← All Case Studies
Financial Services

PCI-Compliant Cloud Infrastructure

Global Payments Processor (NDA)

Built PCI-compliant shared services infrastructure on EKS to host production payment workloads for a Fortune 500 payments company.

PCI-DSS Compliance achieved
SIEM Integrated logging
Technologies
AWSEKSTerraformHelmArgo CDKarpenterCrossplanePrometheusGrafanaLokiFluent-bitSysdigKeycloakCert-managerExternal SecretsAkamaiNginx

The Challenge

A Fortune 500 global payments processor needed to establish PCI-compliant infrastructure for production workloads:

  • Compliance requirements: PCI-DSS standards for payment card data handling
  • Migration scope: Move production workloads from non-compliant environment
  • Security controls: Comprehensive logging, monitoring, and access management
  • Operational readiness: Documentation and runbooks for compliance audits

Our Approach

Shared Services Infrastructure

Designed and deployed shared services on EKS with a focus on open-source CNCF projects:

  • Jenkins: CI/CD pipelines for infrastructure and application deployments
  • Sysdig: Runtime security and compliance monitoring
  • Fluent-bit: Log collection and forwarding

Custom Helm charts were developed for each shared service to meet specific compliance and operational requirements.

PCI Compliance Controls

Implemented security controls required for PCI-DSS:

  • SIEM integration: Configured Fluent-bit to route application logs to the Security Information and Event Management system
  • Access management: Keycloak for identity and access control
  • Certificate management: Cert-manager for automated TLS certificate provisioning
  • Network segmentation: Proper isolation between environments
  • Edge security: Akamai and Nginx for secure ingress
  • Secrets management: External Secrets for secure credential handling
  • Runtime security: Sysdig for container security and compliance monitoring

Infrastructure as Code

Developed and maintained Terraform modules for the shared services infrastructure:

  • Consistent, repeatable deployments
  • Version-controlled infrastructure changes
  • Audit trail for compliance requirements
  • Crossplane for Kubernetes-native infrastructure provisioning

CI/CD Pipelines

Built Jenkins pipelines using Groovy for:

  • Helm chart mirroring from external sources
  • Container image scanning before deployment
  • Image builds with security scanning
  • Terraform plan/apply automation

Operational Documentation

Created comprehensive service runbooks covering:

  • Service architecture and dependencies
  • Build and deployment procedures
  • Known issues and remediation steps
  • IAM and access patterns
  • Patching and upgrade procedures

Results

  • PCI-DSS compliance achieved for the shared services environment
  • Successful migration of production workloads to compliant infrastructure
  • SIEM integration providing audit trail for compliance requirements
  • Operational readiness with documented runbooks for all services
  • Security tooling in place for runtime monitoring and vulnerability detection