VMware Takes Virtualization Discussions into Realm of PCI Compliance | eWeek

VMware Takes Virtualization Discussions into Realm of PCI Compliance

Écrit par
Brian Prince
Brian Prince
Nov 12, 2008
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

The honeymoon may soon be over for any retailers that have not extended attention to the Payment Card Industry Data Security Standard to their virtual environments.

VMware announced today it has joined the PCI Security Standards Council in a bid to include specifics related to virtualization into the Payment Card Industry Data Security Standard (PCI DSS), as well as spread awareness of how the technology can help enhance security and compliance.

It’s no secret that virtualization is spreading among businesses. Despite its growth, however, there is still nothing in the PCI standard that specifically mentions virtual hosts and networks. On its own, VMware has sought to bridge that gap by disseminating information through its VMware Compliance Center via whitepapers and podcasts, which can be downloaded here.

The lack of guidance in the regulation itself has led to confusion among merchants, explained Shekar Ayyar, vice president of infrastructure alliances at VMware.

“When it comes to compliance-related domains, PCI being one of them, it is still somewhat of a…gray area where there’s not a whole lot of understanding of what that is, whether it’s from the standards council standpoint or whether it is from the auditor’s standpoint,” he said. “What we are looking to do is really…articulate more clearly what first of all virtualization as an architecture and an infrastructure can enable and how compliance auditors as well as rule-makers need to be thinking about that.”

He added that technologies VMware is working on can have a sharp influence on compliance and enforcement, such as the VMsafe API.

“So that’s kind of the driving force behind doing this…their version 1.2 of the [regulation] for example still doesn’t really talk about virtualization, so the hope is that through closer engagement and by working with them as part of the council we will be able to bring more awareness to that as we go forward,” Ayyar said.

As a member of the council, VMware will have access to the latest payment card security standards from the council and be able to provide feedback.

“The PCI Security Standards Council is committed to helping everyone involved in the payment chain protect consumer payment data,” said Bob Russo, general manager of the PCI Security Standards Council, in a statement. “By participating in the standards setting process, VMware demonstrates it is playing an active part in this important end goal.”

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.