Cybersecurity breaches and attacks continue to increase despite enhanced security measures. The reason why? Many attackers have learned to defeat the operational model of physical networking security; they’ve also found a successful workaround traditional perimeter-centric security. With greater interconnectedness between networks, agency databases, clouds, individual machines, and more, building walls around a network is no longer enough to stave off attacks. Malicious hackers can access networks and critical data through stolen credentials and then easily move from workload to workload, taking the data most valuable to them. The time has long passed where firewalls were strong enough; organizations should now be concerning themselves protecting the workloads inside the network perimeter.
Typically, protecting virtual workloads has been a costly endeavor, especially in terms of time and money. Manual intervention was required to wrap the security controls around workloads; and as the number of loads and virtual machines continues to grow, manual controls are no longer a feasible option for most cybersecurity teams. This issue is further compounded by the high level of challenges agency IT teams are already facing, including on-demand IT, agility, legacy infrastructure support, FITARA regulations, and a shortage of security talent. And as mobility and teleworking options become more important to both employees and citizens, it’s no surprise that government agencies need to modernize their approach to virtualized security and re-think their posture.
Today, the key is to defend every door to information inside the network, rather than just the main portal or access point. VMware’s Networking Virtualization platform, NSX, changes the way the network and application interact, effectively bridging the gap by enabling automated creation and management of firewalls and distributed control policies for workloads or applications. This makes micro-segmentation, a way of parsing out data and access to that data for users, a feasible security practice for any organization.
With NSX for AirWatch and Horizon, government agencies can effectively address:
The ability to immediately segment the network into appropriate zones without additional physical network investments is key to saving costs and time. This allows for security services to be provided closer to applications, leveraging existing platforms
By consolidating applications quickly, IT leaders can provide consistent policies across the agency and even the cloud. This approach also enables true resiliency for application disaster recovery.
With a consistent security policy in place for an agency’s network, NSX simplifies networks security automation that can be done at the agency’s desired pace.
This approach to virtualized security helps to better secure the data from attackers breaching traditional firewalls walls; it also enables agencies to actually be more open with their data. A drive for better online serviced and mandates for open data means agencies must provide more access to legitimate traffic. Field workers, emergency response workers, self-service kiosk inspectors, and more need to have access to data when they’re outside of physical, as well as IT, walls. By setting policies across data rather than the systems and networks, organizations can get the right information to the right people at the right time.
Even more, NSX isn’t just the right fit for civilian agencies, it also meets the requirements of national defense organizations. NSX recently received a STIG (Secure Technical Implementation Guide) from DISA, an official guidance from the organization on how to securely configure a solution for unclassified systems. Unlike civilian agency’s security requirements like ATOs (Authority to Operates), STIGs require far more stringent security requirements and testing, which in this case ensures NSX is compliant with strict DoD regulations. Currently, VMware NSX is the only SDN solution that has a STIG, making it one of the strongest and most secure options on the market.
For more details on how to implement the next layer of defense, download this whitepaper from VMware. And to learn more about securing your digital agency, visit the VMware booth, #432, in the Carahsoft Partner Pavilion at DoDIIS.