This is Part 1 of a 2-part series. Read Part 2 here.
Softchoice VMware expert David Schwartzstein shows us how VMware products vROPs and NSX are the unlikely heroes that will improve the monitoring and maintaining of security in your IT environment. In this first post, David reveals how invested VMware is in security, and how to benefit from their security expertise.
Chances are, if you work with data center technology, you’re familiar with VMware. “Yeah, they’re the server virtualization company,” is likely the first thought to come to mind. VMware is most well known for virtual machines for good reason: 100% of all Fortune 1000 companies and the vast majority of small and medium businesses virtualize their servers with VMware products.
Did you know VMware also does security?
You may trust VMware to be a relatively secure platform, but I bet you don’t think of VMware when considering security services. When you think of security vendors, you’re thinking Cisco, Fortinet, Symantec, Trend Micro or McAfee (now Intel Security). If VMware crosses your mind it’s probably not near the top of the list.
Over the past couple of years, VMware has been fairly active in encouraging vSphere customers to adopt vRealize Operations (vROps), which was formerly known as vCenter Operations Manager (vCOps). The bulk of the marketing around vROps has been around its usage as a tool to provide a virtualized data center administrator with proactive health checking, monitoring, alerting, and capacity planning functionalities without much (if any) emphasis on its usage as a security compliance auditing and enforcement tool.
Use vRealize Operations Enterprise as a vigilant security guard
vRealize Operations Enterprise edition is a robust offering for monitoring and maintaining security best practices. vROps Enterprise has functionality to evaluate both the VMware vSphere ESXi hypervisor as well as installations of common operating systems, such as Microsoft Windows or Linux (regardless of whether they’re being run within a VM or on a physical host), against VMware best practices security hardening guidelines as well as guidelines provided by compliance regulations such as HIPAA, SOX, and PCI DSS.
This evaluation will detail areas of non-compliance and provide advice on how to remediate such areas. For continuous compliance, vROps Enterprise can be configured to detect configuration changes that cause a vSphere host or operating system instance to drift away from compliance and provide an alert to administrators.
Avoid hefty compliance fines
Usage of vRealize Operations Enterprise can help administrators demonstrate due diligence towards compliance maintenance by providing continuous audit capabilities. Many regulatory compliance laws cite hefty fines, and many insurance companies refuse to cover losses in situations where organizations are unable to prove due diligence of their security practices. With that in mind, it makes the costs of adding vROps Enterprise to an environment very quickly outweighed by the potential costs of lost intellectual property and business information from a preventable security breach.
If you like David’s posts, read his other posts. And feel free to reach out to him directly and say hi! To learn more about a specific product, leave a comment, reach out to your Softchoice Account Manager or email@example.com.
Read Part 2 of this series now.