As part of our focus on risk and security, we have heard from a number of VMware partners – including Intel, Atea Denmark and MTI – on their thoughts around the ever-changing security landscape.
Working closely with our partner community, Vicky Reddington, Director of Partner Strategy, EMEA at VMware, is here to discuss the shift in mindset that virtualized networking platform VMware NSX has created…
The introduction of VMware NSX has been central in helping our partners deliver a next-generation approach to cyber security. It reflects two fundamental shifts in the market: firstly, a move towards the ‘zero-trust’ security model, and secondly, encouraging the adoption of a more holistic approach, where a security policy is centrally defined – replacing the attempted definition of a policy across multiple, individual security systems.
Castles vs. Hotels
Looking closely at the first shift, we have seen an increasing move away from the traditional ‘Trust Everyone’ style of network in which resource was poured into creating a hard perimeter aimed at keeping threats outside the organisation’s network. Users with the ‘right’ permissions could be granted access to the environment and able to move freely once inside. Needless to say that this approach has serious drawbacks, specifically in the threat posed should a hacker make it through the hard perimeter. With unlimited access to the environment, the potential for them to wreak havoc and destruction is near limitless.
Unsurprisingly, organisations are now looking elsewhere and beginning to favour the ‘Zero-Trust’ approach. If the former model could be compared to a castle (with a hardened wall but no internal security), the latter approach is more like a hotel with each individual room secured separately, and each safe within that room locked– so even if a hacker was able to access one of the rooms, thanks to the locks on each room’s door and safe they cannot use it as an entry point for any other part of the hotel. Using microsegmentation, VMware NSX enables this lockdown, controlling east-west (or server to server) traffic in a data centre, so that if one virtual machine is compromised, it does not compromise any other part of the system. Reputation is everything to a business’ bottom line and protecting IP and customer data, for example, is vital. Perimeter security simply doesn’t do this.
The hotel approach to security can also help mitigate against insider threats – whether malicious or accidental. When you consider that internal employees account for 43 per cent of data loss it is clear something must be done. No organisation is immune – just last year German newspaper Bild reported that Russian hackers had taken over the personal email of Chancellor Angela Merkel and used it to spread malware to the German Bundestag. With NSX, these threats can be locked down and dealt with instantly, limiting potential damage.
One System to Manage It All
The second shift is subtler but will have a significant impact on our channel partners. While previously organisations have built security systems using a mix of best-of-breed products from a variety of vendors, the lack of interoperability and integration meant that many struggled to create a single, coherent security policy.
In recent years this issue has been brought into the spotlight: as businesses have embraced mobility there has been an influx of new mobile devices into the organisation, making the IT estate wider and more nebulous, and far more difficult to protect and manage. Our customers are crying out for the ability to define a holistic security policy via a single pane of glass.
Alongside increased mobility, vMotion has also been a game-changer. With workloads now able to move regularly across servers and even data centres they have become harder to secure. Anchoring cyber security to the hardware no longer works as hardware has become commoditised and interchangeable, with organisations flipping between so many different environments depending on factors such as cost, compliance, and speed. Instead the market needs a way to protect the data itself.
NSX offers answers to both of these challenges. As a software-defined solution, it can provide a single view of the entire network – improving troubleshooting speeds as IT departments can identify faulty network connection at the click of a button, rather than spending hours in the data centre, checking individual cables and connectors. Additionally, policies can be created quickly and applied across the network. This is especially important to keep moving workloads in check. By using NSX’s microsegmenation capabilities to apply automated security policies to individual virtual machines, organisations are able to effectively ‘shrink-wrap’ their workloads and ensure they are protected no matter what hardware they are running on.
Window of Opportunity
As NSX is so new to the market the opportunities for our partners are unrivalled. There is a wide base of businesses facing many of the challenges outlined above and not knowing how to tackle them. When you consider the concerns and worries created by the impending introduction of the EU’s General Data Protection Regulation, as well as the continuing increase in threats from hackers, the business case for NSX becomes quickly apparent.
There are also significant upsell opportunities. With NSX as a central platform, it connects with many solutions from our technology partners and provides a single pane of glass for defining holistic security policies across multiple third-party components, such as firewalls or anti-virus software.
We’re entering a new era of security, and for both IT departments and channel partners, there are real opportunities for change.
To get involved and find out more about the VMware Partner Programme, visit: http://www.vmware.com/uk/partners.html
Find out more about VMware’s Risk and Security research here. You can also hear from other VMware partners – including Intel, MTI, and Atea Denmark – by regularly visiting the blog.