The PCI Security Standards Council has published follow-up detailed information on the virtualization guidelines that were released in version 2.0 of PCI DSS.

It took about 28 months for the council to compile the in-depth guidance on how PCI Data Security Standards (DSS) apply in a virtual environment. The new publications will provide recommendations on how firms can how to use virtualization while managing compliance.

The guidance is designed to “tell you what you need to know prior to trying to deploy something in a virtualized environment”, explained Bob Russo, general manager of the PCI Security Standards Council. “This paper describes well what the risks and rewards are in these virtualized environments”, he added.

Even as there are many advantages of virtualization, some firms find it difficult to mix virtual and traditional networks, as protections mechanisms do not match and lead to overhead expenses. The additional guidance published on Tuesday analyses different classes of virtualization, which includes virtualized operating systems, as well as hardware, platforms, and networks, for payments and provides more details on them.

It also provides suggestions for controls, recommendations for mixed-mode and cloud-based environments along with risk assessment.