CloudControl Support for PCI DSS 3.0

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "CloudControl Support for PCI DSS 3.0"

Transcription

1 HyTrust CloudControl Support for PCI DSS 3.0 Summary In PCI DSS 3.0, hypervisors and virtual networking components are always in-scope for audit; Native auditing capabilities from the core virtualization vendors are not sufficient to meet PCI DSS requirements HyTrust CloudControlTM supports the broadest range of PCI DSS hypervisor controls for administrator activity and con guration management: -- Twenty-eight requirements for vsphere hypervisors in PCI DSS Sections 2, 6,7, 8 and Eight PCI Council virtualization guidelines and best practices CloudControl is also essential for mixed mode environments that combine PCI and non-pci servers on the same virtual infrastructure CloudControl lowers the cost of PCI compliance with rich, segmented logging and sample size reduction Background: PCI DSS and virtualization The virtualization of PCI in-scope applications is now becoming a broadly accepted deployment model. The earliest versions of the PCI Data Security Standard (DSS) did not address virtualization specifically, leading to differing interpretations and general confusion as to what was permitted under the standard. Recognizing this, the PCI Council launched an initiative to clarify the use of technologies such as VMware vsphere (formerly ESXi ). This resulted in the publishing of the Virtualization Guidelines document in 2011, and new requirements for virtual infrastructure in PCI DSS Versions 2.0 and 3.0. While these documents do not resolve all ambiguity, they do clarify the most important questions, and provide fairly clear guidance for assessors as to how to audit these environments. PCI DSS places and hypervisor in-scope One of the most important additions to the PCI DSS standard in Version 2 was the mandatory inclusion of virtual infrastructure as in-scope for PCI audit. It is worth citing the exact text in the current 3.0 standard, as years of ambiguity and debate were eliminated in just a few sentences: The PCI DSS security requirements apply to all system components included in or connected to the cardholder data environment. Examples of system components include but are not limited to the following: Virtualization components such as virtual machines, virtual switches/routers, virtual appliances, virtual applications/desktops, and hypervisors. 1 This definition of scope simply means that all DSS Requirements (controls) apply to virtual infrastructure, just as they apply to physical infrastructure supporting the Cardholder Data Environment (CDE). Therefore, vsphere hosts, VMware and Cisco virtual switches, and virtual firewalls all fall under PCI DSS if they host or transmit cardholder data. HyTrust CloudControl PCI DSS controls support HyTrust CloudControl was designed to be the most complete solution available for administrator and configuration controls on VMware vsphere and vcenter infrastructure. PCI DSS mandates controls in many areas, but two of the most important are administrator activity and infrastructure configuration, and these are the two areas CloudControl delivers unmatched capabilities. Specifically, CloudControl supports 28 controls in the following PCI DSS sections 1 PCI DSS 3.0, Scope of PCI DSS Requirements, Page 10

2 Section 2: Vendor Defaults Section 6: Secure Systems Section 7: Restrict Access to Cardholder Data Section 8: Identify and Authenticate Access Section 10: Track and Monitor All Access In addition, CloudControl supports a further six recommendations in the Virtualization Guidelines document, as well as one Best Practice recommendation and one Sampling example. Details of all 36 controls can be found in the appendices. It is not possible to meet all of these requirements with VMware vsphere and vcenter alone. HyTrust is the only vendor that can implement the broad hypervisor controls required by the PCI Data Security Standard. PC Control Area Configuration hardening Authentication controls including password management and two-factor Least privilege role-based access contols Reporting and auditing of administration activity Separation of duties (vnetwork/host; dev/test/prod) Mixed mode administrative segmentation Sampling reduction - Centralized operational processes and controls HyTrust CloudControl Lowering the cost of PCI compliance While passing a PCI audit is clearly the primary objective, close behind is the desire to meet the PCI requirements as easily and efficiently as possible. HyTrust CloudControl was designed to support this objective as well as the actual PCI requirements, freeing up valuable resources for other risk management activities. CloudControl supporting features include: Complete log entries - CloudControl log entries contain all required elements for efficient report creation and indexing, drastically reducing the time required for producing periodic or on-demand reports. Segmentation and reduction of scope - CloudControl can limit the manual movement of in-scope virtual servers to only the intended vsphere hosts, eliminating other hosts from the CDE and hence reducing the number of systems that must be audited. It also assists with the segmentation of the CDE with both vcenter administration controls and configuration hard- ening to lock down non-network communication paths. CDE segmented logging - CloudControl can support logging segmented for the CDE only, eliminating having to parse and dispose of log data irrelevant to the CDE. For example, if only a subset of the vsphere hosts or administrators in a vcenter domain

