Virtualization: Security and Compliance Considerations
Dave Shackleford Director, CP&C, Configuresoft
Virtualization has become a widely adopted technology that allows you to save money, increase operational efficiency and reduce energy consumption. However, these important benefits also come with a management cost. As you virtualize the environment, the rate of change and complexity increases dramatically due to the many interdependencies between guests and hosts and then exponentially as VMotion and DRS dynamically optimize the virtual landscape. This increased complexity introduces security and compliance considerations that must be addressed to fully realize the potential of virtualization.
Join Dave Shackleford, Director of Configuresoft's Center for Policy and Compliance (CP&C), former CTO at the Center for Internet Security (CIS) and co-author of the CIS Benchmarks for VMware ESX, as he discusses the security and compliance challenges introduced by virtualization.
- Learn about the security and compliance challenges posed by virtualization
- Gain increased knowledge of hardening guidance available
- Learn the impact of VMotion and how this affects compliance in your environment
- Identify steps you can take to ensure success with your virtualization project
PCI Essentials - What You Need to Know
Dave Taylor Founder, PCI Knowledgebase Chris Rallo PCI Product Manager, Configuresoft
Learn from industry leading PCI analyst Dave Taylor, as he discusses the current state of PCI compliance. Dave reveals what separates the leaders from the laggards when it comes to PCI compliance and best practices to achieve continuous compliance.
Dave is followed by Chris Rallo, PCI Product Manager at Configuresoft. Chris discusses achieving continuous compliance in a dynamic environment and how mere checklist-based approaches have resulted in security breaches. Chris and Dave also discuss what to expect from the PCI 1.2 release from the PCI Security Standards Council in September/October of 2008.
Listen to this educational webinar to learn:
- Best Practices from leading merchants, service providers and PCI assessors based on 100+ hours of interviews.
- Differences between compliance and security and how to manage the PCI compliance of your service providers.
- Lessons learned from merchants. Don't repeat these mistakes!
- How to integrate PCI programs with broader security and compliance efforts.
- What's coming in the PCI 1.2 release.
Successfully Maintain PCI IT Audit Readiness
Dave Shackleford Director, CP&C, Configuresoft
With the increased dynamic nature of your IT organization due to virtualization, are you confident that you are PCI DSS compliant?
Even if you are PCI DSS compliant, are you confident your organization wouldn't suffer a data breach?
Dave Shackleford, Director, Center for Policy & Compliance (CP&C) for Configuresoft and PCI Security Vendor Alliance Board Member shares his insights on:
- Best practices for succeeding in your PCI DSS Compliance program
- Impact of Virtualization on PCI DSS compliance
- Advice for migrating from a paper/checklist approach to continuously monitoring for system changes
- Leveraging CP&C Compliance Toolkits to automatically translate regulations and standards and map to security controls
- Ensuring continuous compliance for both physical and virtual environments
Achieve IT Effectiveness Through Analytics
Dennis Drogseth Vice President - Enterprise Management Associates Sateesh Narahari Director - Configuresoft
Manually analyzing the IT configuration data, change logs, patch levels across servers is nearly impossible for IT staff who are supporting more servers per staff than ever before. However, there is a greater need to understand which configurations are at risk for vulnerabilities, what changes are causing most problems, and which IT assets are most expensive to support. The result is that IT staff is often overworked and makes decisions based on gut feel than on real data.
Enterprise Management Associates (EMA) Vice President Dennis Drogseth, a leading analyst in IT service management shares his insights on how IT can address these challenges.
Dennis is followed by Sateesh Narahari, Director with Configuresoft, who discusses Configuration Intelligence Analytics from Configuresoft and how it can help organizations master the challenge of analyzing massive amounts of IT configuration, change and patch data.
Learn how to:
- Produce IT scorecards that drive business decisions
- Measure Key Performance Indicators
- Make your change management more effective
- Increase operational effectiveness
- Measure your current security, audit and compliance levels
Securing and Managing Virtual Environments
Andi Mann Research Director - Enterprise Management Associates Andrew Bird Vice President - Configuresoft
Andi Mann, Research Director with Enterprise Management Associates (EMA) reviews:
- Current state of virtualization
- Problems that enterprises face while deploying and managing virtualization
- Tips for succeeding in your virtualization projects
Andrew Bird, Vice President with Configuresoft discusses how customers use Configuresoft Enterprise Configuration Manager (ECM) to solve the control, compliance and security problems in virtualized environments.
