Baked-in Application Security Still Needs Multi-Cloud Visibility and Global Policy Capabilities

Tim Woods

A big focus of VMworld 2019 was on deploying hybrid and multi-cloud environments, but you can’t talk cloud without talking security, which did receive the attention it deserves.

Last year, security finally took its rightful place alongside the “speed, agility, flexibility” messages that typically surround VMware’s annual conference. This year, the company put security in the spotlight by announcing its intent to buy Carbon Black for $2.1 billion, the latest in a string of tech vendors acquiring security companies this year. VMware’s plans for the endpoint security vendor is an excellent example of how the industry finally understands security must be baked into any solution. It can’t be an afterthought.

But as much as VMware’s strategy to wrap security around its applications is a sound one, it doesn’t change the need for visibility across all virtual environments and public clouds, or the necessity of global security policies that can be easily and consistently applied in a multi-cloud environment.

Baking-in Security by Buying It

Carbon Black’s cloud-based endpoint security platform uses big data and behavioral analytics to power threat hunting, incident response, antivirus, and endpoint detection capabilities, as well as real-time endpoint query and remediation. VMware plans to embed this technology into its own offerings, including NSX, Workspace One and SecureState as it builds up its own dedicated cloud security business unit. This is a part of VMware’s broader strategy of building security functions directly into their platforms.

VMware’s snapping up Carbon Black follows on the heels of purchasing application runtime security start-up Intrinsic, which added serverless security to VMware’s cloud portfolio and will expand its AppDefense platform into the public cloud to secure serverless functions on Amazon Web Services, Microsoft Azure, and Google Cloud. Intrinsic’s application runtime security technology for Node.js protects applications by limiting their privileges to only what they are supposed to do and blocking operations not whitelisted by security policies.

The security acquisition spree by VMware is part of a bigger wave of cybersecurity merger and acquisition activity since last year. During the first quarter of 2019, Cybersecurity Ventures reported more than $7 billion in cybersecurity deals. And with the growth of cloud, including the emergence of the multi-cloud paradigm, it’s not surprising companies such as VMware are looking to bake security into their platforms and enhance their capabilities. The Carbon Black acquisition is also following a trend towards moving endpoint detection and response (EDR) into where users are spending the most time—their browsers and productivity suites—with VMware looking to move it to span the cloud and virtual environments.

Moving security capabilities away from the device with compute and storage limitations and driving analytics into cloud makes a lot of sense. It enables the delivery of many security services including EDR on top of a single platform, but the multi-cloud reality still presents challenges for security professionals, as highlighted by our 2019 State of Hybrid Cloud Security survey.

Multi-Cloud Security Requires Visibility

Even as cloud platform vendors such as VMware better bake in security, many organizations now use several cloud environments, and must work to understand how they share security responsibility for the cloud. VMware’s acquisition of Carbon Black speaks to the trend of thinking about security sooner than later, but it doesn’t change the reality that IT security teams must keep up with the complexity involved in securing today’s multi-cloud environments. More importantly, they need to be able to apply global security policies across all clouds and applications.

Just as VMware understands the need to embed security in its offerings that span the public cloud and virtual environments, FireMon is keeping pace with the need to consistently apply security policy across such hybrid environments. At VMworld 2019, we announced our Global Policy Controller (GPC) for VMware NSX, the first solution to deliver persistent network security policy enforcement across dynamic virtual, multi-cloud, and multi-platform environments.

FireMon’s GPC for VMware NSX automates security across diverse network and security products regardless of vendor, where the backbone is the VMware NSX architecture. As much as it’s important to think about security when applications are being developed, CISOs need functionality based on a solid but actionable network security infrastructure that allows them to quickly optimize rules and add global policies without having to overhaul the underlying DevOps foundation.

FireMon’s GPC is meant to complement and extend the security capabilities of VMware NSX by providing automation capabilities for complex, virtualized network environments and allows network administrators to manage infrastructure with speed and agility. GPC for VMware NSX not only helps security leaders responsible for protecting network assets and securing customer information but reduces complexity for security professionals in the trenches.

Embedded Application Security is Now Table Stakes

VMware’s recent acquisitions and overall efforts to bolster its security chops bodes well as organizations increasingly embrace the multi-cloud paradigm based on their business requirements. However, confidence that robust security is embedded in their virtual and public cloud applications is just a start. It must be accompanied by complete visibility and the ability to easily apply consistent, global security policies.