Insiders Area

Suit Yourself

John Suit Fortisphere CTO John Suit's Blog

Read It

 

Sign up for Email

Attend the Virtualization Compliance Webinar

Join Fortisphere, Citrix Systems and Reflex Security for a PCI Security Vendor Alliance Webinar on Virtualization Security and Compliance.

Topic: Virtually Compliant – How Server Virtualization Impacts Data Security and PCI Compliance.

Date: Tuesday, March 18th

         12 to 1 pm ET

Registration: Click here

Description:

Are virtualized servers PCI compliant? It depends on who you ask. According to PCI DSS 2.2.1, assessors are told to “verify that only one primary function is implemented per server.” Another PCI requirement (1.3) could require you to have a firewall between 2 virtual server environments. Some assessors take the position that server virtualization is not compliant, while others say virtualization of servers works like network segmentation, to reduce the scope of the PCI audit.

But beyond these compliance issues, server virtualization has some significant implications for how existing security controls, such as IDS and IPS function, making them less effective. As virtualization proliferates, companies must to a very thorough analysis of how it impacts the effectiveness of their existing controls, and develop a plan that will ensure virtualization has a positive, rather than a negative impact on security. This March 18th webinar will present both the positive and negative ways that virtualization can impact data security and compliance. Register Now!

Presenters:

Chris Farrow, CISSP, CISM, & GPCI- Director, Product Management, Fortisphere

  • Virtualization performance impact impedes use in cardholder data environment
  • Virtualization’s impact on PCI DSS remediation is still unclear
  • Limited effectiveness in meeting PCI DSS without re-instrumentation

Kurt Roemer, CISSP- Chief Security Strategist, Citrix Systems

  • Virtualization Architectures from the Desktop to the Datacenter
  • Where and when to go virtual: IT, business and auditor perspectives
  • How PCI maps to virtual architectures

David Taylor, CISSP- President, PCI Alliance & Founder, PCI Knowledge Base

  • What your peers are saying about the impact of virtualization on security
  • Comparing PCI assessor perspectives on the compliance of virtual servers
  • Estimates of the impact of “secure virtualization” on virtual server deployment

Dave Devalk- EVP & GM Reflex Virtual, Reflex Security, Inc

  • Virtualization can bring down the cost of compliancy
  • When to replace existing security controls with ones optimized for virtual servers
  • How to handle the re-instrumentation of security controls
  • Bottom line recommendations on securing a virtual server environment