Story image

Exclusive: VMware's Bruce Davie explains why network virtualisation is changing security

19 Jun 2017

Security is not just about the perimeter any more. Not when you have applications virtualised in the cloud, each with their own policies.

Bruce Davie, vice president and chief technology officer of VMware Asia Pacific and Japan, talked to us about securing themselves in a multi-cloud era, how they can tailor their existing strategies to serve security and why they need to be more agile in their approach.

Davie comes from a networking background within the company, but through the 2012 acquisition of Nicira, the company started to fuse security and networking together through software-defined networking - a partnership that is very tightly coupled.

For its NSX solution, VMware leverages its direct relationships with customers to establish product understanding. After there is better understanding about the products, they are then sold through the channel.

Maintaining security across private, hybrid and public clouds as well as the data centre can be a challenge. They all provide different capabilities in both networking and security. VMware is able to provide a common layer that can be managed according to individual organisations' policies.

"What we've realised is that we have a bigger security opportunity than what we do with network virtualisation. We are in the middle of everything applications are doing," Davie says.

"If somebody provisioned the virtual machine (VM) to be a web server, you know the processes it should be running, you know what typical behaviour looks like, and you can monitor that from within the hypervisor. If it starts doing something that isn't a web server, you can actually raise an alert. We're moving beyond the network view of security to an IT-wide view of security where the virtualisation layer can be used to really change security."

When you think about traditional security, it involves large, flat zones of trust where everything can communicate with each other. That tactic is what attackers have exploited to get malware into those zones.

"The basic problem is that we've focused a lot of energy on securing the perimeter of the data centre to prevent anything bad getting in. But the attacker only has to be successful once and the perimeter has to be successful 100% of the time defending against those attacks. In any enterprise today, there's data that somebody will pay money for," he says.

Davie believes that organisations have been securing the wrong thing. Instead of securing the perimeter which is the thing you can see, it's an illusion. In the modern world there are applications running in the cloud; there are things on SaaS applications; on AWS.

Securing such a varied perimeter seems impossible. Davie says we should focus on protecting the data, the users and the applications.

"Virtualisation is not arbitrary communication between a set of things in a zone. It's a specific communication path between this VM and that VM. This is what we call micro-segmentation: The ability to precisely define exactly what can communicate with what."

Davie says that it's easier to let applications sit on top of a virtualisation layer. That layer sits on top of the infrastructure. Because businesses care about the applications, it's the virtualisation layer that supports them.

"If there are three VMs that constitute an application and I want to put a wrapper around those and say 'if anything wants to come through here, it has to come through a very specific entry point."

"Virtualisation gives you a set of tools for what access exists for a particular piece of data. That is much more sensitive than trying to control physical infrastructure."

Taking that to the C-level executives takes a strategic approach. Davies says they're thinking about moving quickly to avoid competitive disruption. Public cloud is alluring - but at the same time, they're concerned about the effects of hacking.

"The C-level wants his business to move faster and still wants all the things from the IT team like managing costs and staying compliant. Historically there has been conflict between moving quickly and being secure. The IT teams then have to figure out how balance the two."

From internal IT teams to the security landscape in general, Davie says that there are thousands are security vendors, many of which are VMware partners. Davie says it's not about trying to displace them, but leverage each partner's strengths.

"Whether it's using the hypervisor to provide data to an otherwise blind firewall, Davie says it's about using VMs that complement partners so they can do the better job. We can not only change the way we approach security but the way our partners change security."

Security needs to change as the threat landscape does, and Davie says cloud is not the major risk it has been made out to be.

"There's a tendency to view the cloud as a security risk, but we should view the cloud as a security opportunity. We're now bringing technologies to the table that let you do a better job of security through virtualisation," he concludes.

Why 'right to repair' legislation could be a new lease on life for broken devices
“These companies are profiting at the expense of our environment and our pocketbooks as we become a throw-away society that discards over 6 million tonnes of electronics every year.”
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
SAS partners with NVIDIA on deep learning and computer vision
“By partnering with NVIDIA, we combine our strengths to augment human intelligence and realise the true potential of AI.” 
Why businesses must embrace automation to ensure success
“For many younger workers, the traditional view of a steady job at one company, perhaps for life, simply doesn’t reflect reality."
Dropbox invests in hosting data inside Australia
Global collaboration platform Dropbox has announced it will now host Australian customer files onshore to support its growing base in the country.
TYAN unveils new inference-optimised GPU platforms with NVIDIA T4 accelerators
“TYAN servers with NVIDIA T4 GPUs are designed to excel at all accelerated workloads, including machine learning, deep learning, and virtual desktops.”
Worldwide spending on security to reach $103.1bil in 2019 - IDC
Managed security services will be the largest technology category in 2019.
How Cognata and NVIDIA enable autonomous vehicle simulation
“Cognata and NVIDIA are creating a robust solution that will efficiently and safely accelerate autonomous vehicles’ market entry."