DISCLAIMER: this article is older than one year and may not be up to date with recent events or newly available information.
For a long time, businesses were content at securing their IT infrastructure from the outside. The thought process was logical; much like a physical building, if you secure the perimeter, no one can get in.
But security in physical buildings has since been ramped up; staff are often required to have a pass to get into any particular floor, with different access levels for board rooms and other secure areas. Meanwhile, CCTV is deployed to catch those who do manage to get through the first barrier of security, so any crimes that take place or any security hazards that are found can be mitigated swiftly.
Similarly, IT infrastructure has also gone through a transition, becoming more sophisticated. Old, perimeter-based security techniques, which protect at the network layer, are actually seen as a vulnerability. If this type of technique was used as a standalone security measure, criminals could launch multiple attacks simultaneously in an attempt to enter the IT infrastructure – and it would not take a great deal of sophistication to break through a firewall today.
Rampant digitisation and mobilisation mean criminals have an increasing number of touch points to target – with data being stored in numerous systems, applications and data centers, and with various ways to overload systems and shut them down.
No longer is it acceptable to secure an on-site data center at the perimeter and expect to be safe from a cyber-attack – there are cloud services that need to be secured and there is data flowing between departments, partners and the supply chain.
Businesses need to take action and build upon their existing security solutions. After all, the alternative is to suffer the consequences of being hit by destructive cyber-attacks such as WannaCry and Petya, which have inflicted long-lasting reputational and financial damage to businesses across the world.
Organisations are now looking at becoming more granular with security, protecting against a hack by securing individual components including individual applications.
We’ve already seen a couple of organisations benefit significantly from doing just that.
Take Saint Petersburg-based Territorial Generating Company No.1 (TGC-1), the leading manufacturer of electrical and thermal energy in the North-West of Russia. The company had opted for virtualization to increase its flexibility and adaptability of its hardware, software and networks. From a security perspective, its data centres – which were built on a VMware virtualization platform – had application groups which needed to be isolated from each other and assigned different access levels.
Different user groups needed to be segmented in the network – a task its hardware firewalls could not cope with.
“We chose NSX in the end because it works at the hypervisor level.” said Alexey Malafeev, TGC-1’s Director for Control and Technological Management and IT.
“Network virtualization allowed us to simplify and standardise our hardware network equipment to reduce maintenance and administration costs, and improve security in the data center. As a result, our company is now able to segment the network rapidly and move the hosting of the IT resources of the group’s other companies into our data centers,” he explained.
VMware NSX has also meant that the company’s data centers don’t require constant intervention from network administrators, who sometimes had to redirect traffic manually. Now, only the minimum number of experts are required for infrastructure management.
Meanwhile, in Spain, the Catalan Tax Agency has also become more secure after transforming its approach to security. The agency implemented VMware NSX in alignment with a move to new office headquarters. It had technologies that were, in general, obsolete and complex, making it difficult for it to carry out its usual work. So, it decided to go entirely software-defined with its IT estate in the new offices.
Due to the sensitive nature of the data being handled by the agency on a daily basis, a very important consideration for this overhaul was not only maintaining, but increasing, the levels of security during the office move. It was also imperative that the general public and staff could continue to access all services and applications during the migration. “Micro-segmentation and integration with third-party security components have allowed us to raise our security levels very quickly,” said Francisco Javier Fernandez de la Fuente, Head of ICT Services, The Catalan Tax Agency. “Having reliable access was one of the aspects we wanted to ensure, and we have achieved this with the implementation of new technologies.”
With VMware NSX, the agency has reinforced its security levels through micro-segmentation, keeping different data sets only accessible to those who should have access to them. Protecting at this level means, in the event of a hack, the attacker is just entering at the perimeter, without having access to different applications individually.
This is the approach that many businesses are shifting towards. Security should not merely be thought of as a standalone solution that can protect the entire business, it should be thought of as a strategic necessity to secure each and every part of the IT infrastructure.
Transform security with a more granular approach – and keep your data – and reputation – protected.
To learn more about how transforming security download our free guides, Network Virtualisation for Dummies and Micro-Segmentation for Dummies.