By Craig Savage, Industry Security Architect, VMware
Delivering enterprise security in the cloud era is a daunting undertaking given the proliferation of remote colleagues (users), multiple devices, an endless number of apps, and other challenges. That’s why VMware IT implemented a five-pillar approach to security, in addition to other initiatives, to ensure security is never an impediment to the agile and flexible enterprise yet is always present for every activity conducted by human or machine.
Security really is in our DNA at VMware. We’ve leveraged this core understanding to ensure we have—and encourage—our culture of security focus. This means we go to great lengths to ensure our colleagues understand how intrinsically important it is to both behave securely and to actively call out things that don’t look right. This is the foundation we built the five pillars upon.
Pillar one: Micro-segmentation
This offers superior control of the flow of data. Abstract security and networking come from the underlying infrastructure. All new environments (including physical ones) are always micro-segmented. And the core network zones are radically simplified to include a Zero-Trust architecture approach.
Pillar two: Stewardship
The integrity of the data processing/host systems is always controlled, both by humans and machines. The process and delivery of mandatory updates are automated, with low impact on colleagues. This ensures all environments are on the latest releases and scanned regularly. In addition, patching metrics are consistently C-level appropriate and acted upon as needed (architecting for Known Good).
Pillar three: Encryption
All colleague devices are encrypted, as are all new data locations (including cloud hosted) and network traffic. Fault tolerance is built-in as all encryption mechanisms have a recovery option.
Pillar four: Next-gen authentication
Employing new multi-factor authentication (MFA) tools, our team is able to prevent access to corporate data—either by human or machine—without MFA confirmation. This involves pushing certificates using VMware tools (simplifying access for colleagues/APIs) as well as location-based awareness (through VMware Identity Manager™) that enables tailored authentication.
Pillar five: Managed identity
Shared passwords are eliminated, and tight controls are placed on privileged access. All such access (on-premise, hybrid cloud/private cloud) is consolidated and acted upon based on log-in information. These same access precautions are also in place for systems such as firewalls, APIs, and continuous integration/continuous delivery (CI/CD) pipelines. And all identity management is accomplished with automation unless an issue is escalated and requires human intervention.
But we don’t stop there
Augmenting the five pillars are three security core activities: scanning, hygiene, and monitoring. The entire VMware ecosystem actively scans for new threats and vulnerabilities. Colleagues from every business unit undergo continuous training on the ‘philosophy’ of information security, as the weakest link in any organization is typically the human factor—intentional or not. This is known as practicing proper hygiene. In return, IT delivers colleagues seamless and nonintrusive security that enables higher productivity, reduced call support requests, and anywhere/anytime access. Our Known Good approach ensures both team members and automated systems understand what to monitor and when.
And as we all know, six plus three does not equal 10. The final element is education, something that is often forgotten yet is crucial to effective security, and without which effective security hygiene would be impossible. Scanning, hygiene, monitoring, and of course education—combined with the five pillars on that solid foundation—add up to a perfect 10. One which continues to deliver a significant return on investment.
VMware on VMware blogs are written by IT subject matter experts sharing stories about IT’s transformation journey using VMware products and services in a global production environment. Visit our portal to learn more.