Achieving Compliance in a Virtualized Environment
High profile information security failures resulting in the loss of cardholder data, confidential information, and Personally Identifiable Information (PII) have substantially increased regulatory pressure. Many organizations must now comply with standards such as PCI, regulations like SOX-404 or HIPAA, and state privacy laws. Traditional IT auditors and security assessors have been focused on the physical components of the IT infrastructure. However, virtualization technologies are increasingly being used in business processes that have IT compliance requirements. The goal of this paper is to present the unique considerations that virtualization presents to regulatory and standards compliance.