Is data an organization’s most valuable asset, or biggest liability? The ever-evolving risks presented by today’s modern threat landscape pose unprecedented challenges that most today are ill-equipped to address. With ransomware attacks becoming increasingly sophisticated and regulatory guidelines more stringent, cyber-risk management and compliance lie at the core of every strategic IT decision made by C-Suite executives and board members. 51% of leaders reported security, data protection and privacy as key priorities to enable compliant operations1. However, the path to achieve successful outcomes is beset with obstacles.
Why Organizations Struggle to Manage Cyber-Risk and Maintain Compliance
Reactive vs. Proactive Response: data is scattered across different applications in multiple geographic locations, each with its own rules and regulations. 63% of organizations report that complexity from the disaggregated nature of data as the main challenge to maintain compliance2. Policy monitoring for virtual machines (VMs), containers, infrastructure and technology stack components is siloed, which hinders early detection of drifts and leads to a reactive versus proactive response.
Manual Remediation and Recovery: policy management and recovery lack automation, which directly impacts an organization’s ability to scale operations and preserve compliance as applications are changed, moved or deleted. Intense manual intervention inevitably delays time to audit-readiness and leaves unaddressed gaps that could expose critical workloads to increased damage.
Stitching of Multiple Tools: consolidation of cyber-risk management, resilience and recovery is easier said than done. Most organizations rely on a piecemeal approach, plagued with operational complexity and inefficiencies that increase chances of human error. This makes the environment more vulnerable to security incidents, non-compliance and data loss as a result of unsuccessful recovery.
No Advanced Monitoring, Remediation and Cyber Recovery: IT teams’ ability to streamline, secure, and enable compliant, cyber-resilient operations is challenged today more than ever. 42% of organizations report lack of technology and tools as the main challenge to secure their data and remain compliant3. They are struggling to integrate security posture monitoring, implement estate-wide remediation policies, and deploy the right tools to confidently recover from cyberthreats that could severely impact their ability to operate. The devastating consequences non-compliance and cyberattacks can bring are pushing C-Suite executives, board members and IT professionals to reassess their approach as they come to realize the tools they rely on today are simply not enough.
Helping our customers solve these pressing challenges continues to influence how we design and engineer VMware Cloud Foundation (VCF). Security is an inherent property of our platform. Built-in confidentiality, integrity and availability of data are delivered out-of-the-box to enable secure, compliant and resilient operations at every layer. We are now taking it one step further.
Introducing VMware Cloud Foundation Advanced Cyber Compliance
To support customers who operate in highly-regulated environments, or who simply want more robust compliance and risk-management capabilities, we announced plans to develop VCF Advanced Cyber Compliance. This new offering for VCF enhances the strong compliance, availability and platform security already available to customers with core VCF entitlements by layering additional capabilities to enable three key outcomes:
Continuous Compliance Enforcement at Scale
A holistic estate-wide approach to compliance at every layer is essential to drive secure, resilient operations. It enables organizations to proactively rectify drifts before damage has been done. To shift away from reactive incident response, IT teams need to eliminate data silos and improve risk-management processes. VCF Advanced Cyber Compliance is built with these key objectives in mind. VMware Salt capabilities integrated into VCF Operations will enable continuous compliance with fully-automated monitoring and desired state remediation at scale across applications, operating systems, and VCF private cloud stack. As part of VMware by Broadcom’s expanded partnership with Canonical, ultra-small Ubuntu container images with enterprise support will be fully supported and available to customers. This will minimize the attack surface by allowing IT teams to only deploy the Ubuntu resources needed to support the environment’s containerized applications.
Automated Ransomware and Data Recovery
Most organizations today operate under the misconception that ransomware recovery (cyber recovery) is the same as traditional disaster recovery (DR) and rely exclusively on traditional tools such as orchestration, immutable/air-gapped backups and signature-based scanning. Today’s sophisticated cyberthreats, primarily fileless in nature, bypass these table-stakes measures and inflict consequences that make headlines.
Automating robust ransomware and data recovery processes that enable organizations to recover securely, confidently and with minimal downtime is the key to addressing this major challenge. VCF Advanced Cyber Compliance delivers end-to-end automation of cyber recovery operations to enable more resilient virtualized workloads. Guided cyber-recovery workflows integrate validation tools that identify and help clean file-based as well as fileless strains of malware from recovery points, removing the need for IT teams to manually integrate and deploy EDR sensors into each workload during the restore process. In addition, IT teams can run secure recovery operations to on-premises VCF isolated clean rooms with embedded push-button VM network isolation, which plays a key role in prevention of lateral movement and reinfection of production environments when workloads are powered on for validation. The built-in resilience and automation enables customers to consolidate their data protection operations without having to rely on piecemeal approaches that require manual integration across components that include infrastructure, replication, orchestration, validation and network isolation.
Enhanced Platform Security and Incident Response
Security is a core enabler of continuous compliance. Regulatory frameworks are key to establishing business processes that facilitate successful outcomes, but passing an audit is simply a point-in-time assessment. It provides no guarantees that the environment’s security and compliance posture have not become vulnerable or non-compliant immediately after.
VCF Advanced Cyber Compliance brings enhanced capabilities to enable bolstered defenses and proactive incident response. To support more robust security of data throughout its lifecycle, VCF Advanced Cyber Compliance is targeting to support advanced secure computing technologies such as runtime encryption and EDR. These capabilities will be enhanced with preferential access to compliance vulnerability updates every 6 weeks to enable predictable patching schedules, proactive assessment reports that give users visibility into version-based critical vulnerabilities (CVEs) with expanded incident response to surface actionable and timely insights, help address incidents faster and avoid unnecessary disruptions to normal operations.
At Broadcom, we are committed to building technology that solves our customers’ most pressing challenges, and we are delivering on that promise. With more than 1,000,000 engineering hours dedicated to delivering VMware Cloud Foundation 9.0, and the announcement of all the innovations to come at Explore 2025, we continue to push boundaries to enable our customers to deploy a secure, compliant and cyber resilient private cloud platform.
To learn more about VCF Advanced Cyber Compliance and many other exciting innovations, join us for a session at Explore Las Vegas, or reach out to your Sales Representative or Partner.
- PwC Global Compliance Survey 2025 ↩︎
- PwC Global Compliance Survey 2025 ↩︎
- PwC Global Compliance Survey 2025 ↩︎
Discover more from VMware Cloud Foundation (VCF) Blog
Subscribe to get the latest posts sent to your email.