3 Unlike separate physical systems, network-based segmentation alone cannot isolate in-scope from outof-scope components in a virtual environment. PCI Council - Virtualization Guidelines If there are standardized, centralized PCI DSS security and operational processes and controls in place that ensure consistency and that each business facility/system component must follow, the sample [of in-scope components] can be smaller than if there are no standard processes/controls in place. PCI DSS 3.0, Page 15 In a mixed-mode configuration, the hypervisor plays a critical role in enforcing process isolation between the in-scope and out-of-scope systems. PCI Council - Virtualization Guidelines are used for PCI, CloudControl can provide logging for only those in-scope assets or people. Not only does this reduce the effort of implementing the PCI controls, it reduces the load (and therefore cost) of the logging and reporting system. Sample size reduction via centralized and standardized procedures - PCI DSS 3.0 notes that assessors can reduce the sample size of their audit if centralized and standardized procedures are in place. As CloudControl centralizes vsphere configuration and imposes standard procedures for administration, the organization can reasonably request a more limited sample size, significantly reducing the cost of the audit. Mixed mode More aggressive organizations are considering combining PCI and non-pci virtual servers on a single hypervisor, in order to use hardware as efficiently as possible. This deployment model, known as Mixed Mode is not prohibited by the PCI DSS. However, the Virtualization Guidelines make it clear that this model will be held to an even higher standard during an assessment, because of the risk of attacks being launched from the non-pci workloads. It also puts more pressure on the proper administration of the hypervisor to ensure that strong segmentation of the PCI CDE is maintained. And finally, this mode has the potential to drive up the costs of compliance, because logging of the PCI and non-pci workloads and administration may become co-mingled. HyTrust CloudControl fully supports mixed-mode PCI deployments, and in fact it will be difficult to pass a PCI audit without implementing the controls CloudControl provides. Broadly speaking, CloudControl supports these four mixed-mode controls and functions for both administrative and logical segmentation: Enforced workload (VM) placement - Ensures both PCI and non-pci VMs are placed only on authorized servers Configuration hardening - Eliminates possible segmentation violations via hypervisor mis- configuration Administrator role separation - Allows different people to operate the non-pci workloads, moving their activities out of scope Independent logging of PCI workloads - Minimizes cost and effort of compliance controls and reporting Summary PCI DSS 3.0 identifies the critical role of virtual infrastructure in protecting cardholder data. While no single product or solution can meet all the PCI requirement on all in-scope components, HyTrust CloudControl offers a deeper level of support for administrator and configuration audit controls on virtual infrastructure than any other solution. It also is designed to help reduce the scope of the audit, segment the CDE, and implement the controls as efficiently as possible. It should therefore be considered for all VMware environments supporting critical applications and data, including those subject to PCI DSS audit. HyTrust - Cloud Under Control W. El Camino Real, Suite 203 Mountain View, CA 94040, USA Phone: International: HyTrust, Inc. All rights reserved. HyTrust, and the HyTrust logo are trademarks and/or registered trademarks of HyTrust, Inc., and/or its subsidiaries in the United States and/or other countries. All other trademarks are properties of their respective owners.

4 Appendix 1 Appendix 1: Hytrust CloudControl - PCI control support details HyTrust CloudControl supports all of the following PCI DSS 3.0 requirements for VMware vsphere hypervisors, as well as a subset of controls for Cisco NX-OS physical and virtual network infrastructure. PCI DSS Requirement Section Requirements 2: Vendor defaults 6: Secure systems 6.4.1, : Restrict access to cardholder data 8: Identify and authenticate access 10: Track and monitor all access 2.1, 2.2, 2.2.1, 2.2.4, 2.2.5, 2.4, 2.5, , 7.1.1, 7.1.2, 7.1.3, 7.2, 7.2.1, 7.2.2, , 8.2, 8.3, , , , , 10.3, 10.6 Multiple controls including configuration hardening (default elimination and service removal), password vaulting, tag-based placement policies for CDE isolation, server and virtual network admin separation of duties, inventory report Administration separation of duties for CDE/Non-CDE; Dev&Test/ Production. Two-person rule for adding assets to CDE. Label-based Access Control authorizations based on need-to- know, with default deny (no rights); authorizations based on admin role, activity function, and target asset Multiple controls including two- factor for all admin access; root password vaulting with temporary check-out support; enforcing complex passwords; five-day password rotation Multiple logging controls including all admin activities for inscope systems; failed logins include origination; changes to authentication; creation/ deletion of system level objects. All 10.3 log entry requirements met, plus additional entries for faster event reconciliation. Secured audit trail. Log review scope reduction: limit the volume of logs that need to be reviewed by enforcing least privilege and need to know to decrease overall log entry volume.

5 Appendix 2 Appendix 2: Hytrust CloudControl - PCI best practices and guidelines HyTrust CloudControl supports the following PCI DSS 3.0 best practices, and the guidelines published by the Council in the Virtualization Guidelines document. These are in addition to the core PCI DSS requirements (See Appendix 1). PCI DSS Guidance Section Best practices/bau (DSS page 13) Sampling (DSS page 15) Example 3 - Review environment changes prior to execution. If there are standardized, centralized PCI DSS security and operational processes and controls in place that ensure consistency and that each business facility/system component must follow, the sample can be smaller than if there are no standard processes/ controls in place. Two-person rules for sensitive changes to in-scope assets. By standardizing and centralizing consistent controls on HyTrust, the auditor can reduce the sample size for the audit. Virtualization Guidelines - Section Guidelines 4,1: General 4.1.6, 4.1.8, , : Mixed Mode Environments 4.4: Guidance for Assessing Risks in Virtual Environments Multiple controls including 2-factor authentication; role-based control by function and by asset (separation of admin duties); twoperson authorizations; logs sent off-server. Hypervisor configuration hardening. Virtual networking controls (vswitch or NS-OS). Enables log monitoring for breach in the integrity of segmentation, security controls, or communication channels between workloads. Two-factor authentication, asset- based authorization to maintain isolation between CDE and non-cde components at the hypervisor level. Detailed logging of all hypervisor administration activity. Hypervisor configuration hardening (to eliminate possible technical breakdown of CDE isolation). Role based authorization (to meet defined roles and permissions requirement)

Preparing an RFI for. This RFI has been updated to reflect the new requirements in Version 3.0 of the PCI DSS, which took effect January 2015.

