ht be dynamically protected in a virtual operating system? Are the protections created in the same manner as the functionality being secured?
AT: We’ve entered an exciting time when it comes to securing enterprise workloads in private, hybrid, or even public clouds. Because we have abstracted the network, host, and security functions as software defined, we can now do some really amazing things. A key benefit is micro-segmentation – which involves creating networks with security attributes to protect at the application level. This reduces the risk of attackers moving laterally through the datacenter, because every application, database, or storage server can essentially reside in it’s own segment, complete with network-based and host-based security. We’ve also taken this one-step further. Our software-defined datacenter capability (SDDC) allows enterprise workloads to be completely portable, and to live in your private cloud, in public clouds, or even distributed between multiple clouds. Any time these workloads are moved, their security capabilities move right with them. A key security tenet is to make it expensive for the attacker to succeed, and this architecture does just that through high levels of distribution, management, and scale. Another very powerful capability enabled by virtualization or SDN is the ability for the network hypervisor to natively provide guest-introspection and data security capabilities. Quite simply this means with a tool like VMware NSX service composer, you can set up a policy that provides DLP functionality at the host-level with just a few clicks. You can also define a manifest of third party integrations like anti-malware and other endpoint tools. There are so many things you can do once you abstract hosts and network functions into software-defined. It’s pretty amazing if you think about it!
EA: Since virtual operating systems make services accessible to running programs through application programming interfaces or APIs, as most people know them – do you see the virtual API as the new security gateway for enterprise?
AT: They are already the new security gateway for the enterprise. This is a big deal, because it changes the way you create a cyber security architecture for an enterprise or data center. Instead of a bunch of equipment looking for packets or network activity, the new concept is to embed protections for real time application security into the cloud operating system. The result is a virtualized cyber security architecture, and our team at VMware considers this evolution to be a great opportunity to provide a new virtual platform for security services. Data center managers are doing this now, and the Internet service providers are doing it with SDN deployments.