Videos provided by OpenStack Summit via OpenStack Foundation YouTube Channel
Architecting a standards compliant cloud can be difficult. There are emerging cloud specific security standards such as FedRAMP and CSA that should be considered in addition to existing NIST/ISO and PCI-DSS standards. OpenStack workflows and resources that exist today either fully or partially meet these common compliance requirements. We will discuss areas that need work and areas that appear to be in good shape.
The talk includes a study of PayPal’s experience in reviewing OpenStack security as relates to complying with PCI-DSS in their private cloud and existing data center environment. It dives into the many design decisions PayPal made within their environment considering whether to use physical versus logical devices, review hypervisor versus guest compliance, and whether to maintain separate management networks for PCI versus non-PCI traffic.