Marcel van Eemeren, CEO of ON2IT, Europe’s newly crowned NSX partner of the year in EMEA, sat down to talk to us about why virtualised networking and security is so critical to the modern business; getting customers onboard with micro-segmentation and ON2IT’s VMware Partner Innovation Award, announced this week.
Hi Marcel, thanks for speaking with us and congratulations on winning VMware’s Partner Innovation Award for “NSX Partner of the Year”. First of all, we wanted to ask you what security solutions your organisation delivers to end users?
ON2IT offers cyber security solutions and managed cyber security services to globally operating enterprise-size customers, with its own purpose-built security framework with zero trust as a key foundation. Our in-house developed managed services portal is the central delivery point for service, policy, threat management and reporting.
What are having to do to remain competitive in your business? What are the key ingredients?
Our key mission is making prevention better, compliance easier and security faster, in a world that is increasingly expecting this approach to be the norm.
How important is NSX in your security portfolio?
VMware NSX, the network virtualisation platform for the Software-Defined Data Centre, is a key element in our portfolio. Our view is that data is the new gold, but data alone is nothing. Applications bring data to life, but also introduce vulnerabilities that can be exploited. Keeping applications up and running is crucial, and NSX can help maintain the availability of applications by dramatically improving disaster recovery time objectives.
We know exactly how an application works, and that’s why we can protect the data associated with it more effectively. But applications can move from within outside the data centre into a hybrid or public cloud. Security policies should move along so the application and its data are always protected. We call this ‘Safe Application Enabled’. VMware NSX makes this possible by automating the entire stack with vRealize suite and enabling datacentre elasticity without compromise.
Why is virtualised networking and security critical to the modern business?
50 billion devices will be connected to the Internet by 2019, and each and every one of these will provide data. “The new IP” is addressing the need for networks – Virtual Extensible LAN (VXLAN) will be extended beyond the datacentre, so NSX will be the central operations involved in organising efficient data flow. Security needs to be automated wherever the application and data resides. The resources involved need to be virtualised to support and organise unpredictable demand, to build tighter security policy. This shouldn’t just be added on afterwards, but tightly integrated. This means we can find a solution for the enormous shortage of security operations specialists, keeping a focused eye on abnormalities in a highly automated environment.
What is the ‘penny drop’ moment when customers realise that they can create their entire network and security in software?
When customers ‘get’ the essence of the Zero Trust security architecture. Segmentation, protecting their crown jewels (data) and aiming for maximum visibility require a highly automated structure for deployment, testing, onboarding and maintenance. Once customers understand the natural fit between the Zero Trust concept and the Software-Defined Data Centre, the penny drops.
At what point in the implementation process do customers come to fully understand the security power of micro-segmentation?
We focus on Zero Trust, a key principle in the ON2IT Security Framework. Micro-segmentation is the means to get there. The customer quickly realises that without micro-segmentation the data centre grows less secure with every application that is introduced. Micro-segmentation keeps the security boundary manageable. With NSX, this is possible without significant technical changes.
What analogies have you used to explain Software-Defined Networking and micro-segmentation to customers?
As good Dutchmen, we have practiced micro-segmentation since our country was created out of a swampy river delta: most parts of the Netherlands have always been below sea level, with the sea and rivers posing an ever-present threat, protected by dykes. But we didn’t stop at our country’s boundaries: we segmented the country with an ingenious system of dyke rings. Should a breach occur, only a single segment will be flooded.
Recently, we have begun to automate this management of water levels, making it software defined: water level monitoring sensors are connected to pumps to automatically manage water levels. This eliminates human error and increases efficiency, and so it is with micro-segmentation in our networks.
What are the biggest misconceptions you hear about Software-Defined Networking?
Potential customers think that SDN is to networking what server virtualisation is to storage capacity. They fail to see that SDN is a much bigger concept, transcending networking and storage. SDN is the required infrastructure and architecture to make all parts of the datacentre invisible and reliable against increasingly complex threats and risks.
What is your customers’ typical starting point when it comes to deploying NSX?
The best place to start is C-level management. These business leaders need to shift their perspective on security issues, and begin to consider security and automation tools as platforms to enable them to operate a more dynamic, agile organisation.
Management have to understand that the new industrial revolution we are experiencing is unpredictable, and that they need to create a Facebook-like experience (built around operational excellence) at a Facebook level of cost. At the same time they need to demonstrate extreme agility to support rapid development in their business to stay ahead of the competition. The digitally-savvy corporations that take this leap get a bigger market share as a result, because they can adapt more quickly to customer demands.
What are the biggest hurdles you hear from your customers in terms of embracing network virtualization?
The biggest hurdle is that technical staff believe that a hardware solution is necessary for performance and stability, and that these cannot be guaranteed in software. The opposite is true! To move your business, a level of agility is needed that cannot be achieved by moving physical hardware around. And when Gartner says Software Defined Data Centre is the future, why are you then still investing in new intelligent hardware? Wake up!
An ADC controller in hardware is a huge investment and has its limits. At 25% of the cost, you can get the same functionality in software. Software can adapt instantly to any workload at any time. Hardware cannot. My argument: if the Software-Defined Data Centre is being embraced by the likes of the BBC, Netflix and many others, then you might want to reconsider.
How can the implementation of NSX help organisations comply with the upcoming General Data Protection Regulation (GDPR), which will extend the scope of the EU data protection law to all foreign companies processing data of EU residents?
The GDPR requires that organisations are in control of where their data resides, and that security controls to protect this data are “state of the art” in place and effective. This can be achieved by a Zero Trust architecture. NSX is required to build a Zero Trust grade datacentre network.
What does being awarded the NSX Partner of the Year mean to you – and your customers?
That we both should be proud. We’ve demonstrated our excellence, and we only could have done that in close cooperation with our customers and stakeholders. We are thrilled that these awards are based carefully selected, tested and fully operational solutions that really make a difference for our customers in their current and future operations. We focus on, test, advise, sell and implement what really works. This award is tangible proof that our philosophy is effective