With proper technology based solutions such as VMware vCloud Networking and Security and VMware vCenter Configuration Manager, achieving and demonstrating compliance on VMware vSphere based infrastructures is not only possible, but can often be easier than achieving the same on non virtualized environments. In general, all areas of virtualization security are important to compliance, but there are several common areas of concern that stand out from the pack.

1. How do we prevent unauthorized access to protected information in a virtualized environment?
2. How can we ensure that, despite the consolidation enabled by virtualization, separation of administrative duties is maintained?
3. How do we isolate systems that are processing protected information? Can we trust the logical separation between virtual machines provided by virtualization software?
4. How do we monitor access to protected data in a virtualized environment?
5. How do we control where the protected data is being physically processed?

Compliance Best Practices

VMware in conjunction with other industry experts has been instrumental in developing best practices for security and compliance in a virtualized world. These best practices address a range of issues including how to:

1. Address platform hardening
2. Extend configuration and change management principles to the virtual world
3. Provide effective administrative access control
4. Deliver network security and segmentation
5. Monitor logs from the virtual infrastructure alongside those of physical assets

Resources to Address Compliance

The Resources page provides access to a large number of whitepapers, webcasts, and customer examples for organizations seeking guidance on how to address security and compliance related concerns associated with the effective management of their virtualized infrastructure.