Planning for PCI Compliance in the Cloud

GDPR is just months away – do you know where your sensitive data is?

GDPR, the most significant and comprehensive data privacy standard to date, is only seven months way and many organizations are struggling to understand what that means to them and their data management practices. What is more alarming is that four out of five organizations don’t even know where their GDPR data is located or how to secure it.

Join us for an informative and interactive panel of data security and privacy experts who will discuss the wide-ranging implications of GDPR on data management policies and how organizations can begin to gain control of their GDPR data by accelerating their data discovery and classification efforts.

This panel session will cover:

- What exactly is “personal data”
- Key GDPR data privacy provisions
- The implications to an organization
- Proactive approaches to understanding and securing data

NSX brings tremendous power. Do you have the right controls in place?

In this presentation, see how HyTrust CloudControl NSX, 2015 winner of the Best of VMworld for Security, Compliance and Virtualization, has fortified VMware NSX with better security, enhanced policy enforcement and better compliance.

HyTrust has developed BoundaryControl for virtual machines using Intel TXT hardware technology. In this video learn how HyTrust BoundaryControl can help you control where VMs run, helping with compliance, data sovereignty and security.

Time Zones 15:00 UTC / 10 AM ET / 7 AM PT

The public cloud can offload IT requirements and offer better business agility, but recent IT surveys show more than 50% of IT managers withhold sensitive data from the cloud because of security concerns. Most organizations feel that data in the cloud is data out of their control. But now, it's possible to leverage the public cloud while still maintaining data privacy and security.

Join Steve Pate, Chief Architect at HyTrust, as he presents the latest breakthrough in cloud encryption and key management - HyTrust DataControl for private and public cloud infrastructures.

In this webinar, Steve will review how, with DataControl, you can add security and controls in seconds into existing and new public cloud instances by encrypting both Windows and Linux virtual machines.

He will also discuss how HyTrust DataControl has been helping organizations secure data in both hybrid and public cloud instances, with key advantages, such as:

- Strong encryption that is operationally transparent to secure data at rest in the public cloud
- Engineered specifically for the cloud, so security stays with your virtual machines, even if they are replicated or copied
- Zero-downtime encryption and re-keying for maximum uptime
- Easy, integrated key management

We know that you will find this webinar both educational and thought provoking. We look forward to your attendance.

As an IT leader, you are under pressure to thwart ‘shadow IT’ and to deliver the agility and cost efficiencies your lines of business are finding in the public cloud.

Private cloud and software-defined data centers promise this agility, but can introduce greater risk of downtime or breach. Why? Even the most modern, robust hardware and software will still go down if process failure or administrator “pilot error” leads to mistakes in data center operations. And accidental misconfiguration in a highly virtualized environment can impact many more applications than in a traditional, air-gapped data center. As you virtualize more applications and move toward private cloud, maintaining availability at the highest level is absolutely essential.

In this webinar, Rob Babb, Principal Systems Engineer at HyTrust, will give you the lowdown on how to:

• Reduce downtime by preventing accidental misconfiguration

• Prevent large scale errors introduced through automation

• Achieve faster remediation and recovery with platform hardening,
alerts, and actionable log data

• Free up headcount for compliance through automation


We look forward to your attendance!

Whether public, private or hybrid, your organization is undoubtedly moving toward the cloud. But cloud infrastructure requires different security, especially when you want to virtualize mission-critical or regulated applications.

In this webinar, our guests, Forrester Research’s Andras Cser, VP and Principal Analyst serving Security and Risk Professionals, and VMware's Todd Zambrovitz, Senior Manager for vCloud Air, take a deep dive into the fundamentals of cloud security.

You'll learn:

- Why cloud security is different than on-premises methods

- How to approach identity and access management, especially for
privileged administrators

- Why software-defined networking deserves special attention from
a security perspective

- Approaches for securing data in the cloud

We look forward to your attendance!

