For decades, the central philosophy behind security has been to treat the network like a castle: Build the walls higher, make the moat deeper and wider. But the onset of the primarily telework environment within the federal government has moved much of the activity outside the network perimeter, or the castle walls, so to speak. That’s caused a fundamental rethinking of the way federal agencies approach cybersecurity.
“We have so many varied security tools in play right now. We’re almost asking for more self-inflicted wounds. So our response to this is that we believe we need to take an intrinsic security approach,” said Bill Rowan, vice president of federal sales at VMware. “And the net of that being how do we build security in from the very beginning, into the infrastructure, into the virtual machines that are running so many of these workloads or the containers that are running so many of these workloads? We need to take, if you will, a different approach. And we believe that approach is really following along this concept of intrinsic security.”
Rowan describes intrinsic security as a way of leveraging infrastructure and control points across any app on any cloud and any device. It’s a move away from the typical reactive posture toward a position of greater strength. Instead of layering multiple security tools with different purviews on top of one another, security can be built directly into the hypervisor or the container around an application.
“By building it into the infrastructure from the very beginning or into the systems that are managing those applications, by building it in there we can leverage this virtual layer and use your existing infrastructure in a new way to protect those endpoints, the workloads, the networks, the workspaces and the clouds, at the same time gathering greater visibility and control over the policies that protect the business transactions, the mission transactions,” Rowan said.
The idea is to unify the security team and IT teams in identifying risk and preventing, detecting and responding to threats in real-time context. That’s something that’s not possible when multiple security tools are bolted on top of one another. Essentially, complexity is the enemy of context.
And context is important, because without it, it’s easy to wind up going down rabbit holes unnecessarily. When you understand the behaviors, the intended actions, the applications, data and user access points, you have context to provide the operators with.
“Typically security teams and IT organizations have worked in silos. That has made it hard to then put into context what’s happening. But by bringing this part of the infrastructure together with security built in, we’re going to allow people to enable the security professionals within the organization to put into context right away and understand if I can solve this particular problem, or if they see this particular threat happening, they can put in place a response and a remediation right away,” Rowan said. “And this unified approach, we believe, will give us much richer insights about the security environment. And by unifying these various pieces in teams, I think we are going to be able to allow the organizations to collaborate more effectively, and increase the ability when it does come to responding new vulnerabilities and threats.”
In addition, with this kind of unified approach, you’re not requiring your users and operators to understand several different security tools, the way they all interact, and whether they’re all up to date, because that’s a good way to create vulnerabilities. Not to mention the cost of maintaining all those tools.
“But at the end of the day, it’s about how we take those vulnerabilities that can be created through that complexity, and turn those vulnerabilities into more areas or points of control,” Rowan said. “So that’s the concept behind intrinsic security. If we build security into the infrastructure, we have the ability to turn those points of vulnerability into the actually control points. And this enables the customer to have better insight into the applications on any cloud, any device. And to simplify their security approach, those control points are critical, because those control points are going to be networks, workloads endpoints, clouds.”
And that’s important, especially in today’s environment, where the workforce is geographically dispersed. Security professionals are seeing traffic come in from multiple states, ISPs and devices, making context more important than ever before.
“This problem doesn’t get easier over time. If anything, the complexity will continue to rise as new solutions are brought to market,” Rowan said. “We have to start taking a look at a different approach here. Or our concern is this problem is going to just become completely overwhelming to try to resolve.”