Preparing an RFI for. This RFI has been updated to reflect the new requirements in Version 3.0 of the PCI DSS, which took effect January 2015. Preparing an RFI for Protecting cardholder data is a critical and mandatory requirement for all organizations that process, store or transmit information on credit or debit cards. Requirements and guidelines

More information

Can You be HIPAA/HITECH Compliant in the Cloud?

Can You be HIPAA/HITECH Compliant in the Cloud? Can You be HIPAA/HITECH Compliant in the Cloud? Background For the first 10 years of its existence, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was a toothless tiger. Although

More information

How to Achieve Operational Assurance in Your Private Cloud

How to Achieve Operational Assurance in Your Private Cloud How to Achieve Operational Assurance in Your Private Cloud As enterprises implement private cloud and next-generation data centers to achieve cost efficiencies and support business agility, operational

More information

H Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments

H Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments H Y T RUST: S OLUTION B RIEF Solve the Nosy Neighbor Problem in Multi-Tenant Environments Summary A private cloud with multiple tenants such as business units of an enterprise or customers of a cloud service

More information

Passing Compliance Audit: Virtualize PCI-compliant Workloads with the Help of HyTrust and Trend Micro Deep Security

Passing Compliance Audit: Virtualize PCI-compliant Workloads with the Help of HyTrust and Trend Micro Deep Security WHITE PAPER August 2011 Passing Compliance Audit: Virtualize PCI-compliant Workloads with the Help of HyTrust and Trend Micro Deep Security HYTRUST AND TREND MICRO DEEP SECURITY TOC Contents Virtualization

More information

Drawbacks to Traditional Approaches When Securing Cloud Environments

Drawbacks to Traditional Approaches When Securing Cloud Environments WHITE PAPER Drawbacks to Traditional Approaches When Securing Cloud Environments Drawbacks to Traditional Approaches When Securing Cloud Environments Exec Summary Exec Summary Securing the VMware vsphere

More information

HyTrust Logging Solution Brief: Gain Virtualization Compliance by Filling Log Data Gaps

HyTrust Logging Solution Brief: Gain Virtualization Compliance by Filling Log Data Gaps WHITE PAPER HyTrust Logging Solution Brief: Gain Virtualization Compliance by Filling Log Data Gaps Summary Summary Compliance with PCI, HIPAA, FISMA, EU, and other regulations is as critical in virtualized

More information

Case 2:13-cv-01887-ES-JAD Document 282-2 Filed 12/09/15 Page 1 of 116 PageID: 4879. Appendix A

Case 2:13-cv-01887-ES-JAD Document 282-2 Filed 12/09/15 Page 1 of 116 PageID: 4879. Appendix A Case 2:13-cv-01887-ES-JAD Document 282-2 Filed 12/09/15 Page 1 of 116 PageID: 4879 Appendix A Case 2:13-cv-01887-ES-JAD Document 282-2 Filed 12/09/15 Page 2 of 116 PageID: 4880 Payment Card Industry (PCI)

More information

VMware Solution Guide for. Payment Card Industry (PCI) September 2012. v1.3

VMware Solution Guide for. Payment Card Industry (PCI) September 2012. v1.3 VMware Solution Guide for Payment Card Industry (PCI) September 2012 v1.3 VALIDATION DO CU MENT Table of Contents INTRODUCTION... 3 OVERVIEW OF PCI AS IT APPLIES TO CLOUD/VIRTUAL ENVIRONMENTS... 5 GUIDANCE

More information

QTS Leverages HyTrust to Build a FedRAMP Compliant Cloud

QTS Leverages HyTrust to Build a FedRAMP Compliant Cloud CASE STUD QTS Leverages HyTrust to Build a FedRAMP Compliant Cloud The technology and expertise provided by HyTrust dramatically simplified the process of preparing for our FedRAMP certification. HyTrust

More information

The Top 8 Questions to ask about Virtualization in a PCI Environment

The Top 8 Questions to ask about Virtualization in a PCI Environment A COALFIRE WHITE PAPER The Top 8 Questions to ask about Virtualization in a PCI Environment DALLAS DENVER LOS ANGELES NEW YORK SEATTLE 877.224.8077 info@coalfire.com www.coalfire.com This paper provides

More information

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility

More information

VCE Addendum to VMware Solution Guide for Payment Card Industry Data Security Standard

VCE Addendum to VMware Solution Guide for Payment Card Industry Data Security Standard March 2013 Solution Guide for Payment Card Industry (PCI) Partner Addendum VCE Addendum to VMware Solution Guide for Payment Card Industry Data Security Standard VCE Vblock Systems The findings and recommendations

More information

ARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE

ARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE ARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE AGENDA PCI DSS Basics Case Studies of PCI DSS Failure! Common Problems with PCI DSS Compliance

More information

Protect Root Abuse privilege on Hypervisor (Cloud Security)

Protect Root Abuse privilege on Hypervisor (Cloud Security) Protect Root Abuse privilege on Hypervisor (Cloud Security) Nantharat Puwarang, CISSP Senior Technical Consultant Protect Software Defined Data Center 1 The Road to Software Defined Data Centers: Virtualization

