Patrick Lamphere, Director, OCI Regulated Markets Product Development
Our online retail customers often ask us, “How can my organization store credit card data on Oracle Cloud Infrastructure (OCI)?” One of the best ways to quickly build an environment that meets an industry framework is to use a reference architecture to design your applications.
If you have workloads that store, process, or transmit credit card information, you need to secure your systems and design the data security policies in a payment card industry (PCI)-compliant way. With our new PCI reference architecture, OCI is the first cloud provider to deliver a PCI-compliant deployment solution that’s been validated by a third-party auditor, Schellman & Company.
A reference architecture is a framework that introduces a platform topology, using architectural diagrams, a component overview, and recommendations for best practices. They save time by providing industry best practices and optimized code.
Obtaining the Shellman & Company assessment was an extra step that we took to ensure that your deployments using our reference architecture meet the Payment Card Industry Data Security Standard (PCI-DSS) requirements. When obtaining your PCI certification, you can reduce both time and cost by using our audited PCI reference architecture to satisfy your own audit requirements.
The PCI reference architecture is more than a collection of configuration scripts, it also includes a sample e-commerce site built on the Spring Framework that meets the requirements of PCI-DSS. Using the included sample policies and standards, you can build out a PCI-compliant information security management system (ISMS).
Figure 1: PCI reference architecture
The architecture includes a fully functional e-commerce application built on OCI and Oracle Autonomous Linux. The PCI reference architecture is written in Java using the Spring Framework and uses the following OCI services and features:
Virtual cloud networks
Web application firewall
With OCI and Oracle Autonomous Linux, the PCI reference architecture uses the following open source tools:
The PCI reference architecture is integrated with the Stripe Payment API for processing credit cards.
Using modular Terraform and CINC scripts, you can swap components using the tools of your choice. Updating the website is as simple as following these steps:
Upload a new .war file to Object Storage.
End the running web server instances.
Autoscaling automatically deploys new hosts, pulling in the latest configuration on startup, and all OS updates are handled automatically by Oracle Autonomous Linux.
The PCI reference architecture joins over 200 existing reference architectures, Quick Starts, and Solutions Playbooks from Oracle and our partners. Read more about the PCI Reference Architecture by visiting Oracle’s Architecture Center.
To get started, download the PCI reference architecture on GitHub, making deployment a ‘git pull’ away!