Virtual server hosting is commonly used in the payment card industry to securely store customer data. Until recently, however, it was difficult for data centers to virtualize their networks within best practice protocols. New PCI data security standards have solved the virtualization problem by clarifying the regulations surrounding data saved on a virtual server.
The previous standard stated companies needed to have one primary function per server, Hemma Prafullchandra, chief technology officer of HyTrust, said. This regulation, however, only applied to physical servers, making it difficult to establish protocols on virtual servers.
The new PCI DSS standard rules that virtual servers only need to have one primary function per physical device, but each virtual environment needed to have the primary function included in its golden image.
Golden images provide the foundational programming to create the base parameters of a virtual server. With duplicated golden images, an organization can divide one physical server into multiple virtual environments, maximizing the hardware and improving efficiency. If the primary function is written into the golden image, the virtual server will fit into the new PCI DSS standard.
According to HyTrust, the organization behind the payment card industry standards, virtualization is becoming common in data centers throughout the world, but the outdated standard was limiting the potential of virtualization in the payment card industry. With the new regulations, companies are freed to use virtual server hosting to store their data at an off-premise data center managed by a hosting provider.