How Companies Are Achieving PCI Compliance
David Taylor President - PCI Alliance Chris Rallo PCI Product Manager - Configuresoft
David Taylor shares his insights on:
- Latest research from the 2008 PCI Knowledge Base interviews with Level 1 and 2 merchants on the success of PCI compliance across the industry
- The inconsistency between "initial PCI compliance" and ongoing "operational compliance"
- Best practices for succeeding in your PCI Compliance Program
Dave is followed by Chris Rallo, PCI Product Manager with Configuresoft, who shares how merchants are using automation to achieve a sustainable PCI compliance by:
- Implementing a continuous process of discovery, analysis and remediation of non PCI-compliant devices
- Leveraging out-of-the box, proven Compliance Toolkits with actionable content
PLAN-DO-CHECK-ACT: Closing the Loop on Change
Audrey Rasmussen Analyst - Ptak, Noel & Associates George Gerchow Technology Strategist - Configuresoft
Today's IT change management tools and processes focus primarily on the change approval and implementation processes. However, these solutions fail to close the loop and reconcile the physical changes with the change management process and evaluate the effects of the implemented change.
The challenge for IT is visibility into and control of "invisible", ad-hoc or unplanned changes that bypass the approval process.
- Understand how linking Configuration and Change Management processes improves overall enterprise and component systems availability, security and policy compliance
- Be able to verify the four organizational benefits of closing the loop on change
- Be able to apply reconciliation and audit verification to measure the effectiveness of your change management process
The Webinar provides real-world examples of improved availability, security, and policy compliance achieved by closing the change loop. It features effective approaches and proven best practices to improve the overall change management process.
ITIL V3: Creating a Pragmatic Implementation Plan
Rick Giesinger ITIL Service Manager/EDS Process Consultan, EDS George Gerchow Technology Strategist, Configuresoft
The verdict is in. With a focus toward continuous improvement, acceptance of a federated CMDB model and an integrated service lifecycle approach to IT Service Management, the move to Version 3 is essential to a successful, practical ITIL adoption in today's world.
BUT...How will changes in V3 affect your current ITIL program or plans for implementation over the next year and beyond?
In this, the second of a two part series, webinar attendees will learn how to define a pragmatic, actionable plan for implementing V3. Please join us for the following:
- Recap the first webinar and highlight the key differences between Versions 2 and 3
- Identify changes, tasks and other organizational considerations required to update your V2 plan to V3
- Understand how to leverage existing IT investments to accelerate ITIL V3 implementation
- Learn about the latest educational programs available for V3 certification
Guidance and Strategies for Adopting ITIL V3
Rick Giesinger ITIL Master, Service Manager, EDS George Gerchow Technology Strategist, Configuresoft
On May 30th of this year, the Office of Government Commerce (OGC) released V3 of ITIL. Eight years after the V2 process-based practices were released, there is now a greater focus on the strategic importance of IT within an organization and on continual improvement. One key difference is the acknowledgment that processes alone are not enough to guarantee service management enhancement. How will ITIL affect your current program or plans for implementation over the next year and beyond?
In this webinar, you will:
- Learn the key differences between V2 and V3
- Understand how linking ITIL best practice recommendations with operational configuration management is the key to making ITIL processes more effective and efficient
- Gain insight into how continual service improvement is made possible through ITIL V3 and Configuration Intelligenceâ„¢
- Understand how to continue upon an effective certification path to execute upon V2 AND V3 initiatives
Securing Complex Virtualization Environments
Andi Mann Senior Analyst, EMA Dennis Moreau Ph.D. CTO, Configuresoft
Virtualization technologies hold the promise of reduced cost and increased agility; however Virtualization also introduces new complexities and security risks that must be addressed to bulletproof the corporate IT infrastructure.
In this Webinar, you will:
- Hear why virtualization has moved to the top of 2007 IT priorities for achieving business alignment
- Understand the barriers that are slowing adoption and increasing organizational security compliance risk
- Learn best practices for overcoming the two major barriers, security and complexity, to achieve a secure, manageable virtualization fabric
The Webinar also provides real-world examples of security, compliance and management complexity introduced by the deployment of virtualization. It features effective approaches and proven best practices to manage virtualised environments.
Accelerating ITIL Delivery Times
Jean-Pierre Garbani Senior Analyst, Forrester George Gerchow CP&C Technology Strategist, Configuresoft
Organizations face enormous challenges in rapidly and effectively deploying ITIL processes and ensuring security policy compliance across complex and dynamic IT infrastructures.
