Access your Pro+ Content below.
PCI virtualization guidance warns of compliance challenges
This article is part of the July/August 2011 issue of Information Security magazine
The PCI Security Standards Council is warning merchants about the complexities of protecting credit card data running in virtualized systems and cautioning that some configurations may make it nearly impossible for organizations to achieve compliance. The PCI DSS Virtualization Guidelines Information Supplement (.pdf), issued in June, has long been awaited by merchants, qualified security assessors (QSAs) and other security experts. In addition to providing information on virtualized systems located within the network, the document addresses merchants using cloud computing services for payment transactions. While the PCI virtualization document could help reduce the ambiguity in how QSAs assess virtualized environments, the report may be too broad, says Diana Kelley, a partner with Amherst, N.H.-based consulting firm SecurityCurve. “There's a lot of useful information here and it's a step towards better information on how to protect cardholder data in a virtualized environment,” Kelley says. “Given the scope of this ...
Features in this issue
Big tech companies are scooping up security vendors with mixed results.
Fending off modern computer attacks requires actively hunting down intruders.
PCI group outlines challenges in achieving compliance with payment data on virtualized systems.
Security teams strive to gain visibility from a deluge of security information and put that data to work.
Columns in this issue
Be aware of changing technology and industry trends, and your job prospects will fall in line.
The idea that social media and other Web 2.0 technologies have vastly altered the threat landscape is plain wrong.
Large IT companies are buying up security vendors, but that doesn’t mean there won’t be plenty of room for innovative startups.