PCI DSS 2.0 Compliant Clouds Reference Architecture Updated By Industry Leaders

HyTrust, Inc., the leader in access control and policy management for virtualization infrastructure, today announced the publication of a newly updated reference architecture for Payment Card Industry Data Security Standard (PCI DSS) 2.0 compliant clouds. This based upon new requirements that must be met by a January 1, 2012 deadline.

Industry leaders HyTrust, VMware, Savvis, Trend Micro, Cisco and Coalfire – all core members of the PCI DSS Virtualization Special Interest Group (vSIG), and following months of collaboration – have published a white paper that outlines the new configuration guidelines and provides a comprehensive “best practices” reference architecture. Implemented and tested in a Savvis advanced-technology lab, the reference architecture is optimized to address the unique challenges of virtualization and cloud environments.

The report alleviates the burden of the impending PCI DSS 2.0 deadline on organizations facing these requirements—primarily financial services, retailers, payment processors and acquirers, which leverage virtualization technology for their cardholder data environments (CDE)—and enable them to move forward quickly with their compliance strategies.

“The need for greater security is clear,” said Eric Chiu, president and co-founder, HyTrust. “PCI DSS 2.0 allows ‘system components' to be physical or virtual. That significant shift in posture enables more organizations to benefit from the use of virtualization. However, it simultaneously adds complexity and the need for an entirely new layer of security. Thus, the standard requires organizations to do even more to secure their environments and mitigate the risks.”

Kennet Westby, CEO of Coalfire, a leading Qualified Security Assessor (QSA) organization, said, “As the industry increases the adoption of virtualization, the next logical step is to move to a private cloud environment. With the deadline for PCI DSS 2.0 compliance rapidly approaching, organizations that have implemented virtual infrastructures in their cardholder data environments must prove they have adequate controls in place.”

Westby continued: “As we stated last year, PCI DSS represents a minimum baseline of security controls that are being adopted not only in payment environments, but also in other industry verticals such as healthcare, banking, local, state and Federal government. The update of this reference architecture addresses some of the common challenges organizations face, and how leading providers such as HyTrust, VMware, Savvis, Trend Micro and Cisco continue to develop solutions to tackle these challenges head-on.”

Chiu agreed, “HyTrust continues to experience strong demand, especially in the financial, retail and government sectors, simply because organizations want to leverage virtualization in parts of their infrastructure that are subject to compliance.” He continued, “We expect to see this trend sustained well after this January PCI DSS 2.0 deadline, as more and more organizations realize that PCI compliance and virtualization are compatible.”

PCI DSS 2.0 Webcast

To learn more about the cloud reference architecture, and security and compliance in virtualized environments, please join an interactive webcast on Thursday, December 8, 2011 at 2:00 PM (EST) / 11:00 AM (PST). Register at: https://www.techwebonlineevents.com/ars/eventregistration.do?mode=eventreg&F=1003856&K=HTPR

About HyTrust (www.hytrust.com)
Virtualization & Cloud Under Control^™.

HyTrust^®, headquartered in Mountain View, CA, is the leader in policy management and access control for virtual infrastructure. HyTrust empowers organizations to virtualize more—including servers that may be subject to compliance—by delivering enterprise-class controls for access, accountability, and visibility to their existing virtualization infrastructure. The Company is backed by top tier investors Granite Ventures, Cisco Systems (Nasdaq: CSCO), Trident Capital, and Epic Ventures; its partners include VMware; Symantec (Nasdaq: SYMC); Citrix (Nasdaq: CTXS); RSA (NYSE: EMC) and Intel Corporation (Nasdaq: INTC).

HyTrust; HyTrust, Inc.; HyTrust Appliance; HyTrust Appliance Community Edition; HyTrust Cloud Control; “Virtualization Under Control”; “Cloud Under Control” and “Virtualization & Cloud Under Control” are all trademarks of HyTrust, Inc. All other product names and trademarks are the property of their respective firms.