Top 10 things you MUST read about virtualization and compliance By Eric Siebert published: Wednesday, October 29 2008
There
are numerous compliance regulations that companies must follow these days
including SOX, PCI and HIPPA. Trying to meet these compliance regulations is
never easy and virtualization adds even more complexity on to an already
challenging task. Further complicating the task is the fact that virtualization
seems to be a grey area in many compliance specifications with very little
detail on how to secure your virtual hosts. The items on this list include
presentations from VMworld, webcasts from security vendors and white papers
that will aid you in your quest to achieve compliance in your virtual
environment.
How Server Virtualization Impacts Data
Security and PCI Compliance
http://www.safenet-inc.com/email/webinar/pci/2008_Virtualizaiton_Webinar.htm
A great webinar that handles the topic of
how server virtualization impacts PCI compliance. This is often a misunderstood
area as virtualization is not specifically covered in the PCI specification.
How to Achieve Security and Satisfy
Compliance
http://www.vmworld.com/vmworld/mylearn?classID=11461
A VMworld 2007 presentation (free
registration required) that covers ESX security practices and recommendations.
Additionally it covers compliance requirements and how to asses your compliance
readiness.
Achieving Compliance in a Virtualized
Environment
http://www.vmware.com/files/pdf/technology/compliance_virtualized_environment_wp.pdf
A white paper from VMware that discusses
how to achieve compliance in a virtualized environment and how virtualization
impacts compliance.
Best Practices for Surviving Regulatory
Compliance (VMworld 2007)
http://www.vmworld.com/vmworld/mylearn?classID=11450
A VMworld 2007 presentation (free
registration required) that covers PCI compliance and how it impacts VMware
Virtual Infrastructure.
Reducing the Scope of Your PCI Audit:
Innovative Network Segmentation Using Host Intrusion Defense
http://resources.thirdbrigade.com/pciaudit/
A presentation (free registration
required) from Third Brigade that covers how to segment your network to reduce
the scope of your PCI audits.
Staying PCI Compliant in Virtual and
Physical Environments
http://tripwire.com/register/_archived_webcast.cfm?file=Tripwire_PCI_Virtualization.flv
A webcast from Tripwire that covers the
challenges of virtualization for security and PCI compliance and best practices
for proving control in a virtualized environment.
Insights from an Auditor: Ensuring a
Successful PCI Audit
http://tripwire.com/register/_archived_webcast.cfm?file=Tripwire_Protiviti_PCI.flv
A webcast from Tripwire that talks about
common pitfalls of meeting PCI requirements and how to develop a strategy for
assessing your payment card environment.
Surviving Regulatory Compliance in the
Virtual Infrastructure
http://download3.vmware.com/vmworld/2006/adc9521.pdf
A VMworld 2006 presentation on compliance
rules for SOX, implications for VMware implementations and how to overcome
security and audit issues.
PCI Data Security Standard (PCI DSS)
https://www.pcisecuritystandards.org/security_standards/pci_dss_download.html
The official documentation of the PCI
standard. Contains the documentation of the latest PCI specification and a
summary of changes between versions of the specifications.
VMware
Compliance Center
http://www.vmware.com/technology/security/compliance/resources.html
VMware's compliance portal that contains
links to documents that are compliance related.
Related Links:
Complete 'Top 10' Collection, Top 10 things you must read about ESXi, Top 10 things you must read about VMware HA
Eric Siebert is a 25-year IT veteran with experience in programming,
networking, telecom and systems administration. He is a guru-status
moderator on the VMware community VMTN
forum and maintains VMware-land.com,
a VI3 information site.
|
