Posts Tagged ‘ PCI ’

Public Cloud Reality: Reinforced at CSA Summit

March 5, 2013
By
CloudComputing

I have written about the Public Cloud Reality and the need to bring your own security, monitoring, support. This was reinforced by Dave Asprey of Trend Micro at the last Cloud Security Alliance Summit held at this years RSA Conference. The gist of Dave Asprey's talk was that YOU are responsible for the security of…

Read more »

Software Defined Security: Is it Achievable?

August 8, 2012
By
VirtualizationSecurity

Cloud based security is about securing the data, yet compliance requirements are often about securing the environment, such as PCI's requirement for web application firewalls, which protect web servers and perhaps applications and imply protection of data. But they do not directly protect data. How can a Software Defined Data Center implement a form of…

Read more »

Offering Cloud Services: Why is it so Limited?

May 8, 2012
By
CloudComputing

There are many SaaS and Security SaaS cloud services out there, but they all lack one thing: full visibility. Why do these cloud offerings limit the ability to perform compliance auditing, forensics, and basic auditing against an organizations data retention, protection, and other necessary policies? Why not just grant the "right to audit", or better…

Read more »

Tenant and Multi-Tenant Security: It’s All About Scope

April 11, 2012
By
CloudComputing

While at InfoSec World 2012's summit on Cloud and Virtualization Security, the first talk was on Securing your data. The second was on penetration testing to ensure that data was secure. In essence it has always been about the data but there is a huge difference between what a tenant can do and what the…

Read more »

Virtualization and Cloud Security Projects to Watch

January 26, 2010
By

The future of Virtualization and Cloud Security is being worked on today and there are several projects worth watching. Early guidance from these projects will aid your current virtualization and cloud security policies, procedures, plans, and architectures. (A6, DMTF, CSA, PCI, FDIC, etc.)

Read more »

PCI discussed on the Virtualization Security Podcast

December 16, 2009
By

The last Virtualization Security Podcast covered PCI, Kurt Roemer and Jeff Elliot who were guests represented PCI.  PCI as you hopefully know is working on compliance guidance for payment systems running within virtual machines and the cloud. This early discussion is a plea for people to get involved in reviewing the currently developing white-paper. While…

Read more »

Regulatory Compliance, Slowly Catching up with Virtualization

October 6, 2009
By

As of this writing just a few of the regulatory compliance groups are working to encompass Virtualization. However, they are not close to anything publishable yet. What does this mean for companies that must enforce regulatory compliance? What does this mean to an auditor? The big question many are asking, is if the Compliance documents…

Read more »

Featured Solutions