Introduction Welcome! In the upcoming series of articles (this is Part 1), I’ll be discussing some things to consider if you want to use Kubernetes to host an application that is subject to PCI DSS. I have been interested in containers for quite a while now and have recently had a lot of PCI DSS clients asking about Kubernetes. The concepts and controls in PCI DSS don't always translate well to a containerized environment which gave me the idea to write this series. The series will be split up into PCI DSS domains and I'll do my best to provide some discussion topics as well as demonstrations for each. Nothing in this series is a guarantee that you'll be compliant with PCI DSS; there are too many variables to consider. My hope is that this provides a good starting point for planning a migration onto Kubernetes.

According to a recent survey published by RightScale Inc., more than 90 percent of businesses use some form of cloud technology. The benefits of using the cloud are clearly undeniable, but that doesn’t mean getting set up and running on the proper solution for your organization is effortless.

Identifying changes that must be made is the easy part. Managing those changes successfully—not so simple! Organizations today need to be extraordinary at adapting to or influencing changes in technology, policy, and procedure. Those who adjust well aren’t phased by the fast pace of the market or the constant evolutions in technology and security standards. Those who struggle with change constantly operate in a reactive state, and fail to properly strategize their business moves.

CIOs have a unique vantage point over their organization. From where they sit, they see efficiencies, pain points, and potential weaknesses across all departments. This level of visibility is invaluable in today’s intricate, technology-driven, and information-rich business landscape.

With a majority of business operations riding on the shoulders of technology today, the success of one requires the coordination of many. That means a lot of vendors are involved in the handling and care of your sensitive data. How can companies ensure that the volumes of vendors they work with are compliant with all industry regulations and are properly protecting their business data?

Even if you have the greatest product in the world, it won’t sell if no one knows about it. You’ve got to invest in the proper promotional channels to get the word out. The same principle applies to an organization’s compliance program.

Promoting a culture of ethics and compliance is a fundamental component to the success of any organization. Although sometimes difficult to realize, the actual benefit of an ethics and compliance program exists in its ability to reinforce good decision making and ultimately steer us away from trouble. After all, just one mistake can leave you on the wrong side of the law, not to mention the financial drain and damage it can have on your company’s reputation. To create a culture that values ethics and compliance, we must realize a critical component: the buy-in. Simply put, everyone in the organization needs to be on board with the program.

As CEO of your company, you’ve worked hard to grow the business and ensure success. But there can be a roadblock to future growth of your organization—lack of compliance. This can have several negative effects on a company including loss of customers, fines and a lack of trust among current customers or prospects.