Pro+ Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
July/August 2011

PCI virtualization guidance warns of compliance challenges

The PCI Security Standards Council is warning merchants about the complexities of protecting credit card data running in virtualized systems and cautioning that some configurations may make it nearly impossible for organizations to achieve compliance.  The PCI DSS Virtualization Guidelines Information Supplement (.pdf), issued in June, has long been awaited by merchants, qualified security assessors (QSAs) and other security experts.  In addition to providing information on virtualized systems located within the network, the document addresses merchants using cloud computing services for payment transactions. While the PCI virtualization document could help reduce the ambiguity in how QSAs assess virtualized environments, the report may be too broad, says Diana Kelley, a partner with Amherst, N.H.-based consulting firm SecurityCurve.   “There's a lot of useful information here and it's a step towards better information on how to protect cardholder data in a virtualized environment,” Kelley says.  “Given the scope of this ...

Access this Pro+ Content for Free!

By submitting you agree to recieve email from TechTarget and its partners. If you reside outside of the United States you consent to having your personal data transferred and processed in the United States. Privacy Policy

Features in this issue

Columns in this issue

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

-ADS BY GOOGLE

Close