May 20, 2009
By Kelly Jackson Higgins
DarkReading
Las Vegas, INTEROP-- With lingering questions about how virtual environments will play with compliance, security experts here have warned organizations to avoid virtualizing any highly regulated applications -- and to also consider new ways to use virtualization to enhance security. One big question is whether virtual environments will pass PCI audits. "One of the biggest challenges is that the virtualization vendors have no common taxonomy" for the PCI Council to prescribe the minimum best practices for securing data in virtualized environments, said Michael Legary, executive consultant and founder of Seccuris, a panelist on the Computer Security Institute's Security Exchange summit on virtualization