For many in the industry ‘VMware’ is synonymous with ‘private cloud’. The company was at the forefront of the development of virtual machines and remains enormously strong in the private cloud space. And with businesses increasingly adding public cloud platforms to their enterprise infrastructure, the company recognized an opportunity to diversify and expand its offering.
At the VMworld conference, this past August VMware announced an integration with Amazon, that enables its NSX controls to be utilized by Amazon’s AWS public cloud offering. Let’s take a look at VMware’s journey to extending its private cloud security controls into the public cloud.
The value of micro-segmentation
One of the key benefits of VMware’s virtualization capabilities is that it enables organizations to implement micro-segmentation as a core component of their cyber-security strategy. VMware micro-segmentation allows users to place a virtual firewall around every server inside their data center and control East-West traffic. Prior to the development of virtualized technology this was prohibitively expensive and complicated. However, as part of VMware NSX, the company’s software-defined networking and security software platform, it has become a viable option.
The promise of micro-segmentation and the plethora of other benefits, such as enhanced security, reliability and flexibility, offered by VMWare and other private cloud providers is helping to speed up the adoption of software-defined networking.
However, organizations are now also beginning to consider solutions beyond the private cloud and are exploring the benefits of the public cloud. And with organizations seeing the benefits of both public and private cloud deployments, hybrid cloud environments are fast becoming common in large organizations. So, to address this, VMware expanded its focus too and is looked to expand beyond the enterprise private cloud space where it is currently king.
A single security control panel for VMware and public cloud deployments
But how? It’s important to understand here, that technically the public cloud providers are actually running private clouds that they then rent out to their customers. Therefore, VMware has recognized that the best way forward is to enable organizations to deploy its NSX product across those public cloud environments.
This strategy is designed to capitalize on VMware’s already well-established management platform which many organizations are already happily using to manage their virtualized security in private clouds. And, once those organizations start adding public cloud environments to their infrastructure, the theory is that they will prefer to be able to use the same management platform across the entire hybrid environment. So rather than using Amazon’s cloud security controls, for example, they could have a single console managing security across both their public and private clouds.
This positions NSX as another choice for customers: rather than selecting between the public cloud providers’ own security controls and solutions by traditional firewall vendors that can be deployed in those public cloud environments – customers can now also opt for NSX to secure their public-cloud estate. But, how then, should organizations decide which approach to take?
Is NSX public cloud security for you?
There are a number of different factors to weigh up. Broadly speaking, the security controls built into public cloud platforms are free, yet fairly basic. Traditional firewall vendors like Check Point and Palo Alto Networks offer functionality like application awareness and support network objects that public cloud native controls don’t deliver – but of course, they come at a cost. Organizations need to evaluate NSX within this functionality/cost tradeoff.
NSX enables micro-segmentation, and an abstraction model of how to write security policies that many organizations may find advantageous. And of course, for an organization that is adding a public cloud deployment to a large VMware estate already managed by NSX, it will be convenient to manage the entire cloud estate from a single management platform.
What’s right for your organization will of course depend on your precise needs and infrastructure, taking into consideration both the cloud estates you are currently deploying and your cloud strategy for the future.
Whichever path you take to secure your hybrid cloud environment, visibility, governance and automation must be a critical part of your security policy management processes. As organizations move from single cloud models to more complicated hybrid infrastructures, as they work with more and more third parties, whether public cloud providers or firewall vendors, the prospect of manually controlling every new or amended security policy becomes impossible. To address these requirements, you need a security management solution that can automatically identify and map the existing application connectivity in your current network environment.
With such a solution in place you can then migrate your applications and their connectivity flows to the cloud (public or private) using the application map as a guide on how to accurately define the flows needed in the new environment. Furthermore, the automation solution will automatically generate the necessary security policy changes, as well as manage both the on-premise firewalls and cloud security controls holistically once the new environment is place.
Automation makes all these processes far simpler and quicker by eliminating time consuming, error-prone manual processes and delivers a powerful foundation for a clear, unified approach to security across your environment – no matter which tools and technologies you end up deploying.
Receive notifications of new posts by email.