Security Gets ‘Baked In’ at VMworld
Another VMworld has come and gone, but the latest one was distinctly different from its predecessors—and I’m not talking about the presence of “The Mountain” from “Game of Thrones” in the Druva booth. I’m talking about security finally taking its rightful place alongside the “speed, agility, flexibility” messages that typically surround the show.
The prevailing theme communicated to the 20,000-plus show attendees was enabling digital transformation through the adoption of cloud and hybrid cloud. VMware’s product teams clearly understood some time ago that security stood to be a major hurdle to digital transformation, because significant air time was dedicated to VMware’s maturing security arsenal, particularly in its demonstrations and customer testimonials around NSX and AppDefense. And in fact, one of VMware’s keynote “money quotes” on digital transformation prominently featured security: “If we solve for complexity we can achieve fantastic efficiencies and rock-solid security.”
Why am I making such a big deal out of this? Because security has been an afterthought throughout the history of IT. From the first web-enabled applications through today’s hybrid cloud environments, the promise of speed, flexibility and revenue has always outweighed considerations around security. This left security teams in the difficult position of having to go in after the fact and try to secure something that has already been deployed, or to slow down development efforts to ensure that security and compliance requirements were met (which often made security pros the least favorite colleagues of application developers). We’ve seen the results of this “afterthought” approach with the global breach epidemic and the ongoing expansion of data protection regulations.
At VMworld, there was a clear understanding that security can’t be an afterthought with digital transformation, if organizations hope to gain the benefits from this important trend. This requirement is having an impact on DevOps and bringing us closer to a new era where DevSecOps is the norm. One of my favorite quotes came from VMware customer David Mathews of SKY UK who said, “There came a time when we had to support the speed of our DevOps. Traditional networking change-ticket punching did not work. We want to bake in compliance and security to our applications.”
“Baking in” security was a recurring theme at the show. In fact, VMware’s announcement around the next version of NSX was laden with security capabilities, including AppDefense and “adaptive microsegmentation.” The overarching security message was clear: The fluid nature of today’s applications and resources demands dynamic and adaptive security. Static security measures are not sufficient to protect valuable data sources, because digital transformation is all about exposing valuable data for business benefit. As Maria Pardee of DXC Technology said during a panel session, “The data set is the power in business today. The bigger the dataset the bigger the power of the business.” It follows that the more accessible a company’s dataset is for customers, and the more consumable that dataset is, the greater their competitive advantage will be … so long as that data remains secure.
The presentations at VMworld—particularly those from real-world users—confirm that software-defined data centers and hybrid cloud adoption are expanding rapidly, often to fuel digital transformation efforts. As a foundational technology for this trend, VMware delivered a very strong case for “baked in” security, which also provides valuable leadership for its security ecosystem partners, we all must deliver the dynamic and adaptive capabilities that are required to enable secure digital transformation. It is a singular opportunity for security to step out of its “afterthought” past and into the new world of DevSecOps.