The Latest RSA News
Product and Solution Information, Press Releases, Announcements
| New RSA Security Brief Offers Organizations Actionable Steps | |
| Posted: Mon Sep 21, 2009 10:05:00 AM | |
|
RSA, The Security Division of EMC (NYSE: EMC) today released a new RSA® Security Brief titled: "Security Compliance in a Virtual World," offering actionable best practices for organizations faced with proving compliance in virtualized environments. As more organizations accelerate virtualization deployments, a more critical eye is turned towards compliance programs. The new RSA Security Brief offers executives and technology practitioners some practical guidance for establishing a solid foundation to mitigate risk and address compliance with various regulations, industry standards and internal policies in the context of virtual infrastructures. Authors of the RSA Security Brief include many of the industry’s foremost security and virtualization experts from EMC and VMware, including Bret Hartman, Chief Technology Officer for EMC’s RSA security division, Dr. Stephen Herrod, Chief Technology Officer and Senior Vice President of R&D; for VMware and other senior EMC technologists. "EMC and VMware are in a unique position to offer sound advice for how organizations can best achieve and maintain compliance in virtualized environments," said Jon Oltsik, Senior Analyst, Enterprise Strategy Group. "Maintaining compliance in a virtualized environment requires the business to understand the impact of this new system on the overall IT risk management program." Enabling Executives to Communicate and Practitioners to Act Organizations taking advantage of the benefits of virtualization will also have to demonstrate efforts to ensure these environments are fully integrated within a broader compliance program. Enterprises currently struggle with complex compliance environments that include the impact of local data protection laws (e.g., country level laws as part of the European Union Data Protection Directive), global industry mandates like the PCI Data Security Standard as well as regulatory requirements such as Sarbanes-Oxley and HIPAA. In addition, many organizations must navigate the complexities associated with internal polices and agreements with business partners and customers. Because of this, it is critical to have a complete view into how virtualization impacts an organizations' compliance program. Professionals responsible for IT security, risk management and compliance programs will discover useful guidance and actionable best practices in the RSA Security Brief. Key components include: * Best practices for implementation - any enterprise implementing virtualization must understand and manage the impact on the compliance and risk management programs. The Security Brief addresses key areas including platform hardening, configuration and change management, patch management, administrative access control & separation of duties, network security & segmentation and audit logging. * A virtualization software security assessment checklist - provides questions that organizations can pose to their vendors to better understand their providers' capabilities to deliver secure software. * Detailed considerations for technical practitioners - provides organizations with specific critical considerations such as how to use fine-grained access control to ensure separation of duties between an administrators' role within the virtualized software and ensuring patch management practices extend to the virtualization software in addition to the virtual machines. |