The head of security strategy at virtual desktop provider Citrix, Kurt Roemer, and the general manager of the PCI security standards committee, Bob Russo, recently told Bank Infosecurity that adopting virtual systems that meet PCI requirements can make businesses safer.
"Each environment is going to present some different risks, objectives and technologies. Therefore each virtual implementation will need to be individually evaluated to determine the impact of the technology against PCI DSS requirements. For example, the use of virtualized networks will require emphasis on the protection of cardholder data in transit and the segregation of that traffic," said Roemer.
Both experts pointed out that virtual infrastructure provides new attack surfaces for potential hackers, and they urged businesses to use the most heavily secured solutions possible to avoid a damaging data breach.
Other experts have stated, however, that virtualization and cloud computing actually provide an opportunity for enhanced security, given the centralized defenses it is possible to erect when most of the important data and functionality are contained in one virtual space.