Hola Security & Compliance Peeps,
My Nombre is George Gerchow, I am the Director of the VMware, Center for Policy & Compliance. Our charter at CP&C is “simple”, like a Cowboy’s Fans knowledge of football:
- 1 -Support migration of highly regulated workloads to vSphere
- Dos – Provide coverage of most common regulatory, industry and vendor policies
- C – Drive Industry Thought Leadership
As a follow on from VMworld, we are going to extend the Management Mastery series to our Secura-Nerds and give you an opportunity to discuss relevant topics that are HUGE. Bottom Line, Security and Compliance are the main inhibitor to Virtualization & Cloud Computing. VMware and other vendors have solutions that are VIRTUALIZATION aware and attack these problems head on.
With all that being said, our first topic is Mixed Mode support for PCI environments. See Section 4.2 in the Vendor Information Supplement. 4.2 Strongly recommends that VMs of different security levels are not hosted on the same hypervisor or physical host. The fear is that a less secure VM can be used to spawn off an attack on a more secure VM.
It is my opinion that most people are not up to speed on Virtualization Security and Compliance Solutions. If you can prove that the systems in a mixed mode are not communicating, you should be golden. If your QSA does not agree, it might be time to get a new QSA. Jkjkjkjkj, not really but… Click the link below to see what we talked about at VMworld. I was misquoted in this article, Computer World and several others. (I NEVER said QSA’s were ten years behind J ) Seriously, I have some good friends that are QSA’s and they will also be tracking this blog to help answer questions. BTW: This got heated at VMworld during our trusted cloud session.
Y'all are going to have to excuse my Grammar and Spelling errors. I am ESL and it comes out all the time. Happy Monday and give us a shout!