Network micro-segmentation makes a lot of sense from a security standpoint. But what about cost and feasibility? This white paper explores how VMware NSX can automate micro-segmentation in a software-defined data center, all the way down to the VM level. Download the paper to understand how NSX puts zero trust security well within your reach.
The software-defined data center (SDDC), while well understood architecturally, is beginning to reveal some of its benefits beyond agility, speed, and efficiency as organizations deploy and discover other
areas of improvement. One critical area organizations are driving SDDC deployment from is security. When enterprises and public sector IT organizations embrace SDDC and virtualize compute, network, and storage, they automate provisioning and greatly reduce time-to-market for IT applications and services. They also streamline and de-risk infrastructure moves, adds, and changes. This new operations model has some additional benefits. Where customers build their SDDC with the automation and “baked-in” security of VMware’s NSX platform, they’ve discovered some significant security benefits – fortuitously – as many organizations are trying to move to an increasingly fine-grained network segmentation approach (e.g., Forrester Research’s Zero-Trust Network Architecture) for their data center networks in response to the increasing incidence of attackers moving freely within the enterprise data center perimeter. These approaches wrap security controls around much smaller groups of resources – often down to a small group of virtualized resources or individual VMs. Micro-segmentation has been understood to be a best practice approach from a security perspective, but difficult to apply in traditional environments. The inherent security and automation capabilities of the NSX platform are making micro-segmentation operationally feasible in the enterprise data center for the first time. VMware NSX deploys three modes of security for data center networks – fully isolated virtual networks, segmented virtual networks (via high-performance, fully automated firewalling native to the NSX platform), and segmentation with advanced security services with our security partners. Examples of partner integration include Palo Alto Networks for network segmentation with next-generation firewalls or Rapid7 for vulnerability scanning. When it comes to the business case, network micro-segmentation is not only operationally feasible using VMware NSX, but cost-effective, enabling the deployment of security controls inside the data center network for a fraction of the hardware cost.