The International Working Group on Data Protection in Telecommunications (“the Working Group”) released a working paper on privacy and data protection issues surrounding cloud computing, specifically examining the processing of personal data. The paper recognises the growing popularity of cloud computing; however, the Working Group advises that caution should be taken because of the fact

This post was also written by Jason H. Ballum, Amy S. Mushahwar, and Frederick Lah.

With March Madness on the horizon, did you know that educational institutions are part of another Final Four? One in four data breaches come from higher educational institutions or K-12 schools. In addition to data breaches, schools face unique privacy

As Companies Approach the January 1, 2012 PCI DSS 2.0 Compliance Deadline, a New Information Supplement Provides Guidance on the Scoping, Controls Necessary and Testing Procedures for Virtual Environments.

This post was also written by Chris Cwalina, Dan Herbst and Amy Mushahwar.

On Tuesday, June 14, the PCI Security Standards Council, the body that administers the Payment Card Industry Data Security Standard (PCI-DSS), released a comprehensive set of guidelines for PCI compliance in virtual card holder data environments. The Council’s 39-page guidance document (available at https://www.pcisecuritystandards.org/security_standards/documents.php) describes in detail how each of the 12 PCI security control objectives within logical environments should be applied in a virtual setting. The document – which was over two years in the making – provides clearer guidance regarding how organizations can deploy virtualized environments in a secure fashion.

As background, before virtualization technologies, the standard computing model was one computer to one operating system with that computer’s associated applications and resources. Virtualization technologies enable IT teams to combine or divide computing resources to unify many computing systems into one operating environment or to partition one server into several virtual machines. Virtualization technologies undergird important applications over a wide range of areas such as, virtual test environments, server consolidation, multiple operating system support, system migration, cloud computing and so on. Given the variety of virtualization flavors and applications, the Council in its guidance recognized there is “no one-size-fits-all method or solution to configure virtualized environments[.]”Continue Reading Is the PCI Security Standards Counsel Preparing for Cloudy Weather?