We Need to Change the Structure of Security to Transform Security

Tom Corn, Senior Vice President of Security Products at VMware, was recently recorded giving his overview of the fundamental problem companies have with security today. His answer — we’ve got too much happening in silos and too much of our technology is bolted-on. His solution — we need to change the structure of how we approach security.

Different Silos, Different Security Objectives

You may think you’ve broken down the silos of security, but different teams inherently have different security objectives. Handling different aspects of security on the same applications, workloads and endpoints should be fine if the teams are all using the same data and tools. But, oftentimes they have different sources of truth and different security solutions.

Here’s a look at what the various teams are doing independently to secure your company:

The Infosec team is looking at how they can harden the endpoints and workloads, how they can prevent malware and attacks from infecting the endpoints, and how they can detect and respond to attacks that circumvent the preventive measures in place.
Desktop Services teams are working on managing the posture of user devices, managing access of the users and the device to these applications based on trusting the device and trusting the user is who they say they are.
Network teams are figuring out how to compartmentalize these environments so that from a network perspective the blast radius is small and infection doesn’t spread throughout the whole environment.
Cloud teams are configuring the public cloud elements that are supporting these applications.

Security Silos Cause Significant Problems

Siloed security results in multiple security tools that don’t connect well together. This causes teams to stand-by their own data and results in difficulty working together to solve security issues.

Another problem that stems from the way security is structured today is that it is very threat-centric. Each of these siloed elements doesn’t contain much context about the applications and infrastructure. This makes it very difficult to secure.

Lastly, as companies have slowly added security solutions over time, their security structure is very “bolted-on”. Infrastructure was built without knowing what applications would be run in the future. Then in that future state, the security team is told to go secure that new application. This results in bolted-on agents and tools. And more often than not, this results in misconfiguration and a lack of alignment of these controls.

With over 90% of breaches leveraging misconfiguration or misalignment, this is a big part of the security problem. We need to change the structure of security to really transform security.

A Unified, Context-Centric Security Structure is Needed

At the heart of fixing this security problem is truly understanding each application that you are trying to protect. Security teams need the context of:

What workloads compose this application?
How do they communicate?
What network services do they consume?
What users are connecting to those applications?
What devices are they using?
What is the posture of the devices?

In order to get this information, a holistic approach is needed for security solutions. Solutions that are connected and share a single source of truth. At VMware, we’ve been working to create that holistic approach to security.

With Carbon Black, Infosec teams can harden endpoints, as well as prevent, detect, and respond to threats. More importantly, it takes what was once many different tools that were isolated and unifies them into a platform that connects the dots between those security solutions.
With Vsphere, Infosec can also harden and control the workloads.
With Workspace One, Desktop Services teams can manage devices, the posture of the devices, and manage access on those devices all in a unified manner.
With Pivotal, companies get the modern application framework of choice to build, deploy, and run applications.
With NSX, Network teams can unify the various pieces for compartmentalizing and addressing malicious traffic inside the network switch.
With Secure State, Cloud teams get the tools to manage the configuration of these public cloud elements.

Having this unified set of solutions that gets rid of agents and appliances, it allows companies to move from a model that is very threat-centric to more broadly context rich. Context not just about threat, but about the applications and the infrastructure that makes up that application so that companies can really understand what it is that they are protecting.

This shift from siloed to unified, from threat-centric to context-centric, from bolted-on to built-in, is what will allow companies to fundamentally transform security.