PCI 2.0-compliant application and cloud environment achieved in record time using advanced software development lifecycle processes
San Francisco, CA—September 27, 2012— Virtustream, Inc., the leading enterprise class cloud solution provider, today announced that the company has achieved Payment Card Industry Data Security Standard (PCI DSS) 2.0 compliance for its cloud platform to secure data in its private and public clouds. Now fully compliant with PCI DSS 2.0, Virtustream is able to guide clients through the PCI certification process with the security and transparency required to ensure compliance and business requirements are met. With Virtustream, customers do not have to resort to “blind” trust; instead, they benefit from a transparent PCI approach involving accessible documentation, reporting and processes to view and manage the entire lifecycle in any audit or operational situation (up to and including the OS layer).
For businesses that would like to implement private clouds in their own data-center and IT operations, Virtustream also provides xStream 2.0 cloud management software with all the security, compliance and reporting tools required to enable PCI-compliant private clouds. This new standard of cloud PCI compliance will be attractive to customers needing additional e-commerce capabilities dynamically delivered from the cloud.
Virtustream attained PCI compliance by integrating its best-of-breed technologies (including GRC, SIEM, IDS, firewall and SLA monitoring) into one comprehensive environment. With security controls integrated in the solution and a mature software development lifecycle process, Virtustream achieved a fully PCI 2.0 compliant application and environment in a compressed – and record setting – timeframe. Virtustream’s technology, which isolates and protects PCI workloads from non-PCI workloads embedded in the platform, was instrumental in achieving this feat. In addition, Virtustream’s encryption of virtual machine images, data in transit, at rest, in database and in archive tools have FIPS 140-2 certified encryption built in, which surpasses typical security requirements. The company’s facilities have also been independently certified to FISMA Moderate, and its processes have been successfully audited to SSAE 16 SOC II and ISO 27000. PCI DSS 2.0 guidelines place an emphasis on virtual machine security to which Virtustream now adheres. Consultants and third-party Qualified Security Assessors (QSAs) will be able to efficiently guide clients through their PCI certification efforts using the compliant foundation Virtustream offers.
“Most cloud and hosting companies lack transparency; they only provide customers with a cover sheet of the audit and exclude the full report that shares all of the audit details,” said Pete Nicoletti, director of security solutions for Virtustream. “We want to ensure transparency around our entire approach. Clients can see what we are doing on their behalf – whether it is documentation, process or lifecycle – and feel confident that Virtustream is delivering a secure environment that meets their compliance and real security needs.” Nicoletti recently joined Virtustream to drive federal business, security and compliance. Previously the vice president of security engineering at Terremark and Verizon, he has extensive experience dealing with security and compliance, and a wide range of security certifications including CISA, CISSP and CCSK.
The Virtustream xStream cloud solution delivers an innovative approach to private, public and hybrid clouds, enabling customers to deploy mission-critical applications to the cloud. xStream is available as software for existing data centers and as a managed service from the Virtustream Cloud. Powered by Virtustream µVMTM technology, xStream delivers enterprise-grade security and compliance, multi-tenant efficiency, application performance SLAs and consumption based charging for both legacy and web-scale applications. xStream provides the hybrid cloud solution that most enterprises prefer – allowing a combination of existing IT, on-site private clouds with off-site virtual private/public clouds. xStream allows businesses to adopt the cloud at their own pace, managing the entire solution with a single pane of glass.
Virtustream is a leading cloud innovator offering enterprise-class cloud solutions for enterprises, governments and service providers. Virtustream simplifies moving complex IT to the cloud – whether private, public or hybrid – while delivering the full economic and business benefits of the cloud.
Virtustream offers xStream, a secure, high performance cloud solution, providing high availability, highly secure enterprise-class clouds, with application level SLAs. xStream is available both as a software solution for existing data centers/clouds and also as a managed service delivered from Virtustream’s Cloud. Virtustream also offers comprehensive professional services to assist customers to design, migrate, and manage clouds.
Virtustream offers xStream worldwide, owns and operates data centers in the U.S. and EMEA, operates an international Cloud Exchange, and has offices in New York, Washington D.C., San Francisco, Atlanta, London, Toronto and Dublin with partners in Asia, Middle East and China.
# # #