for IT Security is DeadRead the Blog