The Payment Card Industry Security Standards Council (PCI SSC) is expected to
release a new version of the PCI Data Security Standard (DSS) in October of
this year. In this new version, the PCI DSS will address virtualization and
cloud computing. This new guidance will be a huge win for virtualization
adoption, as well as the organizations that are subject to PCI and under
pressure to better manage costs.
The Council, founded by American Express, Discover Financial Services, JCB
International, MasterCard Worldwide, and Visa, developed the PCI DSS to
specify how to best protect payment card information. In other words, it
specifies how to best protect you and me from anyone who attempts to break
into systems to steal our valuable financial information.
The most recent PCI DSS, version 1.2, includes 12 requirements that describe
the necessary controls that must be in ... (more)
In IT terms, virtualization is cool. The rewards include cost savings,
agility, and flexibility. Enterprises reap the benefits of virtualization
through a much more efficient use of IT personnel and resources, faster
delivery time of applications, higher availability/service levels, and
additional capabilities such as high availability and disaster recovery. No
wonder data centers worldwide are being transformed by going virtual.
Now for the bad news: there are definitely serious drawbacks, especially
around compliance. If you think about virtualization, the hypervisor is now
I recently asked a CIO of a large Fortune 100 company how hard would it be
for a person to pull the plug on a backbone switch in his datacenter. His
answer was "Very difficult. We have lots of controls in place to ensure that
level of access is protected." I then probed further and asked what type of
controls he was referring to - card key access, locks on the racks, video
cameras? He nodded at each one. I pulled up the virtual infrastructure
management client on my computer and demonstrated how easy it is to power off
the distributed virtual switch that he was planning to run ac... (more)
Cloud Security Journal on Ulitzer
The company I work for, HyTrust, recently worked with Intel and VMware on a
very cool project.
Essentially, it was about demonstrating the ability to establish trust in the
cloud, and then enforce policy based on trust.
Trust is an important word in the world of security, and in cloud computing
it's an even bigger deal.
Cloud computing offers up the promise that an organizations will be able to
run any application from anywhere at any time. But in a multi-tenant
environment, a cloud application running in a virtual machine might be
Virtualization has brought us another step closer to the world of Star Trek.
Think back to episodes of The Next Generation where Geordi was able to
control the functions of the entire ship through a single touch-screen
interface. He was able to reconfigure electrical, mechanical and propulsion
systems without needing anyone else or additional authorization. The only
thing to prevent him from doing something risky or damaging was the computer
This picture is exciting in its similarities with virtualization. Here, the
hypervisor essentially becomes a datacenter in a... (more)