Trading off between mobility and security? No way!

Posted on 01/12/2016 by blogsadmin
DISCLAIMER: this article is older than one year and may not be up to date with recent events or newly available information.

Guest blog post from Tom Vallons, Partner Development Specialist Business Mobility, VMware Benelux

In 2018 the General Data Protection Regulation (GDPR) will come into effect in Europe, making data protection much more of a business consideration than a risk management issue. Actually, for some organizations, ensuring customers’ data privacy will become a unique selling proposition. For CIOs, the challenge will be to match the obligations enforced by the GDPR with trends such as mobility, increasing the risk of data proliferation and loss.

So, the question that arises is: are business mobility and data security doomed to be opposites that can’t be aligned without costly trade-offs? Does the act of accessing applications and data across devices and locations automatically put confidential data at risk? No, it doesn’t. However, according to recent research by Vanson Bourne for VMWare, 47% of IT leaders are under so much pressure to deliver on business mobility that they are willing to take calculated risks on the security of organizational data. As many as 66% say that employees push them to offer mobility, and 22% of all employees admit frequently overriding corporate mobile policies to be more productive at work.

The key to tackling this challenge lies in micro-segmentation.
To better grasp the opportunities it offers, let’s first take a look at the desktop side of the story. Virtualizing desktops enables operating systems, applications and data to be run centrally in the data center, already creating security benefits such as secure access, centralized patching against vulnerabilities and reduced risk of data loss on devices, as the data is located in the datacenter. But there is a downside too: the more desktops that are virtualized, the more traffic that is generated – both north-south and east-west within the data center – leading to an ever-larger attack surface for malicious persons. Furthermore, 80% of investment in security is spent on protecting the data center perimeter (north-south traffic), yet at least 80% of traffic is east-west, i.e. lateral traffic between virtual machines and servers. Hence, in many companies, while it is hard to break into the data center, once inside there is little to no defense.

Securing through software
So what are the options? One might consider building a firewall around every single component in the data center, but that is an expensive and operationally very infeasible solution. Enter network virtualization technology! Moving network and security intelligence into software (a network hypervisor, if you will) suddenly opens up all benefits associated with software. Security can now be inherently tied into every individual workload, it can be automated and it will therefore follow the workload even if it moves outside of the datacenter it was born in.

Because we are now able to tie a relevant security policy to every single component in the data center, even if malware were to find its way into the data center, it would only affect one virtual machine and couldn’t expand laterally to other components. You can also create multiple security zones in the data center, grouping for example all sales or finance-related servers and data together. Only authorized users – based on their credentials – can access these pre-defined security zones. Aside from internal users, this micro-segmentation approach also allows third parties, such as contractors, to access specific data needed to run their projects in a secure way, without them having access to unauthorized company data.

But what happens if disaster strikes and, despite all your investment in malware detection tools, your company is hit by a cyberattack? Let me illustrate this with an example. Imagine a doctor’s desktop is hacked and malware starts to penetrate the data center, looking for confidential patient data. The benefit of combining desktop virtualization with both network virtualization and third-party intrusion detection and prevention tools is that an affected virtual machine – the doctor’s desktop – can immediately (and automatically) be put in quarantine and then remediated by an antivirus tool. So there’s no need for the user to log a ticket with IT reporting a possible threat and then wait for IT to pick it up and handle it…by which time the damage will be done.

The mobile connection
Obviously, there are other scenarios too. What if the doctor had accessed the data center via his iPad or smartphone and the hospital had fully embraced the concept of a digital workspace ? In that case, the doctor would have enrolled his iPad with a mobile device management tool to gain remote access – again based on his credentials – to a limited set of data and applications. To do so, he would probably have had to establish a VPN connection first in order to safely approach the data center. On the security side, an enterprise mobility  management tool will cover the creation of per-application VPN tunnels, without user intervention, instead of connecting the entire device. By adding network virtualization to that, the benefits of an application-specific VPN tunnel – from an authenticated user’s enrolled device – are extended by those of micro-segmentation, providing a comprehensive solution that perfectly aligns business mobility and security!

So, in summary, end user computing technologies enable your users to access all their applications and confidential data from the devices of their choice, in a secure way.  The combination with network virtualization and micro-segmentation allows you to bring security to a next level, by setting security policies just once, to secure individual workloads – independent of how they move around – and to protect the data center from attacks, including from within: a guaranteed zero-trust approach.


Category: Mobility

Tags: , ,

Related Articles

Posted on 05/06/2019 by vmwarebelgium

5 basic principles for a better cyber hygiene

The world today is hyper-connected. We are always online via our smartphone, our laptop, or even via our ‘smart’ car. This also means that you can access your company’s data and apps from any location. But are you aware of your cyber hygiene?  Always on: that’s good for the user’s experience. But it has one major […]

Posted on 03/01/2019 by vmwarebelgium

Why you should care about logical separation and how you can do it in software?

Security has always been a must have, in fact a necessity for business and indeed civilisation itself. No fortified castle, no community.  No alarm, no jewels, no perimeter security, certain data breach. You get the point.  Guest blog by Joe Baguley, VP & CTO EMEA, VMware Security has been solved for much of the physical […]

Posted on 17/02/2017 by blogsadmin

Do you need a new approach to security? 5 things to come that says the answer is yes

Guest blog by Tom Corn, Senior VP of Security Products at VMware Tackling the cybersecurity issues facing the modern enterprise: as businesses accelerate along their digital transformation journey, new approaches to cybersecurity will become essential. More so than ever before, security is top of mind for organizations. As data center infrastructure increasingly moves to the cloud, […]

Comments

No comments yet

Add a comment

Your email address will not be published.

This site uses cookies to improve the user experience. By using this site you agree to the privacy policy