Dynatrace and PCI DSS compliant systems

takahiko_imazon — Thu, 13 Apr 2023 09:46:26 GMT

Hi all,

I'm looking for use cases of Dynatrace for PCIDSS-compliant systems.

Are you using Dynatrace for PCIDSS-compliant systems?

How are you using it?

Regards,

Takahiko

Re: For PCI DSS compliant systems

skrystosik — Tue, 14 Jan 2020 10:06:00 GMT

We have dynatrace on such applications. What are you concern about? Security? In general there are few issues here. For example, you can have application where card numbers and other informations are send as query parameters. In such case all users of dynatrace that has access to purepaths will be able to see them. I’ve made RFE some time ago about option to use private settings (DT has option to mask such data for whole environment) for particular system. This technology is quite aggressive and makes other systems sometimes hard to analyze (It hides for example IP addresses in URIS, so it’s harder to use them by developers or administrators).

Second option is ability to extract sensitive data using request Attributes. Here you can add permissions only for users that has proper contracts signed. Only they for example will be able to create such configurations and read values. For others this option may be masked.

Sebastian

topic Dynatrace and PCI DSS compliant systems in Dynatrace Managed Q&A

Dynatrace and PCI DSS compliant systems

Re: For PCI DSS compliant systems