In the last few years, security breaches have occurred in various shapes and forms and have shaken up many organizations, especially those in the retail industry. Approaches for auditing and assessment vary from one governance, risk, compliance (GRC) company to the next. Simply checking a box for each regulatory requirement is not sufficient. An approach to meet the challenges that go beyond compliance and address an appropriate security posture should be adopted by organizations.

This webinar, presented by Dan Fritsche, Managing Director, Application Security at Coalfire Labs, will help you understand the potential costs of failing an audit or getting breached even after having passed a Payment Card Industry Data Security Standard.

Topics covered include:

Brand Damage
Loss of Revenue
Downtime
Privacy Penalties
Forensics Investigations
Cyber Insurance Coverage

The presentation will also highlight the steps that organizations can take to address cyber-security risks.

Defending against advanced threats is one of the most difficult challenges facing enterprise security teams, and privileged virtualization admin accounts are rich targets.

In this webinar, Chris Morales, Principal Systems Engineer at HyTrust, will explain the "cloud kill chain" - the sequence of actions attackers put in place to gain unfettered access to virtualized infrastructure - and outline what enterprises can do to break this chain. For highly virtualized organizations, the cloud kill chain has the greatest potential to inflict damage while the attacker remains undetected.

Topics covered in this webinar include:

•Privileged Accounts and the Cloud Kill Chain
•The Nature of the Cloud: Today and in the Future
•Cloud Adoption Statistics
•Disrupting the Cloud Kill Chain in three phases

Organizations and agencies are taking full advantage of the flexibility, agility, and cost savings realized by virtualization. This webinar will focus on the operational challenges facing virtualization professionals and managers.

In this session, Jeff Ennis, Principal Security Architect at HyTrust, will examine the cost of downtime, the impact of downtime in a virtual environment, share real-world incidents, and highlight mitigation techniques. Attendees will benefit by gaining a better understanding of why operational integrity in the virtualized environment is critical, and the recommended approaches to mitigate the risk of extended outages.

PCI 3.0 came into effect in January, and it brought big changes to PCI compliance requirements and control implementation. The changes highlight the need to maintain compliance continuously to defend against today’s sophisticated threats, rather than focusing on the annual audit. Furthermore, these changes need to be considered against the backdrop of increasing efficiency through mixed-mode architectures and the audit of the virtualization plane.

Attend this webinar to learn:

• What are the most important new requirements in PCI 3.0?
• How does the “Business As Usual” guideline translate into QSA positions on continuous controls and monitoring?
• How best to implement PCI controls on the vSphere/ESX management plane, including in mixed-mode configurations.

Feature Speakers:
Brian Pennington
Regional Director, Europe at Coalfire

Jonathan Gohstand
Cloud Security Architect at HyTrust

In this webinar featuring Forrester Research VP, principal analyst John Kindervag, and Matt Springfield, Founder and President of 12Feet, Inc., you'll get a fresh perspective on what you need to know about securing the virtualized data center, and the key requirements for PCI that are especially relevant.

You will leave with a solid understanding of what it takes to securely virtualize your PCI applications and data, and ensure your assessments go smoothly.

The public cloud can offload IT requirements and offer better business agility, but recent IT surveys show more than 50% of IT managers withhold sensitive data from the cloud because of security concerns. Most organizations feel that data in the cloud is data out of their control. But now it’s possible to leverage AWS while still maintaining data privacy and security.

