by: VMware Head of Architecture Engineering and Architecture Brad Doctor and VMware Senior Security Strategist Craig Savage
Cloud-based products and services—combined with the rise of sophisticated cyber attackers—have forced enterprises to rethink their security ecosystems. After all, we can no longer afford for a threat actor to breach just one security point and gain access to everything inside. This is why VMware IT reimagined global corporate security, and instituted a unified and built-in defense approach based on the Zero Trust model. (Check out a more detailed explanation of Zero Trust in this blog.)
Overview of the Zero Trust approach to security.
Redefining what cybersecurity can be
Security is often viewed as a necessary evil, the cost of doing business, when considering corporate budgets, and that can be detrimental to the enterprise as a whole. Many companies even inadvertently overspend on security, taking away funding from areas like R&D.
The interesting aspect of Zero Trust—unlike the traditional ‘castle-and-moat’ security approaches it supplants—is that it actually adds business value and, dare I say, can even act as a business enabler depending on application. This is a true game changer.
It starts with cyber insurance. We’ve all seem our insurance rates rising, and being able to clearly define your security posture in the language of a defined framework helps your insurers more accurately calculate your risk—and ultimately a more accurate (and in our experience, lower) premium. A Zero Trust architecture provides a simple and cost-effective way to assess critical control factors and risk such as identity access and management (IAM), data integrity, endpoint management, and similar.
That means incorporating standard authentication flows to create easily managed and secured routes into your applications and data. Combined with defining how all endpoints are managed, as well as the current real-time posture of an endpoint fleet and the patch status of critical infrastructure in real time, you gain control over how your applications and data are accessed and consumed.
Take credential-based attacks involving username/password breaches. The Zero Trust focus is on replacing password use, and that in turn results in a more delightful user experience, as well as a more secure and easier-to-manage defense ecosystem. Similarly, deploying an endpoint security stack—where every application is accessed through a secure, encrypted, authenticated API—creates substantial additional barriers that thwart threat actors on a more consistent basis. Even Office 365 leverages an API for everything.
These all represent immediate savings that are inherent with your security ecosystem—like having a high-performance sports car that also gets 50 mpg!
Tipping the scales in your favor
In the early days of the automobile Cadillac was known as the standard of the world, something that was not just marketing hype. Cadillac was the first car brand to standardize (and simplify) components—all vehicles prior to this were literally custom built regardless of volume. The result was unprecedented reliability and predictability, and ultimately dramatic cost savings. In fact, had this approach not been adopted by major manufacturers (Ford being the best example), cars would have remained a plaything for the elite—and auto manufacturing a cottage industry.
Zero Trust brings this same revolution to enterprise security. The standardized architecture is easier to understand, easier to maintain, less expensive, and extremely effective in the long term regardless of future threats. (The technology may change, but the foundational architecture remains solid.) Such standardization also translates to simplification—complexity has always been the enemy of any security ecosystem—and that generates even more cost savings on a variety of fronts (upgrades, labor, etc.)
Companies can now focus on mission-critical measures instead of teams being distracted (financially as well as literally) with endless customization and integration, especially with legacy systems.
Finally, this isn’t just a hypothesis. In 2020, like many companies, VMware had to go remote in record time due to the pandemic. You would think this would severely disrupt operations and comprise our security ecosystem. Instead, 30,000+ colleagues (employees) were migrated in a single weekend. And we realized some of the highest software delivery quarters ever, including the quarter we went remote.
All of which means it is possible for InfoSec teams to deliver all-new levels of business value, including surprisingly large contributions to the bottom line. Who would have guessed? 🙂
Find out more by watching Brad Doctor’s keynote presentation from a recent security conference:
VMware on VMware blogs are written by IT subject matter experts sharing stories about our digital transformation using VMware products and services in a global production environment. Contact your sales rep or [email protected] to schedule a briefing on this topic. Visit the VMware on VMware microsite and follow us on Twitter.