The Payment Card Industry Security Standards Council recently published a new guidance report designed to provide businesses with a better understanding of how to implement virtualization in a secure way.
The 32-page report, released on Tuesday, contains a set of guidelines to help businesses ensure their virtualized deployments are in line with PCI standards.
The document acknowledges that certain risks are associated with an evolving technology, and virtualization is no different. While the IT solution can provide a number of cost reduction and efficiency benefits, businesses must understand its implications so they can effectively protect cardholder information.
The guidance recommends several virtualization best practices and highlights what virtualization technologies can affect PCI compliance, including hypervisors, virtual machines and virtual appliances, among others.
"Designing all virtualization components, even those considered to be out-of-scope, to meet PCI DSS security requirements will not only provide a secure baseline for the virtual environment as a whole, it will also reduce the complexity and risk associated with managing multiple security profiles, and lower the overhead and effort required to maintain and validate compliance of the in-scope components," the report stated.
Compliance with the PCI Data Security Standard cannot be underestimated, as businesses that adhere to it are less likely to suffer from data breaches and other data security attacks.
According to a study from the Ponemon Institute, 64 percent of companies that are compliant with the PCI DSS reported no data breaches in the last 24 months. Meanwhile, only 38 percent of noncompliant businesses boasted the same. Furthermore, the study found that 26 percent of noncompliant companies said they suffered more than five data breaches during the time period.
Companies that fail to achieve compliance under the PCI DSS run the risk of losing business, as customers will likely be less inclined to provide their credit card information if they do not believe it safe. Therefore, it is all but imperative that companies that handle credit card information strive to put effective data protection measures into practice.