Blogs IT Best Practices vSAN Workspace ONE

Intrinsic Security. How VMware IT (Cost Effectively) Reimagined What It Means to Be Safe—And Is Making Everything Even More Secure

Two employees looking at servers

 

By Craig Savage, Security Solutions Strategist—VMware Security & Resiliency

 

Software-as-a-Service (SaaS), remote workers, endless devices and a number of other variables have made enterprise security an incredibly complex, if not expensive, undertaking.

 

Rather than simply upgrade to the latest technology as in the past, we decided to take a different approach that put every aspect of our operations—technology, people, culture—under the microscope with a specific focus on reducing unnecessary costs and streamlining operations.

 

The solution was to approach the process holistically, looking at our team’s skillsets and capabilities, what we wanted in new recruits, what existing process models were working/not working (including the five pillars of cyber hygiene) and a realistic look at what we needed versus what we would love to do.

 

How to build a solid intrinsic security foundation infographic

How to build a solid intrinsic security foundation

 

Having a secure mindset

With so many moving parts in the enterprise, security must go beyond protocols and technology. It needs to be integral to the mindset of our colleagues, contractors and partners. That means employing the right talent for the job, including recruiting people who are actively engaged in solving complex problems and who are pragmatically proactive versus just going through the motions on a day-to-day basis.

 

We must eliminate silos that isolate people and create “information vacuums” that open up potential vulnerabilities. We must communicate often and effectively so that everyone understands the bigger picture. Lastly, we must ensure that all stakeholders enjoy their work! After all, people who enjoy their jobs will make security a top priority.

 

This shouldn’t be that complicated (yet it often really is)

Try as we might to keep things simple, complexity often raises its head.

 

It’s very easy for different business units and remote offices to establish their own protocols/processes regarding their work product. Initiatives like Zero Trust can be complicated in a well-established environment, and while moving users to managed endpoints has significant benefits, it also involves significant effort to achieve as it requires people to adopt the change.

 

Such uniqueness can compromise security and often adds unnecessary costs. This is why we developed a core security business model that is both simple to implement and easy for stakeholders to adhere to (thanks to behind-the-scenes, non-intrusive measures).  VMware can now function as a unified ecosystem regardless of geo. This simplification initiative meant revisiting existing processes—internal and external—to understand their complexity and/or eliminate them altogether. Of course, we automate as much as possible in order to both remove mundane tasks from stakeholders and reduce the chance of human error turning into a security breach.

 

Technology . . . with a twist

Another aspect of simplifying security is how we approach technology, specifically vendor products versus our homegrown solutions. Our teams worked through our portfolio with a specific focus on simplifying the estate and ease of integration/automation to enable us to detect faster and respond more effectively.

 

As a result, we reduced our security tools portfolio by 70 percent, and realized some direct savings on software licenses, plus indirect savings in terms of people’s time, training required, the actual effectiveness of the product and other “soft” factors.

 

Defense in trust infographic

How VMware approaches defense, in trust

 

VMware on VMware blogs are written by IT subject matter experts sharing stories about IT’s transformation journey using VMware products and services in a global production environment. Visit our portal to learn more.

 

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *