A survey sponsored by Cisco to gauge attitudes toward PCI, its cost to organizations that need to achieve PCI compliance and where future security changes are now under consideration was conducted with 500 information technology professionals with responsibility to assure compliance with the Payment Card Industry (PCI) security standard. Results show, says Network World, that just over half find it “burdensome but necessary” in their organizations and about a third see it impacting their virtualized network environments in particular in the future. 85 per cent were confident their organizations were prepared to pass a PCI audit but at the same time about a third indicated they anticipated making changes to their virtualized networks, such as using firewall and intrusion-protection systems as virtual security appliances, to meet future PCI compliance needs.
“‘A whopping 60% were using point-to-point encryption to simplify their compliance efforts and possibly reduce the scope of their next PCI assessment,’ Cisco’s survey results state. Fred Kost, director of security solutions at Cisco, said the PCI mandate is impacting plans for how virtualized networks will be secured as well. When asked, ‘How do you anticipate needing to change your virtualized environment to meet PCI compliance?’ about a third replied they would need to add virtual security appliances, such as firewall and IPS, in order to meet PCI 2.0 compliance, while a third also wanted to ‘further harden our virtualization software.'”