VMworld 2014 Takeaway: Software-Defined Security

By Scott Allen

One of the key topics that had everyone talking at VMworld 2014 in San Francisco was the Software-Defined Infrastructure, or SDI—an advance on the traditional data center that makes it easier and faster for businesses to scale network services to accommodate changing needs. The SDI extends the benefits of virtualization, which include increased uptime and automated provisioning, plus reduced server sprawl and lower energy costs, to the realm of networking and storage infrastructures.

This more fully virtualized environment is a stepping stone to the increased flexibility and cost savings of the hybrid cloud—but it also presents real challenges to traditional data center security solutions.

Today’s data center security technologies are designed for existing data centers—which makes moving to a SDI a chancy proposition for most businesses. Current security solutions are largely blind to what actually goes on in a virtualized data center, with its dynamic provisioning and virtual machines. Running traditional security solutions on a fully virtualized environment can result in gaps in protection and coverage, make security management inefficient and difficult, and create problems with compliance.

So I was encouraged by the number of security-related announcements at VMworld that point to advances in protection for servers deployed in physical, virtualized and cloud environments—and that address the security challenges associated with SDI.

Intel® Security, a newly formed group within Intel that focuses on security projects and technologies, announced the Intel® Security Controller, a software-defined approach to securing virtualized environments. This security controller integrates the McAfee* Virtual Network Security Platform, an advanced intrusion protection system (IPS) optimized for Intel® Xeon®-based servers, into VMware* NSX, the industry-leading technology for network virtualization. This combination allows users to virtualize individual security services and synchronize policy and service injection within workflows by providing an abstraction layer between the security and networking infrastructures. This in essence creates software-defined security, allowing businesses to automate their existing security management applications to span security policies across physical and virtual network infrastructures. This leads to cost-effective security protection of virtualized workflows within an SDI and simplified management and deployment.

Also at VMworld, McAfee (now part of Intel Security) announced major advancements to its Server Security Suites portfolio, offering comprehensive protections for hybrid data center deployments, including software-defined infrastructures. Because significant amounts of data are stored on servers, they are attractive targets for hackers, and providing your server environment with integrated, broad-based protection is essential. McAfee’s new Server Security Suites release incorporates a number of individual security technologies into a single, easy-to-manage solution that extends visibility into your underlying server infrastructure whether it is on-premises or off. It shields physical, virtual and cloud environments from stealthy attacks so businesses like yours can safely explore the flexibility and scalability of hybrid infrastructures.

VMware also announced a new program to help businesses and organizations meet compliance mandates for regulated workloads in cloud infrastructures. VMware’s Compliance Reference Architecture Frameworks provide a programmatic approach that maps VMware and Intel security products to regulatory compliance in cloud environments for industries with strict security or privacy mandates. The framework provides a reference architecture, regulation-specific guidance, and thought leadership—plus advice for software solutions that businesses require to attain continuous compliance. These frameworks will help take the guesswork out of meeting strict regulatory guidelines when using cloud-based infrastructures for restricted workloads.

The first available framework is the VMware* FedRAMP Compliance Reference Architecture Framework, which addresses the needs of organizations to enable and maintain a secure and compliant cloud environment for U.S. government agencies. Further compliance frameworks from VMware and Intel are in the works, including one for HIPAA.

VMware and Intel are building the foundations for software-defined security, making it easier—and safer—than ever for your business to achieve the benefits of virtualization and the hybrid cloud.