Contact Us

|

Careers

|

Change Locale
close

Top three reasons to use a micro-segmentation solution like VMware NSX

Security | Posted on September 3, 2019 by Susana Byun

Editor’s note (September 2019): We updated this post with additional resources/links about multicloud networking. 

One of the most hyped use cases of software-defined networking (SDN) is micro-segmentation — and for a good reason. With solutions such as VMware NSX, micro-segmentation promises several high-value business outcomes. These include modern security, seamless operations and optimized user experience.

Learn the key three reasons why you should consider micro-segmentation for your organization:

1. Modern cybersecurity requires modern approaches

Traditional cybersecurity relies heavily on maintaining a robust, perimeter-level defense. This leverages firewalls to keep unwanted visitors out of the data center. But just like a medieval castle, this “castle and moat” approach is only effective so long as it isn’t breached.

Once a bad actor gets in, firewalls do little to stop them from moving laterally across databases and applications. Security professionals call this internal traffic “east-west.” “North-south” traffic is anything coming from outside your firewall.

Modern day threats, such as the Wannacry ransomware attack, prove that lateral, “east-west” vulnerabilities can be catastrophic. The problem is that too many businesses overlook this lateral security flaw, or just don’t know it exists. Generally, up to 80 percent of IT security budgets goes to north-south perimeter security. Meanwhile, up to 70 percent of all data center traffic goes to lateral, or east-west security.

While facing growing security threats, organizations see micro-segmentation as a solution to close this dangerous gap.

Unlike castles, micro-segmentation solutions, such as NSX, are more like modern hotel security. A robust firewall is still necessary, just such as a hotel often employs a front-line security guard. However, even with a prepared staff, the hotel is still vulnerable to attacks. For example, if intruders slip past the security guard in the lobby, they still need a key card to access the rooms and valuables items inside.

Just like our hotel key card analogy, micro-segmentation uses software-defined networking and virtualization to wrap each application, workload and database with its own virtual firewall. In order to move laterally, workloads must receive explicit permission, which can pre-defined and configured by the virtual network administrator. As a result, micro-segmentation greatly reduces your surface of attack and disarms intruders – even if they get through the front door.

2. Operationalizing modern security

Micro-segmentation also gives network administrators the tools to move quickly and efficiently. It helps them enact security policies on an enterprise scale and across intricate cloud and virtualized environments.

This is how it works: instead of manually configuring access policies for each individual workload and user, micro-segmentation lets you group, scale and automate policies. Admins are now able to gather workloads, applications and user profiles in an easier and simpler fashion. Each can have a pre-determined, role-specific set of rights and restrictions. For example, users in human resources only need to access a small set of applications. In the meantime, users in finance, marketing and sales will have distinct requirements.

These policies are automatically enforced whenever a new user is created, moved or deleted. Admins are also able to combine multiple groups, enacting broad, umbrella policies across a set of groups – a method VMware likens to a “3D firewall.”

The bottom line is that micro-segmentation removes inefficient and manual processes. In exchange, it provides a speedier way to automate network security management.

3. Improving user and employee experience

Last but not least, micro-segmentation helps IT deliver better end-user experiences in the workplace.

Not only does NSX give admins powerful tools to monitor and manage access, it also allows end users to get the right information, at the right time. This is because policies can be automated to follow users as their roles evolve within the business. Thus, there is no downtime waiting on IT to deliver access to critical apps and information.

From employees to contractors to third-party collaborators, micro-segmentation eliminates the friction for workers in a cloud-enabled, mobile world.

How to get started with micro-segmentation?

How much of your traffic is flowing east-west versus north-south? How do you get insight on your virtual machines, users and behaviors? How would you prevent a bad actor from doing damage, if they could get past your “castle walls”?

Start building your technology roadmap and identify vulnerabilities. Our upfront virtualization and networking assessments provide the data-driven insights to develop an effective plan.

Learn more about our VMware solutions and check out our latest blog on Digital Transformation and Multicloud Networking.

Related Articles

Cloud | December 11, 2019 by Karly Pierce

IT organizations have seen too much of their time consumed by non-strategic tasks. This comes at great cost to their bottom lines and cloud transition strategies.  In fact, a 2018 Stripe survey found that between dealing with bad code, technical debt and various refactors or modifications, most of the typical developer workweek was wasted.   That […]

Cloud | November 28, 2019 by Ryan Demelo

Among the biggest obstacles to IT resilience is the “data dilemma.”  That data has become “the new oil” is a well-worn cliché by now. But clichés earn that status because they originate in the truth. And it’s true that today, data drives the decision-making that moves businesses forward. Protecting it is more important than ever. […]

Cloud | November 14, 2019 by Ryan Demelo

Protect the data and applications critical to your business.   Data has a significant impact on the way we do business, enabling innovation, defining how we engage our customers and expand our ability to generate revenue. With IDC forecasting that by 2025 the global data sphere will grow to 175 Billion Terabytes of information, businesses will need to be more strategic and efficient in the way they manage – and protect – their data.  The increase in global cyberattacks is a […]