Developers working in a highly-regulated industry, such as financial services, have to meet complex and challenging regulatory IT requirements. For example, to be able to handle payment card data, developers should secure it by Payment Card Industry Data Security Standard, or PCI-DSS for short.
Google released PCI Compliance solution guide
Google Cloud’s PCI-DSS certification covers Google Kubernetes Engine (GKE), however, when a developer builds an application on top GKE, it becomes the developer’s responsibility to make sure it meets the PCI compliance requirements. Thus, Google released the PCI Compliance on GKE solution guide to help developers to address concerns for GKE application in PCI regulated environments.
The guide shows how to limit and properly segment where the cardholder data environment, from the rest of the environment by using logical, network, and service-level segmentation methods. The guide also offers other information like how other cloud-native tools may help you with your goal to meet compliance requirements. The guide also aims to help developers having tough times migrating PCI environments from VMs to Kubernetes.