Payment Card Industry Data Security Standards (PCI DSS) requirement 2.2.1 is a nebulous area for many, especially as it relates to cloud computing. The requirement states that an organization can “implement only one primary function per server.” But does that mean one physical server? The short answer is “no.” You can have multiple systems that are virtualized; you just have to ensure that they are segmented and isolated from each other. Virtualization is an emerging technology, and technology changes everything. In the past, copyright law was written to prevent you from making copies of movies and music. At the time, no one dreamed that there would be a day when copyrighted materials could be saved on a computer or an iPod. Now the copyright laws are written in such a way that all the bases are covered, no matter what technology throws at them. Expect PCI DSS rules to be changed as well.