PCI Solution Overview
No one will argue with the statement that meeting PCI DSS requirements is complex. With over 200 sub-requirements covering operational, perimeter, system, transmission and data security, PCI DSS is one of the most granular and actively audited regulations in existence.
Changes to IT architecture can explode this complexity further – expanding the scope, cost and overall complexity of PCI DSS compliance. As a result, PCI compliance and audit concerns have hindered organizations from adopting cost-saving cloud and virtualization technology. The PCI Security Standards Committee attempted to address this conflict by issuing PCI DSS Virtualization Guidelines. These guidelines cover both the virtualized data center and public cloud and expand the scope of virtual machines handling credit card data to all components effecting its security, including hypervisors and associated virtual appliances.
HighCloud VM-Centric Security not only helps organizations fulfill a myriad of traditional PCI DSS requirements, but also provides them with a centralized platform to address data security throughout the entire VM lifecycle. The solution was specifically designed to meet PCI DSS encryption, access control and key management requirements while addressing key points of data exposure in virtualized and cloud environments. HighCloud VM-Centric Security benefits for PCI DSS include:
- Encrypts, protects and secures the entire virtualization operating environment, including memory files, copies, snapshots, templates, as well as sensitive data, at all points in the VM lifecycle
- Schedules automated key changes and audits the entire process
- Uses strong, FIPS approved encryption algorithms and key lengths
- Supports a number of PCI DSS operational requirements, including automated decommissioning of VMs and secure VM backup
- Centralized, secure key and policy management with strong separation of duties supports PCI DSS administrative requirements