Virtualization Technology News and Information
HyTrust Furthers Leadership in PCI DSS Compliance for Virtualization and Cloud Infrastructure

As the leader in policy management and access control for virtualization and cloud infrastructure, HyTrust, Inc. today announced programs to further educate and advance industry awareness of issues involving the use of virtualized infrastructure in environments subject to PCI compliance.   

First, in order to help organizations understand the realities of the virtualized datacenter and the controls that need to be implemented to achieve PCI compliance, a webinar sponsored by HyTrust in collaboration with SANS Institute will be offered. It will be led by the co-leads of the PCI SSC virtualization special interest group (vSIG)--Kurt Roemer, Hemma Prafullchandra, Mark Weiner and Phil Cox. This is the group that subsequently developed and published the PCI DSS Virtualization Guidelines Information Supplement. Register here:

Second, security professionals and members of the QSA (Qualified Security Assessor) community are invited to attend a workshop on assessing virtualized PCI environments. The workshop will be held on August 28th, 2011 in Las Vegas and features an overview of the new guidelines and case studies that involve previously-audited environments. Register here:

In the past, organizations were reluctant to virtualize cardholder data environments (CDEs), however PCI DSS 2.0, which was released in late 2010, allows “System Components” to be physical or virtual. For enterprises looking to optimize the ROI of their IT organizations, this provides the ”green light” to virtualize mission-critical assets, including those subject to PCI compliance.

However, as with any other technology used for CDEs, organizations must exercise good judgment, apply best practices, and, where necessary, implement compensating controls. Specifically, for virtualization and cloud infrastructure, the PCI DSS requirements apply to all in-scope elements: hypervisors, virtualized components such machines, networks, routers and security appliances; and people that manage these elements and processes.

Prafullchandra noted, “Our 28-month effort has been fruitful, and the information supplement provides quality and detailed guidance on how to ensure PCI compliance in virtualized CDEs. The programs being offered today will provide valuable education on the compliance requirements, and give participating organizations confidence in virtualizing more critical applications while reaping the economic, competitive business and security benefits.”

For additional information on virtualization PCI compliance, you may download the whitepaper “5 Mistakes Auditing Virtual Environments (That You Don’t Want to Make)” here:

Published Thursday, July 21, 2011 5:13 PM by David Marshall
onlinetech - (Author's Link) - August 9, 2011 1:53 PM

For more on PCI and virtualization recommendations by the PCI security council, visit:

To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<July 2011>