Guest blog by Vicky Reddington, Director of Partner Strategy, EMEA at VMware
The introduction of VMware NSX has been central in helping our partners deliver a next-generation approach to cyber security. It reflects two fundamental shifts in the market: firstly, a move towards the ‘zero-trust’ security model, and secondly, encouraging the adoption of a more holistic approach, where a security policy is centrally defined – replacing the attempted definition of a policy across multiple, individual security systems.
Castles vs. Hotels
Looking closely at the first shift, we have seen an increasing move away from the traditional ‘Trust Everyone’ style of network in which resource was poured into creating a hard perimeter aimed at keeping threats outside the organization’s network. Users with the ‘right’ permissions could be granted access to the environment and able to move freely once inside. Needless to say that this approach has serious drawbacks, specifically in the threat posed should a hacker make it through the hard perimeter. With unlimited access to the environment, the potential for them to wreak havoc and destruction is near limitless.
Unsurprisingly, organizations are now looking elsewhere and beginning to favour the ‘Zero-Trust’ approach. If the former model could be compared to a castle (with a hardened wall but no internal security), the latter approach is more like a hotel with each individual room secured separately, and each safe within that room locked– so even if a hacker was able to access one of the rooms, thanks to the locks on each room’s door and safe they cannot use it as an entry point for any other part of the hotel. Using microsegmentation, VMware NSX enables this lockdown, controlling east-west (or server to server) traffic in a data centre, so that if one virtual machine is compromised, it does not compromise any other part of the system. Reputation is everything to a business’ bottom line and protecting IP and customer data, for example, is vital. Perimeter security simply doesn’t do this.
The hotel approach to security can also help mitigate against insider threats – whether malicious or accidental. When you consider that internal employees account for 43 per cent of data loss it is clear something must be done. No organization is immune – just last year German newspaper Bild reported that Russian hackers had taken over the personal email of Chancellor Angela Merkel and used it to spread malware to the German Bundestag. With NSX, these threats can be locked down and dealt with instantly, limiting potential damage.
One System to Manage It All
The second shift is subtler but will have a significant impact on our channel partners. While previously organizations have built security systems using a mix of best-of-breed products from a variety of vendors, the lack of interoperability and integration meant that many struggled to create a single, coherent security policy.
In recent years this issue has been brought into the spotlight: as businesses have embraced mobility there has been an influx of new mobile devices into the organization, making the IT estate wider and more nebulous, and far more difficult to protect and manage. Our customers are crying out for the ability to define a holistic security policy via a single pane of glass.
Alongside increased mobility, vMotion has also been a game-changer. With workloads now able to move regularly across servers and even data centres they have become harder to secure. Anchoring cyber security to the hardware no longer works as hardware has become commoditised and interchangeable, with organizations flipping between so many different environments depending on factors such as cost, compliance, and speed. Instead the market needs a way to protect the data itself.
NSX offers answers to both of these challenges. As a software-defined solution, it can provide a single view of the entire network – improving troubleshooting speeds as IT departments can identify faulty network connection at the click of a button, rather than spending hours in the data centre, checking individual cables and connectors. Additionally, policies can be created quickly and applied across the network. This is especially important to keep moving workloads in check. By using NSX’s microsegmenation capabilities to apply automated security policies to individual virtual machines, organizations are able to effectively ‘shrink-wrap’ their workloads and ensure they are protected no matter what hardware they are running on.
Window of Opportunity
As NSX is so new to the market the opportunities for our partners are unrivalled. There is a wide base of businesses facing many of the challenges outlined above and not knowing how to tackle them. When you consider the concerns and worries created by the impending introduction of the EU’s General Data Protection Regulation, as well as the continuing increase in threats from hackers, the business case for NSX becomes quickly apparent.
There are also significant upsell opportunities. With NSX as a central platform, it connects with many solutions from our technology partners and provides a single pane of glass for defining holistic security policies across multiple third-party components, such as firewalls or anti-virus software.
We’re entering a new era of security, and for both IT departments and channel partners, there are real opportunities for change.
To get involved and find out more about the VMware Partner Programme, visit: http://www.vmware.com/be/partners.html