More information

Learn the essentials of virtualization security

Learn the essentials of virtualization security Learn the essentials of virtualization security White Paper Table of Contents 3 Introduction 4 Hypervisor connectivity and risks 4 Multi-tenancy risks 5 Management and operational network risks 5 Storage

More information

Closing the cloud and virtualization gap

Closing the cloud and virtualization gap Closing the cloud and virtualization gap Use cases for workload security White Paper Table of Contents 3 Introduction Encouraging cross-functional collaboration Prepare for the worst 4 Operational risk

More information

PCI DSS Virtualization Guidelines. Information Supplement: PCI Data Security Standard (PCI DSS) Version: 2.0 Date: June 2011

PCI DSS Virtualization Guidelines. Information Supplement: PCI Data Security Standard (PCI DSS) Version: 2.0 Date: June 2011 Standard: Version: 2.0 Date: June 2011 Author: PCI Data Security Standard (PCI DSS) Virtualization Special Interest Group PCI Security Standards Council Information Supplement: PCI DSS Virtualization Guidelines

More information

Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite. www.lepide.com/2020-suite/

Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite. www.lepide.com/2020-suite/ Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite 7. Restrict access to cardholder data by business need to know PCI Article (PCI DSS 3) Report Mapping How we help 7.1 Limit access to system

More information

Network Access Control in Virtual Environments. Technical Note

Network Access Control in Virtual Environments. Technical Note Contents Security Considerations in.... 3 Addressing Virtualization Security Challenges using NAC and Endpoint Compliance... 3 Visibility and Profiling of VMs.... 4 Identification of Rogue or Unapproved

More information

Hardening and Hacking vsphere and Private Cloud Everything you need to know about vsphere Security

Hardening and Hacking vsphere and Private Cloud Everything you need to know about vsphere Security Hardening and Hacking vsphere and Private Cloud Everything you need to know about vsphere Security Course Length: 5 days Course Delivery: Traditional Classroom Online Live Course Overview We are well aware

More information

PCI DSS Compliance: The Importance of Privileged Management. Marco Zhang marco_zhang@dell.com

PCI DSS Compliance: The Importance of Privileged Management. Marco Zhang marco_zhang@dell.com PCI DSS Compliance: The Importance of Privileged Management Marco Zhang marco_zhang@dell.com What is a privileged account? 2 Lots of privileged accounts Network Devices Databases Servers Mainframes Applications

More information

Cloud Under Control: How to Virtualize More by Virtualizing More Securely

Cloud Under Control: How to Virtualize More by Virtualizing More Securely H Y T RUST: WHITE PAPER Cloud Under Control: How to Virtualize More by Virtualizing More Securely Executive Overview Enterprises have reached an inflection point. The value of datacenter virtualization

More information

Mitigating Information Security Risks of Virtualization Technologies

Mitigating Information Security Risks of Virtualization Technologies Mitigating Information Security Risks of Virtualization Technologies Toon-Chwee, Wee VMWare (Hong Kong) 2009 VMware Inc. All rights reserved Agenda Virtualization Overview Key Components of Secure Virtualization

More information

Thoughts on PCI DSS 3.0. September, 2014

Thoughts on PCI DSS 3.0. September, 2014 Thoughts on PCI DSS 3.0 September, 2014 Speaker Today Jeff Sanchez is a Managing Director in Protiviti s Los Angeles office. He joined Protiviti in 2002 after spending 10 years with Arthur Andersen s Technology

More information

LogLogic. Application Security Use Case: PCI Compliance. Jaime D Anna Sr Dir of Product Strategy, TIBCO Software

LogLogic. Application Security Use Case: PCI Compliance. Jaime D Anna Sr Dir of Product Strategy, TIBCO Software Application Security Use Case: PCI Compliance Jaime D Anna Sr Dir of Product Strategy, TIBCO Software AGENDA PCI Overview App Security in Context Essential Steps to Compliance Q & A PCI Overview What is

More information

S24 Virtualiza.on Security from the Auditor Perspec.ve

S24 Virtualiza.on Security from the Auditor Perspec.ve S24 Virtualiza.on Security from the Auditor Perspec.ve Rob Clyde, CEO, Adap.ve Compu.ng; former CTO, Symantec David Lu, Senior Product Manager, Trend Micro Hemma Prafullchandra, CTO/SVP Products, HyTrust

More information

What s New in PCI DSS 2.0. 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1

What s New in PCI DSS 2.0. 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1 What s New in PCI DSS 2.0 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1 Agenda PCI Overview PCI 2.0 Changes PCI Advanced Technology Update PCI Solutions 2010 Cisco and/or

More information

Secret Server Qualys Integration Guide

Secret Server Qualys Integration Guide Secret Server Qualys Integration Guide Table of Contents Secret Server and Qualys Cloud Platform... 2 Authenticated vs. Unauthenticated Scanning... 2 What are the Advantages?... 2 Integrating Secret Server

More information

PCI Compliance in a Virtualized World

PCI Compliance in a Virtualized World PCI Compliance in a Virtualized World Security Technology Infrastructure Security Integration 24x7 Support MSS Training Information Assurance Staff Augmentation Presenters John Clark QSA, PMP, CISA, CISSP

More information

Making Data Security The Foundation Of Your Virtualization Infrastructure

Making Data Security The Foundation Of Your Virtualization Infrastructure Making Data Security The Foundation Of Your Virtualization Infrastructure by Dave Shackleford hytrust.com Cloud Under Control P: P: 650.681.8100 Securing data has never been an easy task. Its challenges

More information

PCI DSS Compliance for Cloud-Based Contact Centers Mitigating Liability through the Standardization of Processes for cloud-based contact centers.

