Cyber compliance is no longer a once-a-year exercise driven by audits and spreadsheets. For many organizations, it has become a daily operational requirement tied directly to business survival.
In the latest episode of Virtually Speaking, Pete Flecha and John Nicholson continue our series on Advanced Services for VMware Cloud Foundation with a deep dive into VMware Advanced Cyber Compliance —a service designed to help VMware Cloud Foundation customers automate compliance, reduce cyber risk, and prove recovery readiness at scale.
Joining the conversation are Belu De Arbelaiz and Adam Hawley from Broadcom’s VMware Cloud Foundation Division, who help unpack why Advanced Cyber Compliance exists, what problems it solves, and how it fundamentally changes how organizations approach compliance and resilience.
Why compliance has become mission-critical
Regulatory pressure is increasing across every industry. Financial services organizations in the EU are now navigating DORA. Healthcare providers must meet HIPAA requirements. Nearly every global organization is affected by GDPR, PCI DSS, or regional equivalents.
The challenge isn’t just the number of regulations—it’s the rate of change.
Compliance requirements evolve constantly, often varying by geography, industry, and even workload type. Many organizations still rely on manual processes, disconnected tools, and point-in-time checks that quickly become outdated. As Belu explains in the episode, this approach no longer works in a world where threats and regulations change daily.
Compliance must be continuously enforced, not periodically assessed.
What Advanced Cyber Compliance delivers
Advanced Cyber Compliance, which became generally available in November, was built specifically for VMware Cloud Foundation customers who need more than basic security controls. Advanced Cyber Compliance focuses on three core outcomes:
- Continuous compliance and risk visibility
- Automated detection and remediation of configuration drift
- Proven cyber and disaster recovery for on-premises environments
Rather than stitching together multiple tools, Advanced Cyber Compliance delivers these capabilities as a VCF-integrated service, reducing complexity while increasing operational confidence.
Desired state configuration at scale
At the heart of Advanced Cyber Compliance is desired state configuration management, powered by VMware Salt technology.
Adam explains that compliance, at its core, means ensuring systems are configured the way they’re supposed to be—whether that’s driven by a regulatory framework or an internal risk profile. Advanced Cyber Compliance allows teams to define templates or policies that describe the desired state for ESX hosts and other VCF components.
From there, the platform continuously monitors the environment, detects drift, and takes action:
- Automatically remediating changes that don’t require disruption
- Flagging issues that require maintenance mode or restarts
- Providing clear visibility into compliance status across the environment
The scale is significant. A single Salt master can monitor tens of thousands of endpoints, helping customers reduce manual effort dramatically—often to a fraction of what was previously required.
Compliance and cyber recovery go hand in hand
One of the key differentiators of ACC is that it doesn’t stop at configuration and audit readiness.
Modern regulations increasingly require organizations to prove recovery capability, not just document it. That means demonstrating how data is protected, how quickly systems can be restored, and how recovery processes are tested and validated.
ACC includes cyber and disaster recovery capabilities for on-premises VCF environments, helping organizations meet recovery time and recovery point requirements without relying on manual, high-risk failover testing.
As Pete points out in the discussion, regulators—particularly in Europe—are moving away from theoretical recovery plans and toward demonstrable operational resilience.
Alignment with real-world security frameworks
ACC aligns closely with the NIST Cybersecurity Framework, supporting all five phases: identify, protect, detect, respond, and recover.
Desired state enforcement and drift detection address protection and detection. Automated remediation supports response. Integrated recovery capabilities enable rapid restoration after an incident.
This end-to-end approach becomes especially important as attack methods evolve. As Adam notes, a significant percentage of ransomware attacks now involve valid credentials, obtained through phishing or social engineering. In these cases, the challenge isn’t just blocking access—it’s detecting abnormal behavior, limiting blast radius, and recovering quickly.
Breaking down organizational silos
A recurring theme throughout the episode is collaboration.
Historically, infrastructure, security, and compliance teams have operated in silos, often using different tools and speaking different languages. ACC was designed to bring these teams together around a shared platform, shared visibility, and shared outcomes.
By integrating compliance, security, and recovery directly into VMware Cloud Foundation, organizations can move away from fragmented point products and toward a more cohesive operational model.
Who Advanced Cyber Compliance is for
ACC is available exclusively to VMware Cloud Foundation customers and is particularly valuable for organizations that:
- Operate in regulated industries
- Manage complex, multi-region environments
- Need to prove cyber recovery and resilience
- Want to reduce manual compliance overhead
As part of the broader Advanced Services portfolio, ACC allows customers to extend the core platform to meet their most demanding security and compliance requirements.
Watch The Full Episode
What’s next in the series
This episode is part of an ongoing Virtually Speaking series focused on VCF Advanced Services. Upcoming episodes will dive deeper into individual services, with subject matter experts sharing how these capabilities are used in real-world environments.
If cyber compliance, operational resilience, or regulatory readiness are on your roadmap, this episode provides a practical look at how Advanced Cyber Compliance can help turn those challenges into manageable, automated outcomes.
You can watch the full episode now and follow the series on the VMware Cloud Foundation YouTube channel.
Links Mentioned
- Virtually Speaking Series Overview
- VMware Cloud Foundation & Advanced Services Info
- VMware Advanced Cyber Compliance (ACC)
- VMware vDefend (Advanced Security)
- VMware Avi Load Balancer
- VMware Tanzu Data Intelligence
- VMware Data Services Manager (DSM)
- Network Observability for VCF
- ValueOps by Broadcom
- Identity Security for VCF
- VMware Cloud Foundation YouTube Channel
The Virtually Speaking Podcast
The Virtually Speaking Podcast is a technical podcast dedicated to discussing VMware topics related to private and hybrid cloud. Each week Pete Flecha and John Nicholson bring in various subject matter experts from VMware and from within the industry to discuss their respective areas of expertise. If you’re new to the Virtually Speaking Podcast check out all episodes on vspeakingpodcast.com and follow on Twitter\X @VirtSpeaking
Discover more from VMware Cloud Foundation (VCF) Blog
Subscribe to get the latest posts sent to your email.
