Thursday, May 6, 2021

Can Virtualization Help (or Hurt) Compliance?

Virtualization is seen as a major cost saver, yet does it make compliance (generally seen as a major headache) still harder?

Can a virtualized environment be compatible with regulatory compliance? It’s question rarely raised, but one that’s important to address because non-compliance can be serious — not to mention costly.

In October last year the PCI Security Standards Council (PCI SSC) published the PCI Data Security Standard (PCI DSS) v2.0, and for the first time it was explicitly stated that you could use virtualization technologies and be PCI-DSS compliant. Before that it was up to the auditor to decide if server virtualization — or any other form of virtualization for that matter — was acceptable at all, and conservative ones could simply rule it out.

But saying you can use virtualization really opens a can of worms. A recent Ponemon Institute study found that PCI-DSS is widely regarded as a higher priority than all other regulations including HIPAA, the EU Privacy Directive, Sarbanes-Oxley and United States state laws for data breach, as well as the most difficult set of regulations to comply with. Given how hard it is to be in compliance with PCI-DSS at the best of times, what chance do organizations really have of getting auditors to sign them off as being compliant with a virtualized infrastructure?

The good news is that help is at hand in the form of 39 pages of PCI DSS Virtualization Guidelines, published earlier this month by the Virtualization Special Interest Group of the PCI SSC.

Read the rest about compliance and virtualization at ServerWatch.

Similar articles

Latest Articles

What is Raw Data?

By itself, raw data doesn’t look like much or mean much, but it has the potential to be processed for analysis.  Processed data comes from...

What is Data Analysis?

Everything measurable that has happened, is happening, and will happen in a business can be boiled down to data. But not all data is...

IBM Begins Cloud Confidentiality...

IBM has positioned its cloud offering against the unique security, compliance and confidentiality needs of specific vertical markets with a sharp focus on finance...

Top Big Data Certifications...

The term Big Data reflects a very real growing trend. By 2020, every human will be generating an astounding 1.7 MB per second. That...