How to Make Your Virtual Desktops PCI Compliant
September 28, 2017
PCI compliance is a major concern for any organization that collects, stores or transmits payment card information. The Payment Card Industry Security Standards Council has outlined 12 key requirements — each with multiple controls and subcontrols — that an organization needs to directly address in order to be deemed PCI compliant.
As companies embrace more cloud solutions, meeting and maintaining compliance can become more complicated. But by choosing the right compliant vendor, it could also become easier. This is particuarly important when it comes to virtual desktops. Whether built in-house or outsourced via a desktop as a service (DaaS) provider, the desktop is the single most common way every employee and contractor accesses your (and your customers’) protected information. These new assets from Dizzion will help you understand what to look for with a PCI compliant virtual desktop solution and give you the tools to find the right service that matches your compliance needs.
Understanding PCI Compliant Desktops
Many DaaS and outsourced VDI or infrastructure as a serviced (IaaS) providers offer some level of PCI compliance. What you need to be aware of is that compliance may pertain only to the service provider or leave the vast majority of controls as your sole responsibility. Don’t fall for “PCI compliant LITE” solutions. Instead, understand what’s required and the common scenarios that can leave you with more responsibility than anticipated.
Download Understanding PCI Compliant Desktops >>
PCI Compliant Desktops Responsibilities Checklist
Any solution provider that claims to offer a PCI compliant service must be able to provide a responsibilities matrix or RACI (Responsible, Accountable, Consulted, Informed). These documents make it crystal clear who takes responsibility for which PCI controls. Some will be the vendor’s responsibility, some will remain with the client and some will be shared. Understanding how much responsibility you retain is critical to planning your virtual desktop initiative and ongoing compliance requirements.
To help you clearly vet and compare solution providers, this PCI responsibilities checklist outlines all major responsibilities, controls and subcontrols and gives you a way to track where ownership of each lies.
Download the PCI Compliant Desktops Responsibilities Checklist >>
You may also like:
More Posts like This
Chromebooks: An Inexpensive VDI Endpoint Option for the Right Use Cases
Feb 23, 2023
Chromebooks are an inexpensive end point device that are an excellent option for virtual desktop environments. ChromeOS enables IT to deliver secure devices, fast deployment, and cloud-first management. READ MORE
Announcing Dizzion Managed Desktops on IBM Cloud
Apr 13, 2021
Dizzion extends AnyCloud global delivery with new Managed Desktops on IBM Cloudâ, featuring VMwareâ Horizon technology Earlier today, Dizzion announced ...READ MORE
End of Year VDI Auditing & Planning
Nov 15, 2018
As the year comes to an end, spend time auditing your virtual desktops and planning for the future so you can have a smooth, productive 2019. READ MORE