PCI DSS v2.0 #2.2.1 states that you can only use one function per server component, and I have SMB clients that strain over this requirement. We are developing plans to segment these servers out, but I question the capability of some organizations to do this.
I say this because I have seen Incentive Compensation and Customer Relationship Management (CRM) solutions that couple the application server and database server together, and these solutions are for Fortune 500 types. It will be interesting to see how quickly and efficiently these architectures change.
I am also waiting to see how the QSAs are going to handle a system coupled with a proprietary database system (e.g. Exchange).
No comments:
Post a Comment