By Craig Savage, Industry Security Architect—Information Security, VMware
Like every multinational enterprise, VMware is subject to thousands of attempted cyberattacks every day. Keeping ahead of the game—and protecting our people—requires innovative thinking, an especially vital approach in the cloud era.
We’re only human
Despite all the technological advances in the field, the human factor is still the number one security threat in any organization. To that end, VMware IT has established five core pillars of cyber hygiene in order to mitigate (or eliminate where possible) the human factor in our multi-cloud world.
Patching, as the first step toward real stewardship, involves ensuring that critical patches are deployed within 24 hours, all cloud services are running on the latest releases, and that all continuous integration/continuous delivery (CI/CD) tools and containers are on the current version.
Managed identity focuses on ensuring a consistent identity across platforms and controlling privileged access regardless of environment in question. This is especially crucial when colleagues (end users) access multiple clouds for a given task.
Micro-segmenting allows for simpler control, increased automation, and more meaningful alerting. This reduces the need for third-party tools and overly complex management solutions that can potentially compromise security.
Encryption encompasses all storage, devices and data traffic. In this way, risk of data disclosure is drastically reduced.
Next-gen authentication is devoted to eliminating one of the greatest call center and security issues—passwords. All access is subject to using a variety of methods to achieve multi-factor authentication via VMware Workspace ONE® Access control and scrutiny.
The best security involves teamwork (and the right tools)
Our security teams—such as the Security Operations Center (SOC), Vulnerability Management team and Red Team —are empowered thanks to a simple, consolidated and highly effective toolset specifically designed to monitor and respond within each of the company’s ecosystems. Teams can then, in turn, make the tools more effective and efficient through continual review, improvement, and iteration on real use cases. This enables faster and easier detection of misconfigurations, vulnerabilities, threats, and anomalies.
Secure State—One of the sharpest tools in the toolbox
One major tool we employ is VMware Secure State™. This cloud-native security tool analyzes relationships between resources such as roles, subnets, instances, key pairs, and similar. In this way, the tool consistently ‘connects the dots’ to detect any anomalies that may be potential attacks. It employs advanced automation that also recognizes and/or make recommendations regarding any given incident, mainly by mapping associated violations, metadata, and changes to objects. This key first step towards automated governance and remediation is based on information from our Interconnected Cloud Security Model (ICSM). It can trigger alerts that cause the system to self-heal, or escalate the issue for human involvement.
Through Secure State, the SOC team can quickly review and pivot on findings in order to understand the impact potential—in addition to quickly determining what the root cause might be. The Vulnerability Management team is able to use the metrics generated from Secure State to further refine their models and to build new alerting structures to detect new or emerging vulnerabilities. Put simply, it’s high-performance cloud compliance delivered.
Also using Secure State, we have enabled our developers to assess deployments while still in the pipeline. This ensures any pipeline using the integration with Secure State can detect, alert, and in some cases trigger remediation for common cloud vulnerabilities such as elevated permissions, public facing ports or API secrets incorrectly embedded in code—all before the workload goes into the production environment.
Getting a reality check
Security in the cloud era is ever-changing—there won’t be any quick fixes, and the path to Security as Code is tough right now. In our view, the key is having the right people, actively engaged in the care of their company, with adaptive ways of working employing the tools for the ecosystem in question. It’s vital people simply pay attention—to each other, to their environment and, where appropriate, to the tools they are responsible for using.
VMware on VMware blogs are written by IT subject matter experts sharing stories about IT’s transformation journey using VMware products and services in a global production environment. Visit our portal to learn more.