This week Nuage Networks released a white paper validating compliance of our latest 4.0 release with the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS requires merchants and service providers that store, process or transmit cardholder data to adopt information security controls and processes to ensure consumer protection. As the payment processing chain undergoes rapid evolution as more and more transactions migrate online, while major processing infrastructures migrate to shared cloud architectures, effective security policies, controls and forensics are more critical than ever.
Nuage Networks engaged Tekmark Global Solutions, a leading provider of technology risk management services for mission critical applications, to perform the assessment of the entire Virtualized Services Platform (VSP) to validate PCI requirements. The results, as provided in the referenced white paper conclude that: Nuage Networks SDN and security solutions for Cloud/Data Center and branch networks make it easier for organizations to achieve PCI compliance by facilitating adherence to key PCI requirements. There are no known limitations within the solution components that would inhibit an organization’s ability to become PCI compliant, or maintain their existing compliance.
The report highlighted key features and capabilities within the VSP platform that facilitate PCI compliance, starting with one of the key drivers for SDN deployments overall, microsegmentation. Embedded Layer 3/4 Distributed Firewalling with stateful ACLs enables “microsegmentation” in the data center, cloud as well as perimeter security at branch networks to restrict both user and system access to corporate applications and data. Microsegmentation includes the ability to enforce fine-grained security policies between individual application workloads (even those sharing a common server), enabling a “zero-trust” model within multi-tenant cloud environments where all application traffic is blocked unless explicitly allowed.
It was also noted that virtual networks (layer 3 domains using VXLAN overlays) provide network isolation between IT environments across data center and branch networks. Other features include IPsec encryption for WAN traffic over both public and private cloud networks, and support for Transport Layer Security (TLS) 1.2 and strong ciphers for communication to VSP GUI and APIs.
The full white paper goes into much more detail on the testing methodology, the test results, more depth on the Nuage Networks capabilities in support of PCI, and a high-level overview of the specification itself. For more background, the following table summarizes the goals and high-level technical and operational requirements of PCI DSS.