PCI DSS Compliance for Cloud-Based Contact Centers Mitigating Liability through the Standardization of Processes for cloud-based contact centers. PCI DSS Compliance for Cloud-Based Contact Centers Mitigating Liability through the Standardization of Processes for cloud-based contact centers. White Paper January 2013 1 INTRODUCTION The PCI SSC (Payment

More information

HyTrust Appliance Administration Guide

HyTrust Appliance Administration Guide HyTrust Appliance Administration Guide Version 3.0.2 October, 2012 HyTrust Appliance Administration Guide Copyright 2009-2012 HyTrust Inc. All Rights Reserved. HyTrust, Virtualization Under Control and

More information

Top 10 PCI Concerns. Jeff Tucker Sr. Security Consultant, Foundstone Professional Services

Top 10 PCI Concerns. Jeff Tucker Sr. Security Consultant, Foundstone Professional Services Top 10 PCI Concerns Jeff Tucker Sr. Security Consultant, Foundstone Professional Services About Jeff Tucker QSA since Spring of 2007, Lead for the Foundstone s PCI Services Security consulting and project

More information

PCI DSS Best Practices with Snare Enterprise Agents PCI DSS Best Practices with Snare Enterprise Agents

PCI DSS Best Practices with Snare Enterprise Agents PCI DSS Best Practices with Snare Enterprise Agents PCI DSS Best Practices with Snare Enterprise InterSect Alliance International Pty Ltd Page 1 of 9 About this document The PCI/DSS documentation provides guidance on a set of baseline security measures

More information

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary VISIBILITY DATA GOVERNANCE SYSTEM OS PARTITION UNIFIED MANAGEMENT CENTRAL AUDIT POINT ACCESS MONITORING ENCRYPTION STORAGE VOLUME POLICY ENFORCEMENT ProtectV SECURITY SNAPSHOT (backup) DATA PROTECTION

More information

Network Segmentation in Virtualized Environments B E S T P R A C T I C E S

Network Segmentation in Virtualized Environments B E S T P R A C T I C E S Network Segmentation in Virtualized Environments B E S T P R A C T I C E S ware BEST PRAC TICES Table of Contents Introduction... 3 Three Typical Virtualized Trust Zone Configurations... 4 Partially Collapsed

More information

how can I virtualize my mission-critical servers while maintaining or improving security?

how can I virtualize my mission-critical servers while maintaining or improving security? SOLUTION BRIEF Securing Virtual Environments how can I virtualize my mission-critical servers while maintaining or improving security? agility made possible CA ControlMinder for Virtual Environments provides

More information

Virtualization Case Study

Virtualization Case Study INDUSTRY Finance COMPANY PROFILE Major Financial Institution. BUSINESS SITUATION Internal security audits found that VMware ESX, Red Hat Linux, and Solaris systems lacked an efficient way to control access

More information

Windows Least Privilege Management and Beyond

Windows Least Privilege Management and Beyond CENTRIFY WHITE PAPER Windows Least Privilege Management and Beyond Abstract Devising an enterprise-wide privilege access scheme for Windows systems is complex (for example, each Window system object has

More information

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking

More information

CONTENTS. PCI DSS Compliance Guide

CONTENTS. PCI DSS Compliance Guide CONTENTS PCI DSS COMPLIANCE FOR YOUR WEBSITE BUILD AND MAINTAIN A SECURE NETWORK AND SYSTEMS Requirement 1: Install and maintain a firewall configuration to protect cardholder data Requirement 2: Do not

More information

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP SOLUTION BRIEF PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP The benefits of cloud computing are clear and compelling: no upfront investment, low ongoing costs, flexible capacity and fast application

More information

Open PCI DSS Scoping Toolkit. Open Scoping Framework Group

Open PCI DSS Scoping Toolkit. Open Scoping Framework Group Open PCI DSS Scoping Toolkit Open Scoping Framework Group August 24, 2012 Open PCI DSS Scoping Toolkit 1 Executive Summary... 4 2 Problem Statement... 7 3 Introduction to the PCI Technology Scoping Toolkit...

More information

HP Virtualization Performance Viewer

HP Virtualization Performance Viewer HP Virtualization Performance Viewer Efficiently detect and troubleshoot performance issues in virtualized environments Jean-François Muller - Principal Technical Consultant - jeff.muller@hp.com HP Business

More information

Using Emergency Restore to recover the vcenter Server has the following benefits as compared to the above methods:

Using Emergency Restore to recover the vcenter Server has the following benefits as compared to the above methods: Executive Summary This document provides certain best practices with regards to the Emergency Restore feature in vsphere Data Protection 5.5 release. It also describes the methods and processes to be used

More information

A Practical Guide to HIPAA-Compliant Virtualization

A Practical Guide to HIPAA-Compliant Virtualization WHITE PAPER A Practical Guide to HIPAA-Compliant Virtualization Virtualization in PCI DSS 2.0 Summary Healthcare enterprises have achieved major cost savings, operational benefits, and great ROI from virtualizing

More information

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption THE DATA PROTECTIO TIO N COMPANY Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption whitepaper Executive Summary Long an important security measure, encryption has