In this webinar, Steve Pate, Chief Architect at HyTrust, presents HyTrust’s latest breakthrough in cloud encryption and key management - HyTrust DataControl for AWS. With DataControl, you can add security and control in seconds into existing and new Amazon EC2 instances by encrypting both Windows and Linux virtual machines. Learn how HyTrust DataControl has been helping organizations secure data in both hybrid and public cloud instances, with several key advantages:

•Strong encryption that is operationally transparent to secure data at rest in the public cloud
•Engineered for the cloud, so security stays with your virtual machines, even if they are replicated or copied
•Zero-downtime encryption and re-keying for maximum uptime
•Easy, integrated key management

PCI 3.0 comes into effect in just a couple of months, and it brings big changes to PCI compliance requirements and control implementation. The changes highlight the need to maintain compliance continuously to defend against today's sophisticated threats, rather than focus on the annual audit. Furthermore, these changes need to be considered against the backdrop of increasing efficiency through mix-mode architectures and the audit of the virtualization plane.

Attend this webinar to learn:

•What are the most important new requirements in PCI 3.0?
•How does the "Business As Usual" guideline translate into QSA positions on continuous controls and monitoring?
•VMware's PCI Compliance Framework
•How best to implement PCI controls on the vSphere/ESX management plane, including in mixed-mode configurations.

Featured speakers:

Noah Weisberger
Director, Cloud & Virtualization Practice at Coalfire

Mr. Weisberger leads the Cloud & Virtualization Practice at Coalfire. He is the primary author of a number of whitepapers describing the use of industry leading virtualization & security management technologies for secure and regulated environments, has presented at conferences both domestically and abroad on topics relating to security,compliance, and operational efficiency with cloud-based technologies.

Allen Shortnacy
Staff Partner Architect and CTO Ambassador at VMware

Mr. Shortnacy focuses on improving automation of infrastructure partner solutions with the VMware product portfolio and broader go to market strategies. In addition, Allen is a subject matter expert in VMware’s Compliance Reference Architecture program where he supports validations of VMware and partner ecosystem configurations.

Jonathan Gohstand
Cloud Security Architect at HyTrust

Mr. Gohstand is a former member of the PCI Council Network Segmentation Special Interest Group, and has six years of product management experience in implementing PCI, including pioneering virtual segmentation strategies.

Healthcare is experiencing a surge in needing advanced processing and functionality from clinical applications, but has limited capacity to add additional physical servers to accomplish this goal.

The answer has been to move to virtualizing your environment, both locally and in the cloud. At the same time, as this has been occurring, HIPAA security requirements for securing virtual environments have also been expending, alongside with the approach taken by the OCR auditors when reviewing these environments for HIPAA compliance.

Due to the ease of stealing data in non-secured environments, and auditors increasing scrutiny, organizations are at risk of unforeseen side effects along the path to meeting their virtualization goals. But this does not have to be the case.

In this webinar, you will learn the top 3 tips for ensuring you get your needed virtualization capacity, while at the same time maintaining HIPAA compliance along the way.

Feature Speakers:
Mike Gentile
Executive Vice President of Innovation & Security at Auxilio

Craig Edwards
Senior Healthcare Strategist at VMware

Bill Hackenberger
Vice President of Data Security at HyTrust

PCI 3.0 comes into effect in just a couple months, and it brings big changes to PCI compliance requirements and control implementation. The changes highlight the need to maintain compliance continuously to defend against today’s sophisticated threats, rather than focusing on the annual audit. Furthermore, these changes need to be considered against the backdrop of increasing efficiency through mixed-mode architectures and the audit of the virtualization plane.

Attend this webinar to learn:
•What are the most important new requirements in PCI 3.0?
•How does the “Business As Usual” guideline translate into QSA positions on continuous controls and monitoring?
•How best to implement PCI controls on the vSphere/ESX management plane, including in mixed-mode configurations.

Featured speakers:

Noah Weisberger
Director, Cloud & Virtualization Practice at Coalfire

Mr. Weisberger leads the Cloud & Virtualization Practice at Coalfire. He is the primary author of a number of whitepapers describing the use of industry leading virtualization & security management technologies for secure and regulated environments, has presented at conferences both domestically and abroad on topics relating to security,compliance, and operational efficiency with cloud-based technologies.

