THE NEW IT SECURITY PARADIGM PART 4 – VMware’s NSX, and its Promise of a New Standard

By Richard Dornhart, National Security Practice Manager, Data#3

[Reading Time – 2:50 minutes]

Over my last 3 blogs, I’ve explored the role that network virtualisation looks set to play in resolving the challenges of securing enterprise networks – particularly with the rise of distributed applications and composed services. You can read them here:

Such a perspective on the capabilities of network virtualisation is quite new, and is a foundational capability of VMware NSX. This vSphere hypervisor based solution, allows security policies to be created that are not only enforced at every virtual machine, but directly aligned to application workloads like never before.

Virtualised security, tangible results.

This view is the most promising opportunity yet to close the architectural gap that has precluded us from thinking of enterprise IT security in a truly holistic fashion. It will have dramatic implications, allowing companies to better secure the growing number of software-defined data centres, and the applications they own.

By leveraging the existing benefits of virtualisation, and extending the same ease and flexibility to the network, VMware’s NSX promises to allow users to spin up a network easily as one might spin up a VM – complete, multi-tier virtual networks that can be saved, deleted, and restored as simply as virtual machines.

NSX will also enable users to connect virtual machines to virtual networks that span multiple subnets, across physical locations, allowing a workload to be moved to wherever compute capacity is available.

Applying granular security.

NSX’s ability to embed security functions directly into the hypervisor will enable micro-segmentation to be delivered, and granular security to be applied to the individual workload. As a result, data centre security promises to be significantly improved, as security policies are enabled to travel with the workloads, regardless of where those workloads are or how they’re attached to the underlying network.

One such scenario might be to spin servers and workloads up in an NSX compatible Cloud, and connect the logical ports of the workloads to the NSX logical switch, which is stretched from the on-premises data centre to the Cloud data centre. Application components can then be added to a security group, independent of the workload location or underlying network, thus automatically protecting on-premises and Cloud-based workloads via one, centrally managed security policy.

Zero Trust environments could be provisioned readily, and any VMs moved would take their policies with them. Should any vulnerability be detected, the NSX Security tag for the VM would be dynamically updated, and quarantine controls enforced. Each VM could then effectively be given its own perimeter defence.

According to VMware, future NSX capabilities may extend to include adding encryption as simple as drag-and-drop. A dashboard solution would show all available micro-segments across Public and Private Clouds, to which policies can be applied in real-time. Encryption, for instance, becomes a checkbox on an application group.

That’s an approach that would alleviate any number of headaches for security experts.

VMware – from virtualisation provider to software-defined-security platform builder.

While NSX has been shipping for 3 years now, VMware has been careful to remind us that NSX is not a security product, and NSX is not the only security capability you need in the virtual data centre. NSX is positioned as a platform for high throughput, stateful firewalling up to layer 4, however for deeper, next generation firewalling, close relationships with vendors will be vital to its success.

As a result, VMware has partnered with an ecosystem of leading hardware and software vendors, including Palo Alto, Checkpoint, Fortinet, Intel Security, Trend Micro and Symantec, ensuring data at rest and traffic between VMs can be easily inspected by market leading security solutions. In addition, NSX Security Groups – which are dynamically updated as VMs come and go – can be used in security policy synchronised with the supported Next-Gen Firewall vendor and used in firewall rules, pushed right through to physical firewalls at the data centre perimeter.

This latest iteration of the vSphere platform goes a long way towards closing the architectural gap that continues to hamper end-to-end security in the extraordinarily dynamic application environments of today.

For more information, visit Data#3 Secure or contact a Data#3 security specialist.

Tags: Cybersecurity, Network Security, Security



Azure Site Recovery
Beyond Backup: The Role of Azure Site Recovery in Business Continuity

In the first of our Azure Backup blog series, we discussed the value of data, and the critical importance…

Delivering the Digital Future, Securely – for Western Australia
Delivering the Digital Future, Securely – for Western Australia

Data#3, proudly sponsored by Cisco, Microsoft and Palo Alto Networks, are pleased to present to you: Delivering the Digital Future,…

K-12 Video Period
Securing the school network amidst escalating threats

Security threats are now a routine problem for increasingly connected education institutions. The good news is that a new generation…

Protecting Data in a Cloud World: What You Need to Know About Azure Backup

Welcome to Part 1 of our 3-part blog series, exploring data protection options and considerations for when you’re operating in…

The Southport School Revisited
The Southport School: Four Years On

How have their investments in wireless networking and security paid off after four years? Download Customer…

Palo Alto Security Growth Partner of the Year
Data#3 Triumphs with Palo Alto Networks Security Award

November 11, 2022; Sydney, Australia: Leading Australian technology services and solutions provider, Data#3, is proud to announce that it has…

Delivering the Digital Future, Securely

Cyber security challenges continue to evolve, compliance obligations increase and skills shortages stress your teams – what if we could…

ACSC Essential Eight Maturity Model: Regular Backups
Essential Eight Maturity Model: Regular Backups

In 2021, the Australian Cyber Security Centre (ACSC) updated the Essential Eight Strategies to Mitigate Cyber Security Incidents Maturity…