Virtually Compliant - How Server Virtualization Impacts Data Security and PCI Compliance
Are virtualized servers PCI compliant? It depends on who you ask. According to PCI DSS 2.2.1, assessors are told to "verify that only one primary function is implemented per server." Another PCI requirement (1.3) could require you to have a firewall between 2 virtual server environments. Some assessors take the position that server virtualization is not compliant, while others say virtualization of servers works like network segmentation, to reduce the scope of the PCI audit.
But beyond these compliance issues, server virtualization has some significant implications for how existing security controls, such as IDS and IPS function, making them less effective. As virtualization proliferates, companies must to a very thorough analysis of how it impacts the effectiveness of their existing controls, and develop a plan that will ensure virtualization has a positive, rather than a negative impact on security. This March 18th webinar will present both the positive and negative ways that virtualization can impact data security and compliance.
Download