More information

Realities of Private Cloud Security

Realities of Private Cloud Security SESSION ID: CSV-F03 Realities of Private Cloud Security Scott Carlson PayPal @relaxed137 PayPal Cloud & Software Defined Data Center VIRTUAL Cloud Design Principals, traditional Data Center Deploy from

More information

With Great Power comes Great Responsibility: Managing Privileged Users

With Great Power comes Great Responsibility: Managing Privileged Users With Great Power comes Great Responsibility: Managing Privileged Users Darren Harmer Senior Systems Engineer Agenda What is a Privileged User Privileged User Why is it important? Security Intelligence

More information

CA ControlMinder for Virtual Environments May 2012

CA ControlMinder for Virtual Environments May 2012 FREQUENTLY ASKED QUESTIONS May 2012 Top Ten Questions 1. What is?... 2 2. What are the key benefits of?... 2 3. What are the key capabilities of?... 2 4. Does this release include anything from the recently

More information

Install Guide for JunosV Wireless LAN Controller

Install Guide for JunosV Wireless LAN Controller The next-generation Juniper Networks JunosV Wireless LAN Controller is a virtual controller using a cloud-based architecture with physical access points. The current functionality of a physical controller

More information

Data Center Manager (DCM)

Data Center Manager (DCM) DATA SHEET Data Center Manager (DCM) Unified Virtual/Physical Data Center Fabric Management Benefits LOWER OPERATIONAL COSTS High degree of automation within physical and virtual environments to streamline

More information

Data Center Connector for vsphere 3.0.0

Data Center Connector for vsphere 3.0.0 Product Guide Data Center Connector for vsphere 3.0.0 For use with epolicy Orchestrator 4.6.0, 5.0.0 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

Leveraging Microsoft Privileged Identity Management Features for Compliance with ISO 27001, PCI, and FedRAMP

Leveraging Microsoft Privileged Identity Management Features for Compliance with ISO 27001, PCI, and FedRAMP P a g e 1 Leveraging Microsoft Privileged Identity Management Features for Compliance with ISO 27001, PCI, and FedRAMP December 24, 2015 Coalfire Systems, Inc. www.coalfire.com 206-352- 6028 w w w. c o

More information

PCI-Compliant Cloud R eference Architecture. Introduction

PCI-Compliant Cloud R eference Architecture. Introduction PCI-Compliant Cloud R eference Architecture Cisco, VMware, HyTrust, Trend Micro, Savvis and Coalfire have collaborated to construct a cloud reference architecture that addresses some of the unique challenges

More information

Automating Cloud Security Control and Compliance Enforcement for PCI DSS 3.0

Automating Cloud Security Control and Compliance Enforcement for PCI DSS 3.0 WHITE PAPER Automating Cloud Security Control and Compliance Enforcement for 3.0 How Enables Security and Compliance with the PCI Data Security Standard in a Private Cloud EXECUTIVE SUMMARY All merchants,

More information

David.Balka@chi.frb.org 2009 STREAM FRBC

David.Balka@chi.frb.org 2009 STREAM FRBC Virtualization ti Dave Balka David.Balka@chi.frb.org Examination Elements Architecture Management Processes Integrity Availability Security 2 Datacenter Consolidation 3 What is Virtualization A framework

More information

Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV. Nadav Elkabets Presale Consultant

Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV. Nadav Elkabets Presale Consultant Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV Nadav Elkabets Presale Consultant Protecting Your Data Encrypt Your Data 1 ProtectFile StorageSecure ProtectDB ProtectV Databases File

More information

INFORMATION TECHNOLOGY FLASH REPORT

INFORMATION TECHNOLOGY FLASH REPORT INFORMATION TECHNOLOGY FLASH REPORT Understanding PCI DSS Version 3.0 Key Changes and New Requirements November 8, 2013 On November 7, 2013, the PCI Security Standards Council (PCI SSC) announced the release

More information

A Look at the New Converged Data Center

A Look at the New Converged Data Center Organizations around the world are choosing to move from traditional physical data centers to virtual infrastructure, affecting every layer in the data center stack. This change will not only yield a scalable

More information

PCI DSS 3.1 and the Impact on Wi-Fi Security

PCI DSS 3.1 and the Impact on Wi-Fi Security PCI DSS 3.1 and the Impact on Wi-Fi Security 339 N. Bernardo Avenue, Suite 200, Mountain View, CA 94043 www.airtightnetworks.com 2015 AirTight Networks, Inc. All rights reserved. Table of Contents PCI

More information

VMware vcloud Air Security TECHNICAL WHITE PAPER

VMware vcloud Air Security TECHNICAL WHITE PAPER TECHNICAL WHITE PAPER The Shared Security Model for vcloud Air The end-to-end security of VMware vcloud Air (the Service ) is shared between VMware and the customer. VMware provides security for the aspects

More information

Learn the Essentials of Virtualization Security

Learn the Essentials of Virtualization Security Learn the Essentials of Virtualization Security by Dave Shackleford by Dave Shackleford This paper is the first in a series about the essential security issues arising from virtualization and the adoption

More information

WHITE PAPER May 2012. How Can Identity and Access Management Help Me with PCI Compliance?

