At Amadeus, we operate large-scale, secure, Payment Card Industry Data Security Standard (PCI/DSS)-compliant online and e-retail systems. Recently, we started migrating those systems to OpenShift Container Platform. For us and our customers, security and compliance is paramount.In this session, we2019ll discuss security mechanisms and protections related to Red Hat OpenShift Container Platform and our experiences deploying and using OpenShift, including:Security mechanisms, such as user and network access control and policies in Openshift and underlying Openstack, the audit trail of administrative actions, ways to use and protect Kubernetes secrets, and the concealment of application data.How to address technical limitations or potentially unknown vectors of attack using compensating controls via auditd, monitoring, and alerting.Security practices in Docker containers.How we use OpenSCAP auditing tool and profiles to audit virtual machine (VM) hosts and container images in our release pipeline.