Today, we are thrilled to announce VMware Secure App IX, a new offering designed to help cloud IT and Cloud Center of Excellence (CCoE) teams achieve borderless governance and compliance by securely connecting applications in multi-cloud environments and application teams and lines of business (LOB) by accelerating their digital transformation initiatives.

Enterprises are increasingly running applications in the cloud to drive innovation, agility, and growth. As organizations adopt multi-cloud strategies to leverage the strengths of different cloud providers, they face new challenges with ensuring secure and compliant application connectivity across clouds and platforms.

In their drive to innovate and compete, enterprises have embraced multiple cloud environments. Multi-cloud adoption has increased the need for seamless and secure application connectivity across disparate clouds, app workloads, data services, and application architectures.

Needs of Cloud IT & CCoE Teams

Cloud IT and Cloud Center of Excellence (CCoE) teams must address many complex requirements when providing secure connectivity for applications running in the cloud. Let’s look at some of these requirements in more detail.

Any-to-Any Secure Connectivity

Enterprise application modernization is an ongoing process rather than a one-time event. As new technologies emerge and business needs evolve, enterprises must continually update and modernize their infrastructure and applications to stay competitive. The rate of digitalization and innovation is only accelerating.

As a part of their multi-cloud modernization initiatives, cloud IT and CCoEs need secure connectivity across clouds, infrastructure layers, and applications. These teams require a platform that securely connects any user to any app, any app to any app, and any API to any API – on any cloud – across traditional and modern technologies and architectures.

Governance and Standardization

Each cloud provider has different data models, constructs, policies, and operations tools – which adds complexity and increases cost. As a result, enterprises struggle to address critical governance and compliance requirements for data protection and privacy when running applications within and across cloud silos.

Cloud IT and CCoEs want templated patterns and workflow automation that allow them to rapidly stamp out and provision standardized environments on any cloud. While DevOps teams want to deploy their apps into landing zones where secure connectivity is automatically plumbed and policies enforced.

Deep Visibility and Policy Control

Cloud IT and CCoEs must have control and deep visibility of multi-cloud application traffic for compliance and monitoring. They require secure connectivity capabilities such as end-to-end encryption, API security, data security and DLP, access control policies, continuous risk assessment, and more. And they need deep visibility within each session, down to the transaction level, to continuously assess and score risk, dynamically enforce policies to protect sensitive data on the wire, and efficiently investigate and diagnose issues.

Shift Left Security with GitOps Automation

Cloud IT and CCoEs must apply consistent secure connectivity policies across their fleet of apps/APIs running in multiple cloud environments. Many organizations still have org structures, tools, and processes designed for walled monolithic applications running on traditional IaaS. Siloed teams, siloed clouds/platforms, and manual ticket-based workflows impact time to production and create governance gaps, increasing the risk of security breaches and compliance failures.

Implementing secure connectivity for distributed production-grade applications involves collaboration and alignment across many functional roles, including platform engineers, SREs, cloud IT, and NetSecOps. Cloud IT and CCoEs should be able to provide a framework for defining standard manifest templates that apply secure connectivity policies to applications as they are running in development and testing environments, long before the apps/APIs land in production. Shifting security left helps prevent security issues from being introduced into the production environment.

How do cloud IT and CCoE teams address each of these requirements?

Enter VMware Secure App IX

Let’s first look at some of the use cases possible with VMware Secure App IX.

Simplified Multi-Cloud Operations

VMware Secure App IX enables Cloud IT and CCoE teams to standardize and enforce secure application connectivity policies, with real-time visibility and insights, to achieve governance and compliance in single- and multi-cloud environments. These capabilities help teams maximize operational agility and leverage the unique advantages of different cloud providers. Teams can choose the best place to run their application workloads and data services while optimizing for cost, performance, and compliance.

Continuous​ Connection Security​

VMware Secure App IX helps to protect application end users, apps/APIs, and sensitive data in transit against ever-changing security threats and vulnerabilities. With global namespaces, teams can quickly implement consistent and secure application connectivity policies across multiple cloud environments and workload types, including connecting microservices to VMs.

