Canalblog
Editer l'article Suivre ce blog Administration + Créer mon blog
Publicité
PROSERVIA : Pôle Conseil Expertise
Articles récents
Contacter le propriétaire du blog
Newsletter
Archives
PROSERVIA : Pôle Conseil Expertise
16 novembre 2008

VMware Launches Site for Security and Compliance Auditors

For the past two years I have been listening to security and compliance auditors who routinely complain that they need help with effectively auditing for compliance (e.g., regulatory, security policy) in virtualized environments. During that span, I’d often hear auditors tell me the following:

I don’t know where to start.

What within the virtual infrastructure constitutes a trusted security boundary?

Are the vendors in the virtualization space and the standards bodies (e.g. PCI) doing anything to help?

That being said, I have taken auditor feedback (both general and specific) to the major virtualization vendors and asked them if they could push the ball forward and throw the auditors a life line. Unfortunately, a senior executive at one prominent vendor told me:

Auditing is an internal issue that is unique to all organizations, and we have no place in this area.

When the executive made that statement, I told him why I disagreed and tried to clarify my position, again stating that the virtualization vendors needed to take the ball to the engage the standards bodies and also to provide the clarity that the auditors required. He still disagreed.

Hope is not lost for the auditing community, as VMware today announced that it is joining the PCI standards council as a participating organization, and the launch of the VMware Compliance Center Web site. The Compliance Center includes a very nice list of white papers that I think auditors will find  helpful. VMware - great job. With this announcement, I think Christmas just came early for many in the auditing community. Now for VMware’s competitors, I’m once again going to repeat my request to you - please get serious about providing guidelines and clarity for security auditors. They want your help. Without it, some will inevitably revert to enforcing full physical isolation within their organization’s virtual infrastructure, something which reduces consolidation density and undermines your TCO arguments. What do you say? If you’re serious about being a production-class virtualization platform, you need to publicly demonstrate how you are serious about security and compliance. The ball’s in your court.

Note: Originally posted to Burton Group’s Data Center Strategies blog.

http://www.chriswolf.com/?p=201

Posté par jcdemarque à 19:40 - Commentaires [] - Permalien [#]
Tags: VMWaresecurityAuditCompliance

Partager cet article

Vous aimez ?
0 vote
MS Days Paris - Webcast session Hyper V en profondeur
Windows Essential Business Server 2008 (EBS) officiellement disponible
Vous aimerez aussi :
VMware vSphere 6 : le lancement en ligne!
VMware vSphere 6 : le lancement en ligne!
VMworld 2014 : vSphere 6.0 améliore l'allocation du stockage
VMworld 2014 : vSphere 6.0 améliore l'allocation du stockage
Les conteneurs Docker sont plus performants que les VM
Les conteneurs Docker sont plus performants que les VM
Avec CloudVolumes, VMware s’offre une technologie de conteneurs pour Windows
Avec CloudVolumes, VMware s’offre une technologie de conteneurs pour Windows
Publicité
Commentaires
Recherche
Publicité
Catégories
Publicité