RSA: Firms warned virtualised servers at risk of failing data security standards

An inability to properly guard data virtualised systems is putting businesses in danger of failing new Payment Card Industry (PCI) compliance standards, according to access control specialist HyTrust.

The firm said it is seeing an increase in failed audits due to firms not placing proper protections on card data which is housed in virtualised servers.

Failing PCI audits can put a company at risk of fines or the loss of authorisation to process credit card payments.

President and founder of HyTrust Eric Chiu told V3 that in recent months its partner vendors have been referring customers to the company in order to install the protections and avoid penalties or sanctions.

What HyTrust often finds is that companies did not consider security when designing and deploying the virtualised systems, which are now covered by the PCI Data Security Standard 2.0.

"My guess is that they are aware of changes but they have not gone into the details of what they need to do," Chiu explained.

"They have not done the work on the virtual side of things."

That separation, said Chiu, is emblematic of the gap which currently exists between security personnel and IT staff.

A recent survey from HyTrust found that 38 per cent of the security staff it polled had no idea when their company's next server upgrade was scheduled.

"Security is still not involved, or they are not involved until they absolutely have to be, which is scary," Chiu said.

"These environments are being scaled and architected and these big expansions are happening without security at the table."

• Tweet  
• Facebook  
•  
•  
• Send to  

• Topics
• Security
• Virtualisation
• RSA Conference
• Compliance