Timeline Description automatically generated

GitOps Automation and Workflows for DevSecOps

VMware Secure App IX streamlines and speeds up the process of applying secure connectivity capabilities and policies. Declarative configuration and compatibility with GitOps automation frameworks help DevSecOps shift security left, automating security and compliance policies across dev, test, stage, and prod environments.

DevSecOps can collaborate on secure connectivity policies by placing generated manifests in a Git repo and running governance in Git, giving enterprises greater traceability and accountability. Cloud security, compliance, and SRE teams can then review and approve the policies before Secure App IX applies them to applications.

App IX offloads the implementation of all secure connectivity concerns from developers. App teams deploy their workloads into target landing zones pre-configured with the correct secure connectivity capabilities and policies. Offloading these concerns from app teams significantly improves their productivity, enabling them to focus on delivering new app features to users.

VMware Secure App IX Architecture

VMware Secure App IX consists of two data planes that provide end-to-end secure connectivity for applications running within and across cloud environments. The cloud and application data planes are based on L7 Session Gateways (LSGs) that provide deep traffic inspection, policy enforcement, and visibility.

The cloud data plane consists of Cloud Edges, which connect to transit gateways and enforce secure application connectivity between cloud networks (e.g., VPCs) and providers. The application data plane is comprised of the Application Edge and distributed Sidecar Proxies, which provide secure app/API communications.

Requests and data flow into and out of the application through the Application Edge. Once the traffic passes through the Application Edge and into the application, Sidecar Proxies enforce routing and secure connectivity for the east-west traffic between workloads.

The Multi-Cloud Global Controller sits above the cloud and application data planes, providing global inventory, policies, visibility, and insights.

VMware Secure App IX Operational Workflow

DevSecOps deploys the app/APIs via CI/CD pipelines to a target landing zone configured with capabilities and policies needed for secure connectivity.

VMware Secure App IX automatically plumbs the application with secure connectivity and enforces the required policies.

VMware Secure App IX continuously monitors application connectivity and provides NetSecOps with visibility, insights, and alerts about the security posture.

VMware Secure App IX enables teams to diagnose and respond to incidents and refine policies based on learnings.

Is VMware Secure App IX for you?

Suppose you are on a cloud IT or Cloud Center of Excellence (CCoE) team and responsible for cloud strategy, adoption, governance, operations, automation, or security. In that case, you may be asking yourself some of the following questions. If so, it will be well worth your time to learn more about VMware Secure App IX:

Cloud operations teams

  • How can I help my organization maximize the business value of our cloud adoption program and investments?
  • How can I help app/LOB teams minimize business interruptions within my operations budget?
  • How do I strategically evolve the platform to support cloud adoption and migration efforts?
  • How can I help my organization consistently run and manage secure connectivity across AWS, Azure, and Google Cloud for traditional and modern apps?
  • How can I achieve consistent App/API connection visibility, observability, and troubleshooting​?

Cloud security teams

  • How do I ensure that risks and risk tolerance are appropriately identified, evaluated, and managed? How do I convert these risks into governing policies?
  • How do I detect and protect sensitive data in transit regardless of the workload type, data service type, and cloud provider?
  • How do I audit, report, and optimize the security posture for a large fleet of applications across multiple cloud environments and teams?
  • How do I protect against threats and provide context and actionable insights on active attacks and potential threats to enable optimal decision-making?
  • How can I help NetSecOps proactively detect, respond to, and recover from active attacks on application and data assets?
  • How do I implement standardized policies and change control using declarative configuration management frameworks like GitOps?
  • How do I ensure that my organization complies with regulatory requirements and internal policies and efficiently tracks and reports status?

Cloud automation teams

  • How do I unlock the potential of DevSecOps and cloud-native patterns to accelerate cloud adoption and innovation among app and LOB teams?
  • How do I deliver prebuilt solutions and templates that work across any cloud provider?
  • How do I integrate security assurances into application development processes and custom LOB applications?
  • How do I automate application landing zone creation, lifecycle management, and operations?
  • How do I deploy application infrastructure, capabilities, configurations, and policies through GitOps to eliminate toil for developers and app teams?

Ready to take the next step?

If these considerations sound familiar, please contact your VMware account manager to request a briefing and demo. Learn more about how VMware Secure App IX can help you achieve borderless governance and compliance for applications running in your multi-cloud environments.