Linking ITIL best practice recommendations with operational configuration management is the key to making ITIL processes more efficient and effective.
The discussion provides real-world examples of how organizations can harness operational configuration information to improve the OVERALL efficiency and effectiveness of ITIL IMPLEMENTED processes.
Complying with OMB M-07-11 – An Approach for Continuously Assuring Security Configurations
Time is running out for submitting your plan to comply with the OMB Directive M-07-11. Planning and implementation of the standard is the easy part, maintaining it over time is the real challenge.
Join Configuresoft as we help you understand the impact of the directive on your organization and how to develop a continuous, enforceable approach for complying with NIST, DoD and DHS Security Configurations over time.
Assuring PCI DSS Compliance
Duane Thayer Infrastructure Manager, TSYS iSolutions Chris Farrow Director, Center for Policy & Compliance, Configuresoft
This webinar offers practical advice for successfully achieving ongoing PCI compliance. Implementing a continuous, automated approach to compliance has proven to be the secure method for minimizing exposure to data breaches and lowering onsite security and audit costs.
The webcast will help you:
- Understand the Gap: Quickly identify and document today's areas of PCI 1.1 non-compliance
- Implement the Solution: Employ continuous assessment and automated remediation to remove the gap
- Automate the Audit: Provide immediate audit reports and access to internal IT auditors and external Security Assessors
- Justify the Expense: Measure the secondary security and IT efficiency effects across your organization
What's New in PCI 1.1 - No "Easy Out" for Merchants
Chris Farrow Director, Center for Policy & Compliance, Configuresoft
Amid all of the buzz surrounding the new PCI restrictions, the risk of fines and losing card privileges, it's easy to confuse details about who must comply, by when and how the requirements are structured. Add to that, loss of customer and public trust due to data breaches is the biggest risk of all.
|
|
 |
| |
|
Download a complimentary copy of the PCI 1.1/1.0 Comparison for your reference. |
What's New in PCI 1.1 - No "Easy Out" for Merchants
Chris Farrow Director, Center for Policy & Compliance, Configuresoft Dr. David Taylor VP, Data Security Strategies, Protegrity
A one hour webcast on the PCI 1.1 standards highlights and explores:
- Changes between PCI 1.0 and 1.1
- Operational and security implications of the PCI 1.1 changes
- Detailed technical, business and project management implications to implement PCI 1.1
|
| IE is required to view the recording. No key is required. |
Emerging Data Privacy & Security Laws
Chris Farrow Director, Center for Policy & Compliance, Configuresoft Dr. David Taylor VP, Data Security Strategies, Protegrity
New laws regarding data security come with greater penalties if you or your organization is found negligent.
- Listen to real world customer examples that apply to your business
- Obtain metrics to build a case for a continuous program to measure and manage data asset value
- Understand the impact of regulatory compliance on data asset value and enterprise risk management
|
| IE is required to view the recording. No key is required. |
Making the Leap from Policy to Compliance in Four Steps
Khalid Kark Senior Analyst, Forrester Dennis Moreau CTO, Configuresoft
Join Forrester Research Security Analyst Khalid Kark and Configuresoft CTO Dennis Moreau to learn how organizations have harnessed operational configuration information to improve security policy compliance alignment and enforcement. Hear about real-world examples that will help your organization:
- Define effective organizational policies
- Enforce policies across complex, heterogeneous IT infrastructures
- Ensure ongoing compliance in dynamic enterprises

RSA Conference 2006
Configuresoft's Dr. Dennis Moreau discusses why Configuresoft joined the SecureIT Alliance.
"The SecureIT Alliance represents an opportunity to be able to open up communications, not just with Microsoft, but among the participants in the alliance to be able to look at fundamental issues in achieving better IT security on the Microsoft platform."
Microsoft Webinar Series
Making Sense of Compliance
Becoming compliant with such programs as Sarbanes-Oxley or HIPAA involves gathering, transferring, housing, and delivering digital assets to authorized users. Does your process account for the need to help keep documents and critical information private and secure? Please join Configuresoft's Center for Policy & Compliance Director, Chris Farrow as he joins fellow industry experts in discussing " Making Sense of Compliance."
To learn more about how you can help safeguard your data at every stage of your compliance process, view the recorded webinar (requires registration). |