Contact Us




Change Locale

Top three reasons to use a micro-segmentation solution like VMware NSX

Security | Posted on September 3, 2019 by Susana Byun

Editor’s note (September 2019): We updated this post with additional resources/links about multicloud networking. 

One of the most hyped use cases of software-defined networking (SDN) is micro-segmentation — and for a good reason. With solutions such as VMware NSX, micro-segmentation promises several high-value business outcomes. These include modern security, seamless operations and optimized user experience.

Learn the key three reasons why you should consider micro-segmentation for your organization:

1. Modern cybersecurity requires modern approaches

Traditional cybersecurity relies heavily on maintaining a robust, perimeter-level defense. This leverages firewalls to keep unwanted visitors out of the data center. But just like a medieval castle, this “castle and moat” approach is only effective so long as it isn’t breached.

Once a bad actor gets in, firewalls do little to stop them from moving laterally across databases and applications. Security professionals call this internal traffic “east-west.” “North-south” traffic is anything coming from outside your firewall.

Modern day threats, such as the Wannacry ransomware attack, prove that lateral, “east-west” vulnerabilities can be catastrophic. The problem is that too many businesses overlook this lateral security flaw, or just don’t know it exists. Generally, up to 80 percent of IT security budgets goes to north-south perimeter security. Meanwhile, up to 70 percent of all data center traffic goes to lateral, or east-west security.

While facing growing security threats, organizations see micro-segmentation as a solution to close this dangerous gap.

Unlike castles, micro-segmentation solutions, such as NSX, are more like modern hotel security. A robust firewall is still necessary, just such as a hotel often employs a front-line security guard. However, even with a prepared staff, the hotel is still vulnerable to attacks. For example, if intruders slip past the security guard in the lobby, they still need a key card to access the rooms and valuables items inside.

Just like our hotel key card analogy, micro-segmentation uses software-defined networking and virtualization to wrap each application, workload and database with its own virtual firewall. In order to move laterally, workloads must receive explicit permission, which can pre-defined and configured by the virtual network administrator. As a result, micro-segmentation greatly reduces your surface of attack and disarms intruders – even if they get through the front door.

2. Operationalizing modern security

Micro-segmentation also gives network administrators the tools to move quickly and efficiently. It helps them enact security policies on an enterprise scale and across intricate cloud and virtualized environments.

This is how it works: instead of manually configuring access policies for each individual workload and user, micro-segmentation lets you group, scale and automate policies. Admins are now able to gather workloads, applications and user profiles in an easier and simpler fashion. Each can have a pre-determined, role-specific set of rights and restrictions. For example, users in human resources only need to access a small set of applications. In the meantime, users in finance, marketing and sales will have distinct requirements.

These policies are automatically enforced whenever a new user is created, moved or deleted. Admins are also able to combine multiple groups, enacting broad, umbrella policies across a set of groups – a method VMware likens to a “3D firewall.”

The bottom line is that micro-segmentation removes inefficient and manual processes. In exchange, it provides a speedier way to automate network security management.

3. Improving user and employee experience

Last but not least, micro-segmentation helps IT deliver better end-user experiences in the workplace.

Not only does NSX give admins powerful tools to monitor and manage access, it also allows end users to get the right information, at the right time. This is because policies can be automated to follow users as their roles evolve within the business. Thus, there is no downtime waiting on IT to deliver access to critical apps and information.

From employees to contractors to third-party collaborators, micro-segmentation eliminates the friction for workers in a cloud-enabled, mobile world.

How to get started with micro-segmentation?

How much of your traffic is flowing east-west versus north-south? How do you get insight on your virtual machines, users and behaviors? How would you prevent a bad actor from doing damage, if they could get past your “castle walls”?

Start building your technology roadmap and identify vulnerabilities. Our upfront virtualization and networking assessments provide the data-driven insights to develop an effective plan.

Learn more about our VMware solutions and check out our latest blog on Digital Transformation and Multicloud Networking.

Related Articles

Collaboration | June 2, 2020 by Softchoice Advisor

  Videoconferencing technology isn’t new, but it has experienced a distinct rise in popularity and strategic importance  as many more organizations shift to remote work.  A flash survey of 550 U.S. employers in March 2020 and found that 67% of them were in the process of allowing more workers to telecommute. As these working arrangements […]

Cloud | May 25, 2020 by Softchoice Advisor

The Softchoice Virtual Discovery Expo (VDX) 2020 has now wrapped. Over 2,000 people registered to hear from Softchoice and our exhibitor partners about the areas driving their digital transformation today. This year, our full-day virtual tech expo happened in a much different context than the inaugural event in 2019. Attendees took away an important message: […]

Collaboration | March 26, 2020 by Softchoice Advisor

The situation surrounding COVID-19 has required many organizations to adjust their way of working. Cybercriminals are doing the same.  The need to shift many workforces to all-remote work creates new challenges, complicating an already complex cybersecurity landscape.   Across the globe, malicious actors are leveraging confusion and uncertainty around this unprecedented scenario to target individuals, businesses and their users.  With many or all end users working […]