There are two digital explosions simultaneously happening in enterprises across all verticals. Enterprises are moving at a breakneck speed on every aspect of their business. From managing their supply-chain, making purchasing decisions, targeted marketing campaign to users, creating apps to connect with users and making it easier for users to consume their products.
The good news is technology is keeping pace and is a step ahead in helping the business achieve their goals. These business imperatives are forcing software iterations to be faster and be more efficient. This is leading to newer innovative models around people/processes/tools that we collectively call Continuous Integration(CI)/Continuous Development (CD). Teams leading the charge on CI/CD models are working in a “DevOps” model.
The second explosion is related to the first explosion. As complex software become easy-to-use and be ubiquitous, sophisticated tools can be used to attack enterprises. Managing Security is getting harder. Last decade – there was a belief – I am not going to be attacked. Fast forward today – enterprises expect to be attacked and breached. This is not just a baseless impression. Forrester’s 2018 survey shows that 66% of survey respondents have faced a major security incident.
”It’s kind of fun to do the impossible”
– Walt Disney
VMware NSX Data Center has been built with the goal of helping enterprises achieve agility and breakneck speeds in their businesses while being secure. Micro-Segmentation and Network Virtualization were designed to build Zero Trust Networks. Building Zero Trust Networks was deemed to be impossible and we broke that barrier.
The threat landscape changes every day and responding to the threat landscape is a losing battle. Our main goal is to provide better controls for the network. IT Risk teams now attribute the biggest reason for a breach to weak network controls instead of growing threats in the environment.
We did not just provide a product for our customers to do Micro-Segmentation and Network Virtualization. We decided on making it API driven from the get-go. That means DevOps can integrate into their CI/CD pipelines as they go thru faster software iteration and deployment. We provided newer tooling like Service Composer to create security policies that are more CI/CD friendly and granular to a single application.
“To move the world, we must move ourselves”
Security Teams are the farthest away from the application. They do not understand what an application does but they are responsible for stopping attacks and preventing data breaches. The traditional way of operation would be to design a system, get it analyzed by a security team and then released for consumption to end users. However, the CI/CD model of iteration completely breaks that. Security teams are starting to break the silos with micro-segmentation. They are working with the application teams trying to understand and profile the application. Security teams work lock-step with application teams giving a new term Dev”Sec” Ops.
However, DevSecOps is easily said than done. To help security and application teams, we added Application Rule Manager and Endpoint Monitoring to profile any single application. These tools profile an application right from the binaries initiating a network connection on a VM to the application and protocols identification using deep packet inspection on the network.
The VMware NSX platform not just shows visibility into your data center but provides an information exchange highway. We provide information about the data center to other products to make them smarter. Network monitoring and flow monitoring products to next-generation firewalls and IDS/IPS products use that. For example, VMware NSX Data Center can communicate with Anti-Virus/Anti-Malware products to locate where in your datacenter malware is being detected and quarantined. This information is valuable in tightening the security and isolation of specific domains pro-actively. We have numerous stories in which customers caught serious security issues during POCs and Pilot deployments of NSX.
DevOps teams are increasingly using Cloud Compute Infrastructure or Application Container Technology in addition to Virtualization for CI/CD pipelines. Last year we released NSX for Containers and Pivotal Container Service (PKS) where we showed the true power of combining NSX that is already DevSecOps ready with technologies that were built for CI/CD pipelines. NSX was used in network policies of Kubernetes to orchestrate micro-segmentation and network virtualization to give security admins control over the security of their deployments. NSX works with PAAS frameworks like Redhat Openshift or Pivotal Application Services to achieve zero trust model.
” No sensible decision can be made any longer without taking into account not only the world as it is but the world as it will be”
Let us talk about the future about the challenges of security operations. The genie is out of the bottle. No longer is micro-segmentation an impossible dream but something demanded by risk and compliance. No longer we have fixed data centers but we now have centers of data and applications spread around. With BYOD and mobile apps, access and types of access are unprecedented. To meet this challenge, we presented the strategic vision of Virtual Cloud Networking to connect to various centers of data and access to it. Data centers are moving from application-centric to data-centric models. Security not only has to protect the applications but also the flow of data along the networks that carry them from one place to other. Please visit www.vcndemo.com to look at demos that will give you details on how our VMware NSX family of products are giving life to this dream.
What does this all mean for security operations? Security Operations Centers need a unified view of all the workloads and data running in each and every location. SecOps need a unified approach to do macro-level protection as well as be involved in DevSecOps. They need to monitor the data, the application as well as newer constructs like API gateways, service mesh. SecOps need a new model, where visibility and monitoring are the cornerstones of all pro-active security controls. It needs a better way to track and secure connections from end-user devices to applications whether on-prem or on the cloud.
The NSX family of products is well positioned to deliver on that promise and make it a reality. In the coming days and months, you will start hearing about how the future is becoming real. We will reveal products that can simultaneously control security posture of your on-premise datacenters and your datacenters in the cloud. You will hear about how Security Admins can be providers of security for hybrid environments where physical servers, virtual machines, and application containers are running securely.
We are building an enterprise – the future-ready platform to aid you in securing your enterprise data and applications and access to them where-ever they are. It’s not just about DevSecOps but the ability to manage traditional security and do both. Echoing Asimov, the security challenges are on the horizon and admins are aware of it. Solving them is not just about deploying multiple point products but to take a platform and bolt security ground up.
Stay tuned in the coming days for more announcements.