buy album Daughtry nice movies The Dark Knight best mp3 Green Day DVD movies Whatever Works free Beatles hot best 17 Again DIVX USA music U2 free avi Star Wars: Episode V - The Empire Strikes Back nice track Reba McEntire USA DIVX Pandemic

icon_document[Press Release] June 18, 2009
HYTRUST JOINS PCI SECURITY STANDARDS COUNCIL VIRTUALIZATION SPECIAL INTEREST GROUP TO PROVIDE LEADERSHIP, DRIVE STANDARDIZATION

Delivers new HyTrust Appliance PCI configuration template and white paper, outlining critical steps organizations can take today to mitigate risk and navigate compliance uncertainties as application servers and core infrastructure are virtualized

Mountain View, CA (June 18, 2009) – HyTrust, Inc. announced today that it has joined the Virtualization Special Interest Group of the Payment Card Industry (PCI) to provide leadership as the industry seeks to establish an official position on the subject.

“The PCI Security Standards Council has shown tremendous foresight in providing rules designed to protect cardholder data,” says Eric Chiu, HyTrust CEO. “The intersection of virtualization and compliance represents unchartered territory for many of the organizations that are subject to PCI compliance, however. We look forward to providing our unique insight and expertise into the issues and working alongside the council to deliver specific guidance for virtualized PCI-related infrastructure.”

In advance of the emerging PCI requirements for virtual infrastructure, HyTrust has jointly published a new white paper with Protiviti Inc., a global business consulting and internal audit firm, and a fellow member of the PCI virtualization special interest group. The paper aims to provide guidance to organizations that have adopted virtualization but remain unclear about the implications within PCI-compliant infrastructure.

Virtualization, given its powerful capabilities, requires special consideration within the context of compliance. Virtualized application servers that encapsulate payment card data drive compliance considerations both for their virtual machines and underlying hypervisors. Dedicated virtualized network devices, firewalls, intrusion detection systems, and storage are no longer tied to hardware or physically locked down in a datacenter and can now be reconfigured, relocated, or even disabled by remote administrators with privileged access—a worrisome prospect for any organization that relies on virtualized critical infrastructure for security and compliance. This administrative flexibility combined with inconsistent access control and disparate logs create a significant compliance challenge.

“Virtualization technology introduces another piece of software or application that must be managed, patched and secured properly to ensure the security of the virtual system,” says Scott Laliberte, a managing director in Protiviti’s IT Effectiveness and Control practice. “In the current age of virtualization and the significant performance and cost benefits it can provide, we must consider the virtualized system but ensure it truly presents the same risk as that of a single system.”

HyTrust has identified six key areas of concern, unique to virtualized infrastructure and applications subject to compliance, that need to be addressed with proper IT controls. Each of the following six areas of concern are covered in greater detail in the white paper:
Inconsistent access control and undefined access path

  • Separation of duties
  • Manual log collection
  • Assessment and remediation
  • Critical infrastructure virtual appliances
  • Virtual machine sprawl


“As the standards continue to evolve, organizations are hard pressed to balance the obvious cost benefits of virtualization along with the risks. One of our primary goals is to keep organizations ahead of this critical issue,” says Hemma Prafullchandra, chief security architect at HyTrust. “In the absence of clear, yet-to-be-defined standards, HyTrust has made available a new PCI configuration template for HyTrust Appliance that maps the various control objectives to specific checks and remediation capabilities for VMware infrastructure.”

HyTrust seeks to help organizations to bridge this gap by engaging with companies like Protiviti to provide specific procedural recommendations, as illustrated by the white paper released today. Additionally, HyTrust continues to work with VMware, Cisco and other leading providers of virtualized infrastructure to create standards for secure deployment of core infrastructure appliances, automated detection, and portable policy. These efforts will not only reduce risk but also provide greater transparency between auditors, vendors and merchants.

About HyTrust (www.hytrust.com)
HyTrust™, headquartered in Mountain View, CA, is an exciting young company focused on virtualization platform control, security and compliance. Solutions enable I.T. to gain control and visibility over their virtual infrastructure production environments. It also enables them to meet regulatory compliance requirements and respond more quickly and effectively to compliance audits. Fortune 500 enterprises and industry analysts have validated the HyTrust approach to addressing this billion-dollar market. The Company is backed by top tier investors Trident Capital and Epic Ventures; its partners include VMware (NYSE: VMW); Symantec (Nasdaq: SYMC); Citrix (Nasdaq: CTXS); and Cisco (Nasdaq: CSCO).

###


HyTrust; HyTrust, Inc.; HyTrust Appliance; HyTrust Appliance, Enterprise Edition; HyTrust Appliance Community Edition, and “Virtualization Under Control” are all trademarks of HyTrust, Inc. All other product names and trademarks are the property of their respective firms.

 

HyTrust news, direct to your reader.

Contact HyTrust press and analyst relations.

Having trouble?
Help is here.