The applications of today use the network in ways we never thought or planned for. Often distributed across multiple compute, storage and database layers, modern applications have come to reflect the characteristics of the network itself. Add to this, the challenge of identifying the true enterprise perimeter and we can see that an architectural gap has emerged between the policies that can protect the application layer – and the controls that secure the infrastructure upon which it relies. Enter, a new foundation for enterprise security.
“Virtualisation provides the fundamental requirement allowing us to architect for security, by allowing precise and dynamic binding of security services to applications, data and users.”
Pat Gelsinger, Chief Executive Office, VMware
Today, the architecture of enterprise IT is far removed from the days of client/server. Where it was once relatively easy to align IT security controls within the stack to the apps and data that required protection, a typical app is now likely to be distributed across multiple compute, storage and database layers. Alternatively, it could be a composed service comprised of a host of containers, spread across a mix of on-premises and Cloud infrastructure.
When thinking of the relationship between infrastructure and data, it is useful to consider the various distributed networks of enterprise IT as a sort of neighbourhood. In this analogy, data centres are the buildings and the network links are the roads. From a security perspective, we have long sought to secure our networks by placing stronger locks on the doors of those buildings.
In a typical enterprise IT environment, with distributed applications or composed services sharing enormous amounts of traffic between multiple data centres and databases, one of the greatest challenges to network security has become protecting the confidentiality and integrity of the data itself as it flows through the network – the “east-west” traffic.
By leveraging the existing benefits of virtualisation, and extending the same ease and flexibility to the network, VMware’s NSX promises to allow users to spin up a network easily as one might spin up a VM – complete, multi-tier virtual networks that can be saved, deleted, and restored as simply as virtual machines.