by: VMware Director of Security Architecture Bharath H C, VMware IT Director Sarita Kar, and VMware Director of Information Security Strategy Craig Savage
When we talk about digital transformation and moving to multi-cloud, often the one thing that holds organizations back is security. Even though most organizations across the globe are serious about securing their systems and data, a lot of them succumb to cyberattacks. Poor cyber hygiene, a reactive approach, patches rather than mitigation are some of the reasons.
One of the main reasons companies face cyberattacks is that they still have a legacy mindset when it comes to security, which means that they haven’t focused on the core pillars of cyber hygiene, and have a reactive approach to security. They are looking at what’s happened rather than what’s happening—a big difference. Cloud is about real time, and security is about what happened yesterday.
Companies want to protect their perimeters and end-point security. They aren’t looking at modern security approaches, which is holding them back. A tendency with big organizations is that they look for a patch rather than mitigating security threats immediately even before they happen.
Zero Trust: The go-to security model when moving to multi-cloud
The philosophy and concept of Zero Trust is not new, but in today’s hyper-connected world, its relevance is rising.
Zero Trust is not a single product but rather a security framework based on the principle of “never trust, always verify.” It is a conditional access control model that requires verification of trust prior to granting application access with least privilege.
The key to Zero Trust is placing security controls and policy decision points closer to the resources using five pillars:
- Device
- User
- Application
- Transport
- Data
When we build trust across these five pillars, we have better visibility and control regarding the challenges of typical cloud environment, such as:
- Each cloud service provider (CSP) comes with its own security policy management.
- There are diverse network topologies, security models, and management environment.
- The workload is distributed and moves between on-premises and intracloud infrastructure.
- Traffic visibility across on-premises and multi-cloud environments is difficult.
There are multiple considerations for implementing Zero Trust in the cloud, including:
- Micro-segmentation.
- Integrating security into the workloads by creating a layer of enforcement specifically for each workload to ensure that the policy and workloads are mobile and consistent across environments.
- Establishing and mapping the relationship between applications and the underlying systems to understand the traffic flow and access rights.
As more organizations move toward hybrid cloud environment, clarity around where the most sensitive data resides becomes vital for incorporating proper security controls. With Zero Trust architecture, enterprises have a better sense of the attack surface and can also improve identity and access management practices.
How VMware proactively monitors cloud applications
Cloud platforms normally provide many monitoring tools for cloud apps given that you need properly investigate the vendor tools.
At VMware, we use VMware Aria Automation™ for Secure Clouds (previously VMware Secure State™), which drives consistent deployment for our cloud workloads and ensures that they remain compliant and proactively monitored. For threat hunting, we also have a team of highly skilled security engineers whose goal is to find weaknesses in the system.
The topic continues to evolve, so contact your account team to schedule a briefing with a VMware IT expert to hear the latest. For more about how VMware IT addresses queries related to modern apps, check out more blogs on the topic. For other questions, contact [email protected].
We look forward to hearing from you.
VMware on VMware blogs are written by IT subject matter experts sharing stories about our digital transformation using VMware products and services in a global production environment. To learn more about how VMware IT uses VMware products and technology to solve critical challenges, visit our microsite, read our blogs and IT Performance Annual Report and follow us on SoundCloud, Twitter and YouTube. All VMware trademarks and registered marks (including logos and icons) referenced in the document remain the property of VMware.