Security Innovation: Highlights from the VMware IT Performance Annual Report 2022, Part Four

by: VMware on VMware staff

In Part Four of our six-part series, we look at our enterprise security innovation.

Safe, sustainable and seamless

The amount of data created, captured and stored worldwide is astronomical—and it only continues to expand. The digital world is growing exponentially, and data is becoming more connected and decentralized. Therefore, cyber security resiliency is more challenging because there is also a widespread expansion of attack surfaces for threat actors to exploit and capitalize upon stolen or misappropriated data.

The increasing threat of Log4j-type breaches, the reimagining of the hybrid workspace, and a host of other mission-critical issues placed significant challenges on enterprise security in the past year.

These factors create a tempting risk for security teams to go overboard, implementing onerous safeguards that ultimately have a negative impact on users. That’s why tackling these issues head-on while delivering an unobtrusive experience on every level is a core driver of our IT security teams.

As a result, initiatives such as Beyond Zero Trust, real-world sustainability, Physical Security (PhysSec) 2.0, and a variety of others continue to place VMware at the forefront of the seemingly impossible—offering superior virtual and physical enterprise ecosystem security without anyone knowing it’s there.

Beyond what’s expected

Beyond Zero Trust is an internal program designed to fulfill the VMware security mission in every aspect of the enterprise. Its foundation is based on the success of teamwork, not siloed individuals. This people-centric approach translates to security deployments, upgrades and fixes with a long-term goal of minimizing colleague work disruption. It is part of delivering the overall VMware security culture change and integrates with our wider security efforts around colleague training and awareness.

This comprehensive initiative encompasses everything from how to spot a fraudulent email request to educating colleagues as to why tailgating (unknowingly allowing a bad actor through a secure building entrance) is unacceptable, in addition to other factors that pose a danger to the enterprise. After all, the reality of humans being human is still the top security risk in any organization.

None of this is accomplished in a vacuum, and the program contains numerous feedback loops to ensure colleagues always realize the best (nonintrusive) experience possible.

Learning from a log jam

Log4j open-source Java logging software is integral to virtually every enterprise

infrastructure globally. In fact, more than three million devices run on Java and a majority of those incorporate Log4j. In December 2021, the worst-case scenario happened—an extremely critical breach (10/10 on the Common Vulnerability Scoring System) occurred. Knowing this was a threat actor’s dream come true—and that VMware and its customers could be impacted—our security teams engaged plans specifically designed for this sort of scenario, organized crisis management teams, and went to work.

VMware security employed various technologies, including AI, machine learning (ML) and automation, to respond faster than was humanly possible. In addition to implementing the required fixes, personnel and machines rapidly notified VMware customers of the breach and what was being done about it. Most notably, and in a marked shift in the InfoSec world, we moved to mitigation and compensating security controls as our first line of response rather than just waiting on patches to arrive.

Because of the tireless work of the entire VMware IT Security team, a significant disaster was averted. Ultimately, our teams gained invaluable insight into how modern security methods can thwart even the most determined hacker.

Part Five of this series will explore sustainability innovation.

Read the full VMware IT Performance Annual Report 2022 to learn more about our security innovation.

Check out our other security blogs. And don’t forget to check out these other blogs in this series:

Part One: an overview of the VMware IT Performance Annual Report 2022 and VMware IT innovation

Part Two: Digital transformation of our modern apps

Part Three: Our transition to a SaaS model

VMware on VMware blogs are written by IT subject matter experts sharing stories about our digital transformation using VMware products and services in a global production environment. To learn more about how VMware IT uses VMware products and technology to solve critical challenges, visit our microsite, read our blogs and IT Performance Annual Report and follow us on SoundCloud, Twitter and YouTube. All VMware trademarks and registered marks (including logos and icons) referenced in the document remain the property of VMware.


Leave a Reply

Your email address will not be published. Required fields are marked *