New PCI guidelines for virtualised environments
16th June 2011
The PCI Security Standards Council has issued new guidelines on how to comply with the PCI standard in a virtualised environment. With the drive to reduce operational cost and improve efficiency, and the related growth in cloud services in general, virtualisation technology has become a key area of interest, particularly to those that manage large database applications including card holder data environments. But whilst it provides many benefits, virtualisation also introduces new risks that must be properly and carefully considered prior to deployment. The council has offered to provide further assistance to ensure all affected parties understand the implications of these guidelines, including:
- Explanation of the various classes of virtualisation that may be deployed in payment environments, including virtualised operating systems, hardware/platforms and networks.
- Definition of the system components that constitute these types of virtual systems and high-level PCI DSS scoping guidance for each.
- Practical methods and concepts for deployment of virtualisation in payment card environments.
- Suggested controls and best practices for meeting PCI DSS requirements in virtual environments.
- Specific recommendations for mixed-mode and cloud computing environments.
- Guidance for understanding and assessing risk in virtual environments.
Imerja is a specialsit in compliance, certified to ISO27001, N3 approved and with proven experience in advising customers on PCI DSS and Code of Connection. Our consultants can work with you to identify compliance gaps, develop your IT strategy to address these, and provide relevant solutions and services to ensure you continue to support your business operations.