Virtualization Technology News and Information
PCI DSS 2.0 addresses use of server virtualization

The Payment Card Industry (PCI) has released version 2.0 of the Data Security Standard (DSS), an update to its 1.2.1 version that probably would have been better labeled as a 1.3 release for its lack of any new major requirements.

Instead, PCI DSS 2.0 focuses on clarity of language for a number of key areas, including virtualization. With that, I'd like to welcome the group to 2010 and thank them for finally acknowledging the use of virtualization technologies. It's only been around for 10 years.

It took some time, but the addition of the virtualization concept into the standard reflects the importance of this technology and its operational impact within the PCI community, but there are still related security challenges that need to be addressed. Adding virtualization into the standard is movement in the right direction, but without any real guidance on how to ensure virtualization compliance, how effective can it be? That remains to be seen.

The PCI DSS 1.2.1 specification has a requirement that only one primary function per server be implemented, which has led to confusion for those using virtual machines in their environments. It wasn't clear in looking at the 1.2 specification if it permitted two or more virtual machines to run on the same physical server (one of the main reasons behind using virtualization). The 2.0 specification at least seems to clarify that issue by allowing multiple VMs on the same physical hardware -- that is, as long as each VM is only performing one primary task.


Read the rest of this InfoWorld Virtualization article.

Published Monday, November 08, 2010 6:16 AM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2010>