SecureData Security, part of JSE-listed SecureData Holdings and the sub-Saharan distributor for RSA, the Security division of EMC, today announced the latter has released a new RSA Security Brief entitled: “Security Compliance in a Virtual World”, offering actionable best practices for organisations faced with proving compliance in virtualised environments.
As more organisations accelerate virtualisation deployments, a more critical eye is turned towards compliance programs. The new RSA Security Brief offers executives and technology practitioners some practical guidance for establishing a solid foundation to mitigate risk and address compliance with various regulations, industry standards and internal policies in the context of virtual infrastructures.
Authors of the RSA Security Brief include many of the industry's foremost security and virtualisation experts from EMC and VMware, including: Bret Hartman, Chief Technology Officer for EMC's RSA security division; Dr Stephen Herrod, Chief Technology Officer and Senior Vice President of R&D for VMware; and other senior EMC technologists.
“EMC and VMware are in a unique position to offer sound advice for how organisations can best achieve and maintain compliance in virtualised environments,” commented Jon Oltsik, Senior Analyst, Enterprise Strategy Group. “Maintaining compliance in a virtualised environment requires the business to understand the impact of this new system on the overall IT risk management program.”
Enabling executives to communicate, practitioners to act
Organisations taking advantage of the benefits of virtualisation will also have to demonstrate efforts to ensure these environments are fully integrated within a broader compliance program. Enterprises currently struggle with complex compliance environments that include the impact of local data protection laws (eg, country level laws as part of the European Union Data Protection Directive), global industry mandates like the PCI Data Security Standard as well as regulatory requirements such as Sarbanes-Oxley and HIPAA.
In addition, many organisations must navigate the complexities associated with internal policies and agreements with business partners and customers. Because of this, it is critical to have a complete view into how virtualisation impacts an organisation's compliance program.
Professionals responsible for IT security, risk management and compliance programs will discover useful guidance and actionable best practices in the RSA Security Brief. Key components include:
* Best practices for implementation - any enterprise implementing virtualisation must understand and manage the impact on the compliance and risk management programs. The Security Brief addresses key areas, including platform hardening, configuration and change management, patch management, administrative access control and separation of duties, network security and segmentation and audit logging.
* A virtualisation software security assessment checklist - provides questions that organisations can pose to their vendors to better understand their providers' capabilities to deliver secure software.
* Detailed considerations for technical practitioners - provides organisations with specific critical considerations such as how to use fine-grained access control to ensure separation of duties between an administrator's role within the virtualised software and ensuring patch management practices extend to the virtualisation software in addition to the virtual machines.
RSA Security Briefs provide security leaders with essential guidance on today's most pressing information security risks and opportunities. Each Security Brief is created by a select response team of experts who mobilise across organisations to share specialised knowledge on a critical emerging topic.
Offering both big-picture insight and practical technology advice, RSA Security Briefs are vital reading for today's forward-thinking security practitioners. Today's announcement marks the release of the flagship RSA Security Brief, “Security Compliance in a Virtual World”, and is available on request from Mark Linnell of SecureData.
For further information, please contact Mark Linnell at tel. +27 11 790 2500; fax +27 11 790 2599; e-mail markl@securedata.co.za.
Share
RSA
RSA, the Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world's leading organisations succeed by solving their most complex and sensitive security challenges. RSA's information-centric approach to security guards the integrity and confidentiality of information throughout its life cycle - no matter where it moves, who accesses it or how it is used.
RSA offers industry-leading solutions in identity assurance and access control, data loss prevention, encryption and key management, compliance and security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated.
SecureData
SecureData is a specialist, value-added distributor of perimeter, application, network, endpoint, storage and identity information security solutions and risk management solutions for the African sub-continent and Indian Ocean islands. A cross-section of the available solutions from SecureData illustrates wide coverage of the following information security and risk management domains: business continuity, security appliances and devices, hardware authentication, identity and access management, security and vulnerability management, secure content management, threat management and security services.
SecureData's information security and risk management solutions include best-of-breed solutions, devices and appliances for the perimeter, data centres, applications, network, endpoints, messaging and Web. In addition, as a value-add to vendor, channel and customer, SecureData also provides a full complement of support, pre-sales and professional services around the solutions positioned in each discrete security vertical.
For more information, visit SecureData at http://www.securedata.co.za.
Editorial contacts