GCP PCA · Question 08 · Domain 3: Designing for Security and Compliance

CASE STUDY: TrendWear Apparel

Company Overview:
TrendWear Apparel is a global clothing retailer with an e-commerce platform and 500 physical stores.

Current Technical Environment:

• On-premises VMware environment
• Legacy IBM Mainframe for core inventory management
• Monolithic e-commerce application running on VMs

Business Requirements:

• Modernize the e-commerce platform to handle Black Friday (10x normal traffic)
• Unify online and in-store inventory data in real-time
• Avoid major capital expenditure (CapEx) for data center refreshes

Executive Statements:

• CEO: "We need an omnichannel experience. Customers should see accurate store inventory online."
• CFO: "We must shift from CapEx to OpEx. No more buying hardware."
• CTO: "We want to move to microservices, but we cannot retire the mainframe for at least 3 years due to complex legacy dependencies."

Technical Requirements:

• Hybrid architecture connecting GCP and on-premises
• Microservices architecture for the new e-commerce platform
• PCI-DSS compliance for all payment processing
• Consistent management plane across on-prem and cloud

Constraints:

• Mainframe must remain on-premises
• E-commerce migration must be completed before the next holiday season (8 months)

QUESTION:
To meet the PCI-DSS compliance requirement, the security team wants to ensure that raw credit card numbers are never stored in the cloud databases. How should you design the data ingestion pipeline?