VMware has announced the company is transforming hybrid cloud security for mobile end users through the combination of VMware NSX network virtualisation and the company’s business mobility solutions, AirWatch by VMware and VMware Horizon.
Next week at RSA Conference, VMware will showcase how VMware NSX, when deployed with AirWatch EMM or VMware Horizon, addresses the enterprise security challenge of over-provisioned data centre access through the use of network micro-segmentation. This unique combination creates an individualised virtual network that allows users or groups to access only the specific applications within the data centre to which they are authorised. This model can prevent users from accessing or even seeing resources that exist within the data centre to which they are not entitled. Through this unique combined solution, IT can help minimise security threats resulting from over-provisioned access that is common with traditional gateway VPNs.
“VMware is a driving force in helping to evolve security inside the data centre through micro-segmentation with VMware NSX, and on the device level through capabilities such as per-application VPN,” says Noah Wasmer, vice president of product management and CTO, End-User Computing, VMware. “Today we are bringing the power of these two solutions together to deliver the ability to implement a fully-segmented virtualised data centre network that meets the unique challenges presented by today’s mobile end users.”
Micro-segmentation: better security with a Software-Defined Data Centre approach
Organisations typically provide user access through a secure VPN gateway connection into the cloud data centre where applications and data reside. Once inside the data centre, however, users can gain nearly unlimited access to all of the resources inside of the data centre. Modern attacks exploit this perimeter-centric defence strategy by ‘hitching a ride’ from authorised users using completely secure connections, then moving laterally within the data centre between workloads with little or no controls to block propagation. As more and different types of devices are coming into businesses, IT requires a solution that solves this over-provisioned access challenge to provide secure, restricted access to only the resources to which users are entitled.
VMware NSX helps solve this challenge through network micro-segmentation inside the data centre. The VMware NSX approach to securing user access offers several advantages over traditional security approaches—automated provisioning, automated move/add/change for workloads, distributed policy enforcement at every virtual interface and in-kernel, scale-out firewalling distributed to every hypervisor or virtual desktop and baked into the platform.
* Deploying VMware NSX with AirWatch Enterprise Mobility Management – combining AirWatch identity management and per-app VPN controls with VMware NSX network virtualisation completes the security bridge from the device to the data centre. This solution enables IT to assign exact data centre resources to specific applications based on the organisational groups already set up through AirWatch EMM. The permissions set by IT can prevent the enterprise from overexposing data centre information to applications on any device while still empowering the mobile user with the corporate resources they need to do work efficiently and effectively. The combined solution also gives admins greater visibility into what mobile users can access and eases change management as new applications come online.
* Deploying VMware NSX with Horizon – this solution enables effective firewalling for each virtual desktop at a VM level, preventing the spread of threats from desktop to server as well as desktop to desktop. Security policies can be created based on individual users or logical groupings, rather than being tied to rigid network topologies, and VMware NSX streamlines and simplifies configuration of security policies based on types of users (e.g., engineering, HR, finance) and types of data being accessed (e.g., credit card, payroll). Because mobile and virtual desktop sessions are more dynamic than server workloads, static security policies are far less effective. VMware NSX simplifies and automates application of network and security policies to users or virtual desktop pools.
“As organisations move toward Third Platform adoption, they will expose more of their data centre resources to an increasing number of devices and users. This will introduce increased risk, and require a reassessment of data centre security strategies. Highly-segmented virtualised data centre networks, combined with identity-based end point security, represents a step forward in solving some Third Platform security challenges. With this solution, VMware is helping customers begin to address these challenges today,” says Brad Casemore, research director, Datacentre Networks, IDC
“There is enormous potential for increased and precise security with the combination of VMware NSX with AirWatch by VMware and Horizon to provide micro-segmentation from the device into the data centre. This solution addresses over-provisioning inside the data centre as more workers use mobile applications to access critical business data,” says Bob Egan, CEO and founder, The Sepharim Group.