With Friday upon us, it’s the last part of virtualization and PCI. So as promise, I am going to dedicate this last post to giving a final round up on key things that you should hopefully start doing (or at least discussing internally) if you plan on moving down the path to compliance. I can’t promise it won’t be painful, but if you keep these things in mind from the beginning, it will be slightly less intrusive than it could be. Continue reading
Oooh, ahhh, that’s how it always starts. Then later there’s running and screaming.
Today I want to get back to the matter at hand, how to deal with PCI if you have a virtual environment. Because PCI DSS is one of the first glimpses Canadian organizations have into the need to secure their virtual environments, the learning curve for both auditors and IT teams is staggering. There is a lot of grey space at the moment where interpretation of the requirements can have a significant impact on the end result, and often it is a result of auditors walking into mixed environments where virtual and physical resources co-exist and they realize they are in over their heads. In fact, something that seems initially simple, such as the separation of trust zones, can actually be quite complex to not only understand, but to figure out how to comply with. But where to start? Continue reading
Bio-digital jazz, man
So it’s Tuesday, and keeping in our theme of “Compliance: things that keep me up at night”, I am happy to highlight a great company that sadly not a lot of people outside us die-hard virtualization security fans know about, Catbird Networks. When it comes to compliance, Catbird is a pretty good place to start, and makes it really quite easy to get an ongoing idea of where your environment stands as it relates to compliance requirements. This is important, because the earlier you can start to see how your environment is shaping up in meeting compliance requirements, the easier it is down the road to ensure that as new systems are deployed, they don’t negatively affect your compliance posture. Continue reading