NetApp Instaclustr, the leading provider of fully managed open source solutions at the data layer, has successfully achieved compliance with the latest Payment Card Industry Data Security Standard (PCI DSS), version 4.0.

PCI DSS 4.0 represents the most comprehensive update to the standard since version 3.2.1 was released in 2018. The update addresses the emerging threats and technologies that have developed over the past few years by enhancing security requirements to tackle modern security challenges and promoting security as a continuous process.

NetApp Instaclustr, through our commitment to safeguarding and protecting data in the cloud, were able to demonstrate that many of the required changes were already in place. While other future dated changes are in the progress of being uplifted through a comprehensive and dedicated program of work.

Key changes from PCI DSS 3.2.1 to 4.0

  1. Security as a continuous process to emphasizes that security should be an integral part of business-as-usual activities.
  2. Enhanced multi-factor and password requirements to secure all access to the cardholder data environment (CDE).
  3. More rigorous testing of security incident responses processes
  4. Greater emphasis on timely detection and reporting of failures in critical components
  5. Additional training on phishing and social engineering techniques
  6. Targeted risk assessments on critical technologies and business processes
  7. Uplifting of existing security controls around logging, network security, and authentication to better prevent emerging threats

As part of our PCI 4.0 uplift program, NetApp will reach out to you to with minor changes to your cluster security controls to take place during a planned maintenance window.

Why PCI DSS 4.0 matters to our customers

While not all of NetApp Instaclustr’s customers have a requirement to have PCI DSS for their financial or sensitive applications, it is widely recognized as a gold standard for security-conscious customers due to its comprehensive set of security standards established by major credit card companies, including Visa, MasterCard, and American Express.

It provides:

  • Enhanced security controls—the updated standard ensures that we employ the latest security controls to protect your sensitive information
  • Adaptability to emerging threats—through adherence to PCI DSS 4.0, NetApp Instaclustr is better equipped to anticipate and defend against new and sophisticated cyber threats
  • Commitment to excellence and continuous improvement—through our dedicated security, compliance engineering, and operations teams
  • Investment in technology and modern security tooling—that are required to meet the enhanced automated monitoring requirements

PCI offerings

NetApp Instaclustr offers, on both AWS and GCP, the following applications in compliance with PCI standards:

  • Cassandra®
  • Kafka®
  • OpenSearch®
  • Valkey™
  • Cadence®

To be compliant with PCI standards there are several criteria that must be satisfied including having the PCI add-on enabled and having PCI compliant account security settings enabled.

For a full list of requirements for running a PCI-managed service please see the NetApp Instaclustr PCI compliance documentation site that outlines what the customer responsibilities for running a PCI compliant cluster are.

Have questions? We’re here to help

If you have any questions about what PCI DSS 4.0 compliance means for you or how it enhances the security of your data while using our services, please don’t hesitate to contact us via email at [email protected].