Security for private and Hybrid Cloud remains a C-level priority due to the rising cost of data breaches and attacks that have steadily grown over the past 5 years to almost $6.9 billion in total losses in the United States alone. Long gone are the days of benign phishing e-mails that would only make an attempt to steal your information.
From spear phishing e-mails to complex ransomware, cyber attacks are becoming more sophisticated and more frequent, making it at times difficult to control and get ahead of. This has been reason enough for organizations to start refocusing their security architecture to become more proactive, and have a multi-step approach to security.
In this 4-part blog series the aim is to set the scene, and understand the challenges that the current security landscape presents and how to best tackle these issues by leveraging the built-in security that VMware Cloud Foundation offers.
The VMware Data Center Security Strategy
Over the past decade, VMware has been reshaping the datacenter environment by moving to virtualize more than just servers and workloads but every element of the datacenter: networking, storage and the services around them. These were initially delivered as VMware Validated Designs, which provided a documented framework to deliver a software defined data center (SDDC) but lacked automation for the full stack platform.
The next phase of this evolution provided an automated platform that removes the manual installation, configuration, and lifecycle management of these software components, which provided a cloud operating model for on-premises data center deployments. This solution, VMware Cloud Foundation (VCF) also consolidates the security characteristics of the underlying components and delivered as a full stack solution.
VMware Cloud Foundation is a differentiated solution that deploys a complete software-defined datacenter with all the necessary services up and running as part of a platform, rather than separate as part of their own silo. Security is at the heart of any modern datacenter, and it’s part of every VCF deployment. This is an intrinsic model, where security is built as part of every product, as opposed to simply bolted on and reacting to lifecycle events.
From the Perimeter to the Workload and Beyond
As cyberattacks are becoming more complex, and more targeted, datacenter security cannot afford to lag behind with perimeter architectures. The challenge with traditional firewalls and intrusion prevention systems is that they are large complex systems which often become network (and by extension, application) bottlenecks. Many firewall methods are still relying on IP and network segment information as opposed to moving to a workload-based security model.
A traditional approach to firewalling would often lump together similar workloads in one network segment, and only allow specific traffic to that network segment. However, with current attack models, once one machine would be compromised, the entire network segment would suffer the same fate.
This is what security specialists call an increase in attack surface. Attackers have become more intelligent and have learned to first explore the environment they are about to breach, often remaining dormant for a long-time, lying in wait until they have the best strategy for the most amount of damage.
When shifting to workload-based security, the focus becomes security policies that are workload specific, rather than network segment-specific. Security architects can leverage this model and design the type of access template they would like to see at a workload level. Then, by employing the use of automation and orchestration, applying it to every new workload.
Implementing Zero-Trust with VMware Cloud Foundation
Zero-Trust centers on the belief that an organization should not trust anything inside or outside its perimeters and instead should verify anything connecting to its systems before granting access. Thus, all effort goes into preventing the breach from spreading and having a proactive stance with the assumption that the workload is already posing a risk to its “neighbors”.
VMware Cloud Foundation leverages NSX as its security framework making it easy to deploy a workload-centric, zero-trust model and by introducing a layer of intelligent automation with vRealize security architects can design a scalable security infrastructure.
Three Main Takeaways
With the security landscape changing, there are three main challenges that any infrastructure or security leader should look at:
- Changing the stance on security from reactive to proactive – Create systems that can easily adapt to the fluid state of cyberattacks these days. The more rigid, focused-on-previous events the system is, the more likely breaches are.
- Redefining the operational model – Zero-trust is the model to rely on in 2023, rather than the network/group workload model.
- Implementing a strong recovery model – If the worst possible case scenario has happened, then IT leaders need to have a strong recovery model implemented.