Jonathan Gohstand
Cloud Security Architect at HyTrust

Mr. Gohstand is a former member of the PCI Council Network Segmentation Special Interest Group, and has six years of product management experience in implementing PCI, including pioneering virtual segmentation strategies.

Introducing HyTrust Boundary Controls

Virtualization and the cloud make data security more complicated. Specifically, customers have struggled to implement required controls to meet policies and compliance mandates. A common example, administrators have noted that there has been no automated way to ensure that workloads can only be instantiated on specific, designated, or trusted server, in a trusted location. Until Now.

HyTrust, through its technology collaboration with Intel, has extended its virtualization security portfolio with new capabilities to better secure the most important elements in virtualized datacenters and the cloud - applications and data.

Attend this webinar, featuring Eric Chiu, President and Founder of HyTrust and James Greene, Senior Security Engineer for Intel, to gain a better understanding of how HyTrust Boundary Controls work with common server infrastructures to provide mechanisms to define and enforce tighter geographic restrictions to ease compliance, deter data theft and prevent data center downtime.

What you must know when evaluating cloud encryption

Virtualized environments have unique data security challenges,
especially if you¹re running your infrastructure in the public cloud.

When you consider using Infrastructure as a Service (IaaS) from a
cloud service provider, traditional security measures like full drive
encryption don¹t always translate. Virtual machines are dynamic and
mobile, and are often replicated by your CSP for backup and availability. Putting your data in the cloud gives you agility, but are you
sacrificing security?

This webinar, hosted by Steve Pate, Chief Architect at HyTrust, will
review your options and provide you with checklist of capabilities you
should consider when evaluating encryption for private, hybrid or
public clouds. We¹ll address questions like "How should I manage my
encryption keys?" and "How can I securely decommission from a CSP?"

If you are concerned about data privacy and the security of your
virtual machines running in the public cloud, this webinar is for you.

We look forward to your attendance!

The evolution to virtualization and the cloud is inevitable. Companies simply have to be more nimble, reach more users and reduce cost as they migrate away from static security controls that are not flexible and cost effective. As amazing as it sounds, this cloud migration can be supported with dynamic security measures and compliance solutions that are more effective and less expensive over time. The cloud is poised to deliver both a more nimble and secure platform for future growth.

In this webinar, with security experts from Coalfire, Fortinet and HyTrust, you'll learn how to leverage the power of cloud computing and enhance security and compliance at the same time.

Topics for discussion include:

•An overview of evolving industry standards and regulations, focusing on HIPAA, FISMA, and the latest PCI DSS 3.0 updates
•The evolving security challenges and approaches with cloud computing
•What recent cyber-attack statistics reveal about the widening gap between the hackers vs. the “good guys”
•Software defined data center architectures, such as VMware NSX, for enabling agile security
•Best practices for assessing risk management, security and compliance

Featured speakers:

Rick Dakin, CEO of Coalfire
Hemma Prafullchandra, CTO/SVP Products at HyTrust
Warren Wu, Sr. Director of Product Marketing at Fortinet

We look forward to your attendance!

Building a secure, compliant and available cloud faster with converged infrastructure.

Organizations continue to expand datacenter virtualization at a rapid pace to take advantage of its agility and cost savings. Next generation private clouds offer even more flexibility, bringing self service and better IT responsiveness. In this webinar, with infrastructure and security experts from Forrester, VCE and HyTrust, you’ll learn how converged infrastructure can get you to your cloud faster, and more securely.

This webinar will cover:

o The role of converged infrastructure in data center transformation
o How converged infrastructure is the fastest path to private cloud
o Overcoming private cloud concerns with secure, policy-driven automation
o Where your peers are in their consolidation and cloud transformation

Featured speakers:

Dave Bartoletti, Principal Analyst, Serving Infrastructure & Operations Professionals at Forrester Research
Eric Chiu, Founder & President at HyTrust
Geoffrey Coulter, Security Product Manager at VCE