Top 10 things you MUST read about virtualization and compliance
There are numerous compliance regulations that companies must follow these days including SOX, PCI and HIPPA. Trying to meet these compliance regulations is never easy and virtualization adds even more complexity on to an already challenging task. Further complicating the task is the fact that virtualization seems to be a grey area in many compliance specifications with very little detail on how to secure your virtual hosts. The items on this list include presentations from VMworld, webcasts from security vendors and white papers that will aid you in your quest to achieve compliance in your virtual environment.
-
1
How Server Virtualization Impacts Data Security and PCI Compliance
http://www.safenet-inc.com/email/webinar/pci/2008_Virtualizaiton_Webinar.htm
A great webinar that handles the topic of how server virtualization impacts PCI compliance. This is often a misunderstood area as virtualization is not specifically covered in the PCI specification.
-
2
How to Achieve Security and Satisfy Compliance
http://www.vmworld.com/vmworld/mylearn?classID=11461
A VMworld 2007 presentation (free registration required) that covers ESX security practices and recommendations. Additionally it covers compliance requirements and how to asses your compliance readiness.
-
3
Achieving Compliance in a Virtualized Environment
http://www.vmware.com/files/pdf/technology/compliance_virtualized_environment_wp.pdf
A white paper from VMware that discusses how to achieve compliance in a virtualized environment and how virtualization impacts compliance.
-
4
Best Practices for Surviving Regulatory Compliance (VMworld 2007)
http://www.vmworld.com/vmworld/mylearn?classID=11450
A VMworld 2007 presentation (free registration required) that covers PCI compliance and how it impacts VMware Virtual Infrastructure.
-
5
Reducing the Scope of Your PCI Audit: Innovative Network Segmentation Using Host Intrusion Defense
http://resources.thirdbrigade.com/pciaudit/
A presentation (free registration required) from Third Brigade that covers how to segment your network to reduce the scope of your PCI audits.
-
6
Staying PCI Compliant in Virtual and Physical Environments
http://tripwire.com/register/_archived_webcast.cfm?file=Tripwire_PCI_Virtualization.flv
A webcast from Tripwire that covers the challenges of virtualization for security and PCI compliance and best practices for proving control in a virtualized environment.
-
7
Insights from an Auditor: Ensuring a Successful PCI Audit
http://tripwire.com/register/_archived_webcast.cfm?file=Tripwire_Protiviti_PCI.flv
A webcast from Tripwire that talks about common pitfalls of meeting PCI requirements and how to develop a strategy for assessing your payment card environment.
-
8
Surviving Regulatory Compliance in the Virtual Infrastructure
http://download3.vmware.com/vmworld/2006/adc9521.pdf
A VMworld 2006 presentation on compliance rules for SOX, implications for VMware implementations and how to overcome security and audit issues.
-
9
PCI Data Security Standard (PCI DSS)
https://www.pcisecuritystandards.org/security_standards/pci_dss_download.html
The official documentation of the PCI standard. Contains the documentation of the latest PCI specification and a summary of changes between versions of the specifications.
-
10
VMware Compliance Center
http://www.vmware.com/technology/security/compliance/resources.html
VMware's compliance portal that contains links to documents that are compliance related.