WHITE PAPER May 2012. How Can Identity and Access Management Help Me with PCI Compliance? WHITE PAPER May 2012 How Can Identity and Access Management Help Me with PCI Compliance? Table of Contents Executive Summary 3 SECTION 1: Challenge 4 Protection of confidential cardholder information SECTION

More information

Secure Multi Tenancy In the Cloud. Boris Strongin VP Engineering and Co-founder, Hytrust Inc. bstrongin@hytrust.com

Secure Multi Tenancy In the Cloud. Boris Strongin VP Engineering and Co-founder, Hytrust Inc. bstrongin@hytrust.com Secure Multi Tenancy In the Cloud Boris Strongin VP Engineering and Co-founder, Hytrust Inc. bstrongin@hytrust.com At-a-Glance Trends Do MORE with LESS Increased Insider Threat Increasing IT spend on cloud

More information

RealPresence Platform Director

RealPresence Platform Director RealPresence CloudAXIS Suite Administrators Guide Software 1.3.1 GETTING STARTED GUIDE Software 2.0 June 2015 3725-66012-001B RealPresence Platform Director Polycom, Inc. 1 RealPresence Platform Director

More information

Virtual Compliance In The VMware Automated Data Center

Virtual Compliance In The VMware Automated Data Center Virtual Compliance In The VMware Automated Data Center July 2011 LogLogic, Inc Worldwide Headquarters 110 Rose Orchard Way, Ste. 200 San Jose, CA 95134 United States US Toll Free: 888 347 3883 Tel: +1

More information

Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance

Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance March 29, 2012 1:00 p.m. ET If you experience any technical difficulties, please contact 888.228.0988 or support@learnlive.com

More information

Effective End-to-End Cloud Security

Effective End-to-End Cloud Security Effective End-to-End Cloud Security Securing Your Journey to the Cloud Trend Micro SecureCloud A Trend Micro & VMware White Paper August 2011 I. EXECUTIVE SUMMARY This is the first paper of a series of

More information

The Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements:

The Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements: Compliance Brief The Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements: Using Server Isolation and Encryption as a Regulatory Compliance Solution and IT Best Practice Introduction

More information

How to Use vsphere to Connect to and Manage an ESXi Hypervisor Installation

How to Use vsphere to Connect to and Manage an ESXi Hypervisor Installation How to Use vsphere to Connect to and Manage an ESXi Hypervisor Installation I am not responsible for your actions or their outcomes, in any way, while reading and/or implementing this tutorial. I will

More information

Logging and Alerting for the Cloud

Logging and Alerting for the Cloud Logging and Alerting for the Cloud What you need to know about monitoring and tracking across your enterprise The need for tracking and monitoring is pervasive throughout many aspects of an organization:

More information

Virtualization Security Checklist

Virtualization Security Checklist Virtualization Security Checklist This virtualization security checklist is intended for use with enterprise full virtualization environments (as opposed to paravirtualization, application or operating

More information

Josiah Wilkinson Internal Security Assessor. Nationwide

Josiah Wilkinson Internal Security Assessor. Nationwide Josiah Wilkinson Internal Security Assessor Nationwide Payment Card Industry Overview PCI Governance/Enforcement Agenda PCI Data Security Standard Penalties for Non-Compliance Keys to Compliance Challenges

More information

TECHNICAL PAPER. Veeam Backup & Replication with Nimble Storage

TECHNICAL PAPER. Veeam Backup & Replication with Nimble Storage TECHNICAL PAPER Veeam Backup & Replication with Nimble Storage Document Revision Date Revision Description (author) 11/26/2014 1. 0 Draft release (Bill Roth) 12/23/2014 1.1 Draft update (Bill Roth) 2/20/2015

More information

VMware vsphere-6.0 Administration Training

VMware vsphere-6.0 Administration Training VMware vsphere-6.0 Administration Training Course Course Duration : 20 Days Class Duration : 3 hours per day (Including LAB Practical) Classroom Fee = 20,000 INR Online / Fast-Track Fee = 25,000 INR Fast

More information

Information Sheet. PCI DSS Overview

Information Sheet. PCI DSS Overview The payment card industry (PCI) protects cardholder data through technical and operations standard set by its Council. Compliance with PCI standards is mandatory. It is enforced by the major payment card

More information

Cedric Rajendran VMware, Inc. Security Hardening vsphere 5.5

Cedric Rajendran VMware, Inc. Security Hardening vsphere 5.5 Cedric Rajendran VMware, Inc. Security Hardening vsphere 5.5 Agenda Security Hardening vsphere 5.5 ESXi Architectural Review ESXi Software Packaging The ESXi Firewall ESXi Local User Security Host Logs

More information

SOLUTION BRIEF THE CA TECHNOLOGIES SOLUTION FOR PCI COMPLIANCE. How Can the CA Security Solution Help Me With PCI Compliance?

