The security landscape is changing as the threat landscape becomes challenging by the day. Many large enterprises are upping their ante in security by investing in new technologies and people in order to create a pro-active security backbone. In an exclusive interview to DATAQUEST, B S Nagarajan, Senior Director- Systems Engineering, VMware India talks about the leading security trends and best practices in managing enterprise security. Excerpts.
How has enterprise security changed in the last few years?
With the pace of business and technological disruption ever accelerating, enterprises around the globe and across many industries seem poised for total digital transformation this year. Today’s security challenges cannot be secured with mere incremental thinking. We need a new security architecture that fundamentally changes how we prevent, detect, and respond to threats.
Protecting a corporate network isn’t as simple as building a wall around it. Threats can still sneak through the network firewall or circumvent security infrastructure altogether. Once they’re inside, they can move around and attack at will since there are few, if any, controls inside the data center to prevent malicious traffic.
For a lot of security guys, nirvana is the ability to do micro-segmentation within the data center, or build a honeycomb, in effect, so that any threat that gets into the data center is actually captured within the honeycomb and cannot move very much. What we can do with network virtualization is bring that firewalling all the way down to the virtual interface.
Given the challenges what are some of best practices CISOs and CIOs can adopt?
As the threat landscape for data breaches continues to advance in both volume and sophistication, businesses must mature their security strategies to confront and hopefully outpace these new challenges. Unless changes are made to existing security protocols, it is only a matter of time before security barriers are penetrated and valuable data is lost. While there is no silver bullet to ensure complete protection from data breaches, companies can greatly reduce their risk and exercise greater control over their network by taking the following steps:
- Create a model of security designed to be both strategically resonant and tactically implementable. Adopt a Zero Trust mindset. Strategically, Zero Trust suggests making all network ports untrusted, thus ensuring data is protected across all layers and not just at perimeter access points. Tactically, Zero Trust identifies clear steps companies can take to achieve this model. Micro-segmentation is one of these critical steps, and it must be accomplished for Zero Trust to be tactically implementable.
- Architect your Zero Trust network by enabling micro-segmentation of the network through network virtualization. Modern networks must be segmented so that micro-perimeters can be created and data controlled more granularly. Virtualized network micro segmentation is the easiest way to build these micro-perimeters.
- Set up micro-perimeters to manage your toxic data, and map how this data needs to flow through your organization. Zero Trust is data centric. By understanding how your data works and how it needs to move on your network, you can create a more robust solution that will enable both data usage and protection. In the process of mapping out how your data flows, you may also identify opportunities to improve and optimize data movement.
- Build a cross-functional team to implement Zero Trust concepts. Zero Trust breaks down silos. Use your Zero Trust initiative to solve business problems by creating a team from various stakeholder groups. Involve representatives from security, networking, application development, and enterprise architecture.
What is VMware’s approach to security and what are your focus areas?
At VMware we see the ability to provide networking and security services to a range of endpoints move to another level. VMware NSX solves the data center challenges by delivering a completely new operational model for networking. This model breaks through current physical network barriers and allows data center operators to achieve orders of magnitude better agility and economics. The set of endpoints that NSX can manage will extend to containers and public cloud workloads. We’ll also see NSX extending out to branch offices as Software Defined WAN (SD-WAN) solutions take root.
VMware NSX has been around for more than two years now, and in that time software-defined networking and network virtualization have become integrated into modern data center architecture. It seems like an inconceivable amount of progress has been made. But the reality is that we’re only at the beginning of this journey. The transformation of networking from a hardware industry into a software industry is having a profound impact on services, security, and IT organizations around the world.
As more data centers adopt the power of network virtualization and a software-defined data center architecture, we’ll see a broad range of traditional security solutions that leverage the unique position of the network virtualization platform in the hypervisor. Detailed knowledge of VMs and application process owners, combined with automated provisioning speed and operational efficiency, is the foundation for an exciting new approach to some very old challenges.
A common theme among customers is that they like the security and visibility features that NSX provides, and would love to have those same features available for public cloud workloads. Recognizing that for at least some of their end users, public clouds will be the chosen venue for a workload to run. IT managers want to have a consistent view of networking and security policy. They also want to maintain that consistency even if a workload at some point moves from one public cloud to another, or moves back to on- premise deployment. Meeting this requirement will be the objective as we expand NSX into public cloud environments. A similar desire for consistency in networking and security policies will drive the extensions to support containers as first-class endpoints for NSX.
Any India specific trends?
In India, we have seen growing momentum in the adoption of network virtualization. Just as server virtualization changed the paradigm for server operations and management, we are seeing network virtualization to change the paradigm for network operations and management.
In 2015, the VMware NSX business, the network virtualization and security platform for the software-defined data center, grew over 100% year-over-year globally, bringing the total annual bookings run rate to well over $600 million.
VMware NSX offers organizations the new, architecture-based security solution they need to defend themselves against the growing number and types of cyber threats. As VMware CEO Pat Gelsinger explained in his recent RSA 2016 keynote, VMware NSX network virtualization offers organizations the alignment and ubiquity needed for a true security architecture that defends across compute, network, storage, and even clouds. The micro-segmentation made possible by these NSX capabilities transforms security by creating the proactive, strategic defense needed to protect an organization’s most valuable assets.