One of the main reasons I joined VMware is because it gives me an opportunity to put a strategy into motion that I have been thinking about for many years: focusing on simplification and virtualization. By simplifying the security portfolio and harnessing the power of virtualization to ultimately create full-stack visibility and automation, one would become much more secure, while enabling rapid business change and growth compared to historical approaches.
As a practitioner, it’s clear to me (and anyone reading this I hope), the threat landscape is changing, with cyber-threats becoming more pervasive, and evolving faster. I think many of us now also recognize common and numerous point solution approaches to security aren’t working well. Our strategy here at VMware resets our foundation and shifts the model from managing an overly complex portfolio of disparate tools to embedding a scalable, orchestrated set of intrinsic security capabilities based largely on virtualized infrastructure.
Today’s reality is that attack surfaces are vastly larger and more complex. Our users, applications, and data are all over the map—literally. Attackers have a wide range of opportunities to infiltrate and, according to a recent report from Forrester Consulting, 40 percent of companies reported incidents that originated from inside their organizations, with threat actors operating from within the traditional perimeter firewall boundaries. At the same time, in multi-cloud environments, the historical definitions of network perimeters no longer apply, and traditional approaches to security aren’t working.
Our network perimeter model is one key area of change, where software-defined network boundaries work in concert with the full security stack of application and user-endpoint controls. Under this approach commonly known as Zero Trust, all public network edges are considered untrusted, as are many internal edges, based on asset/data-risk. Network virtualization is a key first step toward implementing a Zero Trust model. It lets us deploy application-focused micro-segmented networks, where all configuration and orchestration is managed by the hypervisor, in the case of NSX, VMware’s SDN solution.
Insight into apps
Virtualization also helps provide greater application visibility, so our security teams can spend less time worrying about application security review cycles, and focus more on delivering innovative solutions for business partners and colleagues. Deep visibility into application composition – from network traffic to process-level behavior on workloads – helps automate the creation of network security policies needed to effectively manage risk in these fast-evolving environments.
Consistent security enforcement: Virtualization provides an opportunity to move beyond managing separate policies for different parts of application environments. Instead, we can enforce network security policies that span multiple data centers and hybrid clouds, making it simpler to secure traffic between VMs, containers, and bare metal servers.
Adapt to change fast: When it comes to app development, a virtualized approach lets us shift security from a reactive process to a proactive one. For example, we can automatically provision security policies for each workload, even as the application changes over time. When workloads are deprecated, so are their security policies, to help reduce policy bloat over time and further simplify management.
For us, this strategy of simplification and Zero Trust is producing a much more manageable and effective set of key security capabilities. Of course, none of us are immune to the risks of being a technology-based business, but we can take positive steps like these to improve our security posture.
Visit security.vmware.com and learn how VMware delivers security in our products, solutions, cloud services, and across industries.
Follow us on Twitter at @VMwareSecurity
Alex Tosheff – Chief Security Officer
Security & Resiliency