SOLUTION BRIEF THE CA TECHNOLOGIES SOLUTION FOR PCI COMPLIANCE. How Can the CA Security Solution Help Me With PCI Compliance? SOLUTION BRIEF THE CA TECHNOLOGIES SOLUTION FOR PCI COMPLIANCE How Can the CA Security Solution Help Me With PCI Compliance? SOLUTION BRIEF CA DATABASE MANAGEMENT FOR DB2 FOR z/os DRAFT CA Technologies

More information

Quick Start Guide. for Installing vnios Software on. VMware Platforms

Quick Start Guide. for Installing vnios Software on. VMware Platforms Quick Start Guide for Installing vnios Software on VMware Platforms Copyright Statements 2010, Infoblox Inc. All rights reserved. The contents of this document may not be copied or duplicated in any form,

More information

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)

More information

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware VM-Series for VMware The VM-Series for VMware supports VMware NSX, ESXI stand-alone and vcloud Air, allowing you to deploy next-generation firewall security and advanced threat prevention within your VMware-based

More information

vsphere Replication for Disaster Recovery to Cloud

vsphere Replication for Disaster Recovery to Cloud vsphere Replication for Disaster Recovery to Cloud vsphere Replication 5.8 This document supports the version of each product listed and supports all subsequent versions until the document is replaced

More information

Security. Environments. Dave Shackleford. John Wiley &. Sons, Inc. s j}! '**»* t i j. l:i. in: i««;

Security. Environments. Dave Shackleford. John Wiley &. Sons, Inc. s j}! '**»* t i j. l:i. in: i««; Security N Environments '' J J H -. i ^ s j}! Dave Shackleford '**»* t i j i««; l:i in: John Wiley &. Sons, Inc. Contents Introduction.. : xix Chapter l Fundamentals of Virtualization Security Virtualization

More information

What are your firm s plans to adopt x86 server virtualization? Not interested

What are your firm s plans to adopt x86 server virtualization? Not interested The benefits of server virtualization are widely accepted and the majority of organizations have deployed virtualization technologies. Organizations are virtualizing mission-critical workloads but must

More information

Control your corner of the cloud.

Control your corner of the cloud. Chapter 1 of 5 Control your corner of the cloud. From the halls of government to the high-rise towers of the corporate world, forward-looking organizations are recognizing the potential of cloud computing

More information

vrealize Operations Manager Customization and Administration Guide

vrealize Operations Manager Customization and Administration Guide vrealize Operations Manager Customization and Administration Guide vrealize Operations Manager 6.0.1 This document supports the version of each product listed and supports all subsequent versions until

More information

Whitepaper. What You Need to Know About Infrastructure as a Service (IaaS) Encryption

Whitepaper. What You Need to Know About Infrastructure as a Service (IaaS) Encryption Whitepaper What You Need to Know About Infrastructure as a Service (IaaS) Encryption What You Need to Know about IaaS Encryption What You Need to Know About IaaS Encryption Executive Summary In this paper,

More information

Automating Compliance Reporting for PCI Data Security Standard version 1.1

Automating Compliance Reporting for PCI Data Security Standard version 1.1 PCI Compliance Reporting Solution Brief Automating Regulatory Compliance and IT Best Practices Reporting Automating Compliance Reporting for PCI Data Security Standard version 1.1 The PCI Data Security

More information

Installing and Configuring vcenter Multi-Hypervisor Manager

Installing and Configuring vcenter Multi-Hypervisor Manager Installing and Configuring vcenter Multi-Hypervisor Manager vcenter Server 5.1 vcenter Multi-Hypervisor Manager 1.1 This document supports the version of each product listed and supports all subsequent

More information

VMsources Group Inc. www.vmsources.com 1-866-644-7764

VMsources Group Inc. www.vmsources.com 1-866-644-7764 VMware Horizon View 6 Virtual Desktop Deployment COURSE DESCRIPTION Our VMware View class offers participants the most extensive training available in the Installation, Configuration and Management of

More information

Addressing PCI Compliance

Addressing PCI Compliance WHITE PAPER DECEMBER 2015 Addressing PCI Compliance Through Privileged Access Management 2 WHITE PAPER: ADDRESSING PCI COMPLIANCE Executive Summary Challenge Organizations handling transactions involving

More information

Delivering the Software Defined Data Center

Delivering the Software Defined Data Center Delivering the Software Defined Data Center Georgina Schäfer Sr. Product Marketing Manager VMware Calvin Rowland, VP, Business Development F5 Networks 2014 VMware Inc. All rights reserved. F5 & Vmware

More information

Overcoming Security Challenges to Virtualize Internet-facing Applications

Overcoming Security Challenges to Virtualize Internet-facing Applications Intel IT IT Best Practices Cloud Security and Secure ization November 2011 Overcoming Security Challenges to ize Internet-facing Applications Executive Overview To enable virtualization of Internet-facing

More information

A practical guide to HIPAAcompliant

A practical guide to HIPAAcompliant A practical guide to HIPAAcompliant virtualization White Paper Table of Contents 4 Summary 4 Enforcement and virtualization increase the stakes 5 Privileged users complicate compliance 7 The platform is

More information

GRAVITYZONE HERE. Deployment Guide VLE Environment

GRAVITYZONE HERE. Deployment Guide VLE Environment GRAVITYZONE HERE Deployment Guide VLE Environment LEGAL NOTICE All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, including

More information

Administrative Improvements. Administrative Improvements. Scoping Guidance. Clarifications for Segmentation

Administrative Improvements. Administrative Improvements. Scoping Guidance. Clarifications for Segmentation The PCI DSS Lifecycle 1 The PCI DSS follows a three-year lifecycle PCI DSS 3.0 will be released in November 2013 Optional (but recommended) in 2014; Required in 2015 PCI SSC Community Meeting Update: PCI

More information

Trend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard

Trend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard Partner Addendum Trend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard The findings and recommendations contained in this document are provided by VMware-certified

More information

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER With technology everywhere we look, the technical safeguards required by HIPAA are extremely important in ensuring that our information

More information