This post explains how the PCI Security Standards Council has introduced its new PCI Software Security Framework to align PCI with modern software development and deployment practices such as DevOps, microservices, and containers.
Read more “New PCI Standards for New Ways of Building Software”
Whether you are adhering to mandatory regulations or voluntary cybersecurity frameworks, taking compliance seriously can be a huge boon to your organization. It can help you avoid costly penalties, signal to your customers that you’re serious about security, and improve your organization’s overall security maturity. Meeting compliance requirements can also help open your business up to new markets, whether you’re targeting specific industry verticals or going after international customers, and finally, it can speed up your sales process along the way.
But let’s be honest: Compliance can seem like a necessary evil. It’s time consuming and complex, and it can be a huge pain in the you-know-what. Just because the benefits outweigh the costs doesn’t make the process any less painful.
Certain frameworks make their pain felt across industries. GDPR, for example, applies to any organization doing business even nominally in Europe and requires notification of a breach within 72 hours. SOC 2 is a rigorous standard that applies to any company operating in the cloud, and one of the main challenges for Threat Stack in achieving SOC 2 compliance was eliminating the disconnect between our engineering team’s tickets and the code associated with those tickets.
Other compliance frameworks reserve their pain for specific industries, and those can feel especially burdensome. What are the main pain points by industry, and, more importantly, how can you mitigate them? We dig into the specifics below. Read more “Top Compliance Pain Points by Industry”
If your organization processes credit or debit card payments, PCI compliance is essential. If you are a merchant of any size accepting credit cards, you must be in compliance with PCI Security Standards. In this post, I’m going to walk you through what you need to know about AWS PCI compliance to ensure compliance in the cloud. Read more “What is AWS PCI Compliance?”
In the past, we’ve talked about various ways that compliance can add value to your business. But what happens when you don’t attain or maintain compliance. (Note: In the following, we focus on PCI, but equally unpleasant consequences can result, of course, if you fail to meet other standards such as HIPAA, SOC 2, etc.). Read more “Meeting Compliance in the Cloud ≠ A Choice”
PCI Security Standards are technical and operational requirements set by the PCI Security Standards Council to protect cardholder data. Threat Stack customers frequently ask us how Threat Stack can help them comply with these two sets of requirements:
The good news is that the following Threat Stack features can provide significant benefits to customers who need to satisfy PCI Compliance Requirements 10 and 11:
In the remainder of this post, we’ll demonstrate how these can help you meet your PCI compliance and security goals. Read more “Demonstrating PCI Compliance Using Threat Stack”