Topic: Virtually Compliant- How Server Virtualization Impacts Data Security and PCI Compliance

Tuesday, March 18th at 12 pm ET  Click Here to Register

Please visit members of the PCI SVA at RSA 2008 held April 7-11th at the Moscone Center in San Francisco, CA.
 

 

Are virtualized servers PCI compliant?  It depends on who you ask.  According to PCI DSS 2.2.1, assessors are told to “verify that only one primary function is implemented per server.”  Another PCI requirement (1.3) could require you to have a firewall between 2 virtual server environments.  Some assessors take the position that server virtualization is not compliant, while others say virtualization of servers works like network segmentation, to reduce the scope of the PCI audit. 

But beyond these compliance issues, server virtualization has some significant implications for how existing security controls, such as IDS and IPS function, making them less effective.  As virtualization proliferates, companies must to a very thorough analysis of how it impacts the effectiveness of their existing controls, and develop a plan that will ensure virtualization has a positive, rather than a negative impact on security. This March 18th webinar will present both the positive and negative ways that virtualization can impact data security and compliance. Register Now!

The Presenters:

Kurt Roemer, CISSP- Chief Security Strategist, Citrix Systems

  • Virtualization Architectures from the Desktop to the Datacenter
  • Where and when to go virtual: IT, business and auditor perspectives
  • How PCI maps to virtual architectures

David Taylor, CISSP- President, PCI Alliance & Founder, PCI Knowledge Base

  • What your peers are saying about the impact of virtualization on security
  • Comparing PCI assessor perspectives on the compliance of virtual servers
  • Estimates of the impact of “secure virtualization” on virtual server deployment

Chris Farrow, CISSP, CISM, & GPCI- Director, Product Management, Fortisphere

  • Virtualization performance impact impedes use in cardholder data environment
  • Virtualization’s impact on PCI DSS remediation is still unclear
  • Limited effectiveness in meeting PCI DSS without re-instrumentation

Dave Devalk- EVP & GM Reflex Virtual, Reflex Security, Inc

  • Virtualization can bring down the cost of compliancy
  • When to replace existing security controls with ones optimized for virtual servers
  • How to handle the re-instrumentation of security controls
  • Bottom line recommendations on securing a virtual server environment
 
Copyright 2008. PCI SVA. All rights reserved.
Contact Us | Privacy Policy