Regardless of the regulation, rule or standard, the process of compliance requires analyzing and managing IT risks on a continuous basis. This includes when new technology or software applications introduced into the environment. Virtualization is no different. The introduction of virtualization requires an organization to evaluate how changes to IT will affect their risk posture and then to mitigate these risks by ensuring that virtualization technologies are deployed and used securely. In addition, virtualization offers the opportunity to insert controls at the virtualization layer allowing organizations to achieve better security than was possible before the introduction of virtualization.
Payment Card Industry Data Security Standard (PCI DSS) Compliance and VMware
This paper provides guidance to IT Auditors, QSAs, CIOs, System Administrators, Developers, and IT Auditors who are looking at virtualizing their Cardholder Data Environment (CDE).
IT Audit for the Virtual Environment
The purpose of this white paper from the SANS Analyst Program is to help IT managers and auditors come together and understand the virtualization process and the new risk and audit areas this technology presents. It also offers guidance on developing audit review processes that can be applied to virtualization, including how to use virtualization to enhance audit process. The paper focuses on PCI DSS audit in a VMware environment.
Security Compliance in a Virtual World
This RSA Security Brief offers executives and technology practitioners some practical guidance for establishing a solid foundation to mitigate risk and address compliance with various regulations, industry standards and internal policies in the context of virtual infrastructures. Authors of the RSA Security Brief include many of the industry’s foremost security and virtualization experts from EMC and VMware, including Bret Hartman, Chief Technology Officer for EMC’s RSA security division, Dr. Stephen Herrod, Chief Technology Officer and Senior Vice President of R&D for VMware and other senior EMC technologists.
Achieving Compliance in a Virtualized Environment
The goal of this paper is to present unique considerations that virtualization presents to regulatory and standards compliance, and then prescriptively describe how to mitigate those risks.