Building Intelligent Security Into Your Network

by Sohini Bagchi    Nov 07, 2017

bruce

With more and more new devices getting introduced to the network, CIOs and network managers are struggling to secure the entire IT continuum, from network periphery to the data that traverses on the network to mobile devices and sensors connected through the Internet of Things. As these devices proliferate, security becomes a primary concern, owing to widespread network security threats. In such a scenario, companies need to develop security strategies that protect the perimeter making networks more agile and efficient. At the recently concluded vForum 2017, Bruce Davie, VP & CTO, VMware APJ, explains the future of networking, with reference to VMware’s latest initiatives to protect this space.

CXOToday: Cyber security is a pretty crowded space today as almost every player is trying to push itself in this area. What is your plan to stay ahead of the curve?

Bruce Davie: To begin with, we have already positioned ourselves uniquely in the market as we differentiated ourselves by focusing on the virtual infrastructure layer where security can be done. In fact as we always had this concept in mind and were the first to observe it when we began using network virtualization to deliver micro segmentation. Today we have the benefit of a few years experience. We really did fundamentally improve the security of networks with the announcement of the App Defense buyout in August. Now we are leveraging our position within the virtual infrastructure to have a high degree of visibility and control over things, and this could be a key differentiator. At the same time, we also think that the security space is a pretty big and complex one. And so, having good partnerships with key players in that ecosystem is also important. I believe it’s a combination of leveraging unique positions with our ability to partner with others who have particular strengths.   

CXOToday: Can you tell us about your partnerships with the pure play security players in the market and the benefits?

Bruce Davie: Yes, of course, even though I can’t tell you about all the partners but as a good example we had a long partnership with Palo Alto Networks. Where the checkpoints, and many others that we partner with. So, one of the things we have been doing with app defense is; as we are able to now detect things going on at the individual virtual machine and process level. We can provide the information to third parties who can then take their own actions. And we definitely feel this. You can call pure play security players who can benefit from the unique capabilities that we have.

CXOToday: How has the partnership with App defense benefited VMware existing lines of products? 

Bruce Davie: Sure. I believe the first observation we’ve made is that, with network virtualization, it becomes extremely easy to create networks with strong isolation and a very precise scope. One can even say exactly which particular virtual machines are allowed to communicate with each other. And exactly how they are allowed to communicate and do that both with a high degree of automation and a very low operational cost. Effectively we have made it just much easier to take a strong position on how well isolated different entities are within your datacenter.

CXOToday: During your keynote, you had shed some light on cyber security hygiene and infrastructure security. So, can you explain how companies should leverage these technologies.

Bruce Davie: The idea of infrastructure security is that we are fundamentally an infrastructure company and we believe, it is possible to make your infrastructure inherently secure. And again, one example of that is, that micro segmentation should just be a standard capability. While many of our customers have not yet adopted it but thousand of our customers have adopted it and have got tremendous success. And so, we believe, infrastructure security has the capability to make your infrastructure much more secure than it has been in the past. And then we talk about cyber hygiene, we are basically saying there are things which are known as ‘good practices’. This is similar to knowing that you should wash your hands or else you get sick. But people don’t always follow these best practices. But we also know that at this point we should have very strong isolation between components that don’t need to communicate. Again, we have thousands of customers who are doing that but overall the industry has not yet fully gone down that path providing that from isolation. So we are encouraging the adoption of cyber hygiene to our customers.

CXOToday: Despite the strong need for niche security solutions and practices, organizations contiue to lack skilled cyber security professionals. Are you doing something to address this skill gap?

Bruce Davie: Yes. I think this kind of two approaches to that, one is certainly we do, take a range of steps to educate people about, good practices and security. And that ranges from things like what we are doing here at this event to we have a range of certification programs around things like network virtualization. So we are training the ‘new generation’ of virtual infrastructure experts who will be able to address security issues. Let see there was a second point I was going to make, if I can come back to it. I guess the other point I was going to make is that, part of the challenge with security has been as complicated as it is to do even relatively simple things. And so, as an example, firewalls tend to become extremely complicated because you are trying to tackle so many different problems through a single client. Therefore what we have done is, we have tried to make it much easier for people to apply security in ways to make sense. Using things like a high level of statement of pure security policy and then getting that implemented automatically is one way that we can make it easier, so you don’t need the same level of high expertise to achieve reasonable outcomes.

CXOToday: What is the future of network virtualization? Where is it going from here within the next two years?

Bruce Davie: Firstly, I’ll say we do see network virtualization becoming very common place. You might have heard path say today, if you are not using NSX, you are behind.  You have recently felt like the benefits are so clear that we expect countless of our customers to use network virtualization. If I would have picked one significant change or trend in the next two years, I would say it is the extension out from the datacenter to address security at the edge. So to an extent we are already saying that with using NSX to provide security that goes out to mobile handsets through integration with Air Watch. But also if you look at what we are doing with IOT, you will see that we are using NSX security to secure the sensors and other IOT devices. So the overall trend, I would say is that network virtualization will go from being just a datacenter technology to being something that covers the broader landscape all the way out to the edge.

CXOToday:  In the cyber security space in recent times, what is the need of the hour for CXOs? How is VMware helping them overcome crisis and emerge as winners?

Bruce Davie: I may be repeating myself here, but I guess I would say, we really are trying to get our customers to focus on securing the things that matter. And so, that means securing data, securing applications, securing users and that’s actually a shift from the way people have traditionally thought about with security; where people do have secured things like a datacenter perimeter as opposed to securing the data. And so, I guess there is one sort of high level message, we want to get across to CIOs and CEOs focused on securing the things that matter. And evidently we believe we have the tools to help them to do that, by changing the way we approach security, which is why we have this kind of whole thrust around transforming security with. We are not trying to just incrementally improve security but really change the approach.