We’re happy to announce that our new whitepaper PCI Compliance for MySQL & MariaDB with ClusterControl is now available to download for free!
The Payment Card Industry Data Security Standard (PCI-DSS) is a set of technical and operational requirements to protect cardholder data and payment information. Any organisation that uses and stores such information is required to comply with the PCI standard.
Achieving full compliance with the standard is not easy. And even when it is achieved, one can easily fall out of compliance without the proper controls continuously in place. According to Verizon’s 2017 Payment Security Report, about half of businesses fail their interim PCI compliance assessment.
Access control, data protection and configuration management policies need to be implemented, and their continuous enforcement proven to auditors, in order to maintain compliance over time.
This guide discusses the essentials of a PCI compliance program from a database perspective. It will show to the reader how ClusterControl can be deployed to help address the requirements defined in the standard.
As a reminder, the PCI Data Security Standard Requirements (covered in this white paper) are:
- Building & Maintaining Secure Networks and Systems
- Vendor Supplied Default Settings
- Protecting Cardholder Data
- Encrypting Transmissions Across Public Networks
- Protection From Malware
- Maintaining Secure Applications
- Restricting Access to Cardholder Data
- Authentication & Access to System Components
- Monitoring & Testing Your Network
- Testing Security Systems
- Maintaining a Security Policy
- Onsite vs Cloud Storage
The whitepaper was written by Laurent Blume, Unix Systems Engineer and PCI-DSS expert and Severalnines CEO Vinay Joosery.
If your organization is or plans on performing payment processing on MySQL or MariaDB database infrastructures, this whitepaper will help you better understand what you need to do to stay compliant.
About the Authors
Laurent Blume, Unix Systems Engineer
Laurent's career in IT started in 2000, and even before then, he was evolving with modern computing and the advent of the Internet: from POS terminals for a jewelry stores chain to infrastructure servers in a government aerospace R&D organization, even touching supercomputers. One constant throughout was always the increasing need for security.
For the past 6 years, he has been in charge of first implementing, then keeping up with the PCI-DSS compliance of critical transnational payment authorization systems. Its implementation for databases has been an essential part of the task. For the last few years, it has expanded to the design and productization of a MariaDB cluster backend for mobile contactless payments.
Vinay Joosery, CEO & Co-Founder, Severalnines
Vinay is a passionate advocate and builder of concepts and business around distributed database systems.
Prior to co-founding Severalnines, Vinay held the post of Vice-President EMEA at Pentaho Corporation - the Open Source BI leader. He has also held senior management roles at MySQL / Sun Microsystems / Oracle, where he headed the Global MySQL Telecoms Unit, and built the business around MySQL's High Availability and Clustering product lines. Prior to that, Vinay served as Director of Sales & Marketing at Ericsson Alzato, an Ericsson-owned venture focused on large scale real-time databases.
">