If you are processing payment card data in any way in the cloud (whether storing, transmitting, tracking or processing) you need to be PCI DSS compliant.
Built on our already secure-by-design Opensource cloud, The Bunker’s PCI DSS Secured Cloud is deployed using the most performant and secure Opensource products available today, and aligns your infrastructure to all 12 key industry requirements.
Opensource PCI DSS Cloud is the natural choice; with no licensing costs to consider as you grow, it can provide you with limitless scalability and PCI DSS compliance. Your ROI can be fast-tracked, while security information and event management is at scale and fast.
It is easy to deploy applications to the cloud, but doing this at scale and remaining compliant brings additional challenges, and associated risks of compliance failure. This is a costly risk, both financial and reputational, and not one that businesses can afford to take.
We help you ensure that you are able to meet customer demands, as well as audit the systems that appear and disappear just as quick, to serve your specific traffic patterns.
The PCI DSS compliance standard is one that, whilst you may not be required to meet, can act as a business enabler; the requirements ensure compliance with GDPR, amongst other things, and here at The Bunker we facilitate the creation of PCI DSS compliant clouds for all highly security-conscious businesses.
The PCI DSS Opensource Private Cloud uses our standard Opensource Private Cloud as its foundation. In addition to this already secure-by-design Opensource cloud, increased zone isolation is added providing a multi-layer security design.
You can carry out the deployment in-house or free up your resources to focus on the development of your application and use The Bunker’s engineering team, as an extension of your own, to automate your deployment and scalability.
Multiple DMZ zones (PCI DSS commonly refer to networks as zones) are implemented for traffic to traverse through firewalls, onto load balancers and Web Application Firewall (WAF) devices before reaching further load balancers.
The web and application zones would be home to reverse proxies, potentially some more load balancers, and your application nodes.
If your application requires a database or multiple databases, this could potentially be the last zone or zones that the request reaches before being returned to the user.
HAProxy, Apache ModSecurity and NGINX NAXSI are deployed at various points in the network at these stages to ensure resiliency and compliance. Each zone that is passed through is subject to strict least privilege firewall controls. Administration access would be provided through a separate management zone or zones also, depending on the usage requirement.
All of the servers (hypervisors, virtual machines) are deployed with OSSEC agents, whether static or dynamic, who report into the managed security dashboard dedicated to your environment. The IDS server has a watchful eye on all of the traffic traversing between each zone.