About

This blog is dedicated to the discussion of securing and proving compliance in virtual and private cloud infrastructure.  Nobody is more passionate about this topic than we are. We consider topics ranging from network, security, and compliance operations responsibilities to the implications of regulatory requirements in cloud environments to current events -- all with the goal of providing best practices for our readers to safely move to virtual and cloud infrastructure. We invite you to join in the dialogue. 

Receive Periodic Updates

Your email:

Follow Catbird

Catbird Virtualization Security & Compliance Blog

Current Articles | RSS Feed RSS Feed

Is Your Cloud HIPAA-Ready?

  
  
  

5 Critical Questions to Ask Your HIPAA Hoster

A lot of cloud hosting providers claim that they’re HIPAA compliant, but what do they actually provide?  Before you make a decision, here are some key questions to ask.

Software-defined Network Challenges

  
  
  

Five Key Considerations When Adopting SDN

As organizations plan to move to virtualized systems and software-defined networks (SDN), it is helpful to review the realistic challenges that they will face. To be able to take advantage of the benefits of a software-defined environment, architects should consider the following: 

Hacking Is Not that Hard

  
  
  

Three Risk Management Strategies

You know that data breaches and attacks are common, but did you know that hacking is actually very easy? According to a recent CSIS report, hacking is not that hard. For me, some of the most interesting data points in this report include:

Shifting Roles in the SDDC

  
  
  

Three Things You Can Do to Transition Effectively

Changes in data center architecture have also led to shifting roles within the organization. The software-defined data center and SDN present an opportunity for existing IT personnel to embrace change and expand their portfolio. For IT to function efficiently, System, Network, and Security teams should recognize that they have the opportunity to take on a larger scope, as the days of IT siloes are over.

Are Your Vendors Your Weakest Links?

  
  
  

The Target Breach Backlash

It’s a situation that strikes fear into the heart of every CIO and CISO—a breach caused by a vendor relationship. The Target debacle was apparently due to just that and affected millions of customers.  Will this incident create a deluge of headaches for Target’s vendors? Will other corporations follow suit? Most importantly, what can you do?

ACI Meets PCI, HIPAA, FISMA, SOX

  
  
  

Catbird Joins Cisco ACI Ecosystem

It’s fantastic news for Catbird and for you as well.  With Cisco Application Centric Infrastructure (ACI) adding Catbird to its expanding ecosystem, the next iteration of network security is within grasp. 

Target Breach Update

  
  
  

More Bad News from Target

It has now been reported that the Target data breach effected somewhere between 70 to 110 million of their customers. These customers face an even darker threat than just financial distress as it has also come to light that addresses, phone numbers, and personal identifiable information (PII) was stolen, leaving them vulnerable to multiple fraudulent activities. 
So what can you do to avoid this type of disastrous situation? To start, realize that PCI compliance is only a small piece of the security posture puzzle that is essential to protecting customer data. This data breach reaches far beyond PCI scope and dives head first into the deep ends of HIPAA and PII policy management. Securing data based on classification needs to be sophisticated enough that assets have layers of security, ultimately protecting and securing the asset based on the workloads of that asset. Sensitive data needs to be encapsulated by its security policy.

Second, and just as important, continuous monitoring of activity is critical. These 70M+ records had to be accessed and transmitted out of Target's network in some fashion. With proper visibility at the right levels of the network, anomalies like this can be detected, prevented, logged, and reported in real time. Active enforcement of policies is necessary to mitigate the severity of breaches.
I encourage you to take a proactive approach to security and understand the advanced technologies available today to protect credit card information. Advancements in virtual and cloud technologies are enabling retailers to provide stronger, more secure transactions, strengthening the credibility and reputation of their organizations at the same time.

Author Bio:


Target Breach All Too Common

  
  
  

Security Events Languish in Queue

With the discloser of the data breach at Target, I find myself—like 40 million other customers—calling my wife to find out if our holiday spirit has been squelched by credit card fraud.

What is the Software-defined Perimeter?

  
  
  

Secure Networks and Data in the Cloud

Where is my data and how do I protect it? This is the problem and the opportunity that we are faced with today. For an assessor, data protection is a cash cow. For a consumer, it is a money pit both in terms of time and resources. So is it really a surprise that every provider and vendor is dedicating attention to providing data security that is flexible, geographically non-specific, and software based? Shouldn't be! 

A Review of the Updated PCI Standards

  
  
  

What’s New for Virtualization in PCI DSS 3.0

As you’re probably aware, the PCI Security Standards Council published version 3.0 of its Data Security Standard (DSS) on November 7.  If your business stores, processes, or transmits payment cardholder data in a virtual environment, you will want to carefully study the new standard for updates.  I’ll touch on the high points here for requirements that impact the Cardholder Data Environment (CDE).

All Posts