Virtualization separates applications, desktops, machines, networks, data, and services from their physical boundaries. Virtualization is an evolving concept, encompassing a wide range of technologies, tools, and methods, and can bring significant operational advantages to organizations that choose to take advantage of them. However, the risks continue to evolve and are often less well known than the risks associated with more traditional technologies.
There are four simple principles associated with using virtualization in cardholder data environments:
- If virtualization technologies are used in a data environment, PCI DSS requirements apply to virtualization technologies.
- Virtualization technology introduces new risks that may not be relevant to other technologies, and that need to be evaluated when adopting virtualization.
- Implementations of virtual technologies can vary greatly, and entities will need to conduct a thorough assessment to identify and document the unique features of their particular virtualized application, including all interactions with payment transaction processes and payment card data.
- There is no one-size-fits-all solution for all virtualized environments to meet PCI DSS requirements. Specific controls and procedures may vary for each environment, depending on how virtualization is used and implemented.
Cristian from the Segu-Info Newsroom
