Clicky

VMware Announces Security Innovations on Zero Trust Architecture
by Shelly Kramer | October 6, 2021

The News: At VMware’s VMworld 2021 this week, VMware, a leader in security solutions, announced new security innovations built on Zero Trust architecture that will be more effective and easier to use. The new innovations are intended to deliver security for a wide range of machines, endpoints, devices and containers. Read the full press release here.

VMware Announces Security Innovations on Zero Trust Architecture

Analyst Take: At VMware’s VMworld 2021 event this week the company made a number of security-related announcements, including ransomware protection, secure access service edge (SASE) and more developments in the company’s “journey to Zero Trust.”

With these moves, it’s clear that VMware is improving their security portfolio with new innovations intended to cover end users across a variety of application and environments. Moreover, and beyond simply improving the company’s security portfolio, what we are seeing is the evolution of VMware, shifting from a virtualization centric focus to a focus on helping customers effectuate and orchestrate their multi-cloud journeys.

VMware’s VMworld 2021 security-focused announcements include:

  • Secure workload access for Zero Trust in clouds and data centers
  • Elastic application security edge for better cloud-to-cloud security
  • VMware Carbon Black Cloud for and VMware Cloud Disaster Recovery for ransomware protection and recovery
  • CloudHealth Secure State for improve security visibility across public clouds
  • API security and Kubernetes Security Posture Management for app protection
  • VMware SASE and VMware Workspace ONE for better security for remote workforces

The New Era of Cybersecurity

We are living in a new era of cybersecurity threats and attacks and VMware needs to be able to deliver the necessary security services that organizations require in order to be protected. According to internal analysis from VMware, there are 8.4 trillion security events per week. We know this space well, and it’s realistic to say there’s no end in sight as it relates to cybersecurity risk and the certainty of future breaches — for organizations of all sizes. And the costs of mitigating and dealing with security breaches are rising at a rapid pace. Ponemon’s Cost of a Data Breach Report 2020 states that cybersecurity breaches cost an average of $3.86 million in 2020, and took over 200 days to identify. When looking at ransomware specifically, total costs were around $20 billion in 2020, an increase of over 50 times since 2015. What’s more? Cyber criminals are getting more sophisticated every year and the rate of cybercrime is not slowing down.

The cost of cybercrime to an organization includes a variety of land mines that must be navigated carefully, including the ransom of, damage to, release of, and/or destruction of data, including employee personal data, customer data, and corporate financial data. Theft of intellectual property, fraud, embezzlement, and massive business disruption are all part of the equation as it relates to a cyberattack. The reputational harm to an organization’s image, impact on customer trust can be significant and long lasting and post-attack work required by IT teams restoring systems, deleting hacked data and systems, looking for additional vulnerabilities and/or places where a system has been compromised are in some cases seemly never ending.

Adding to the complexity here, the rapid evolution of cybercrime is happening at a time when there is a dearth of highly skilled cybersecurity talent. Today, every IT position and every IT worker, regardless of how qualified that individual may or may not be, is a cybersecurity position/worker. Adding a global pandemic to the mix, employees working remotely, businesses being disrupted as they pivot to hybrid work environments and it’s the perfect storm of a situation that threat actors are wasting no time taking advantage of.

This is a long way of saying that it’s no surprise to see organizations like VMware doubling down on security offerings, especially those that facilitate the reality of the hybrid workplace that is without question part of our new workplace reality. Combine that reality with the fact that threat actors have quickly learned that cybercrime really does pay, and there is every reason to expect global cybercrime incidents and damage to increase at an exponential rate. Humans alone can’t combat security threats, technology must be a part of the equation.

Breaking Down VMware’s New Security Innovations for the Cloud

VMware’s new security innovations for the cloud focus, naturally, on Zero Trust. VMware’s Zero Trust architecture inside clouds and data centers offer necessary protection for customers. Critical communications between workloads and applications are secure, as is workload access. Security teams can be assured that all critical areas are covered.

I’m also encouraged to see VMware’s edge to cloud security focus with the launch of an elastic application security edge (EASE) for cloud to-cloud security that can scale and adjust as app demands fluctuate. This eliminates current applications that lack the agility to scale as needed and can be a weak spot for security. Finally, the new CloudHealth Secure State offers visibility into security across multiple public clouds and on-premise data centers, giving security and IT teams a single source of truth for protection. With healthcare organizations being at the forefront of targets for threat actors, CloudHealth Secure State is a timely offering.

VMware’s Big Announcements for Ransomware

Cybersecurity Ventures predicted earlier this year that global ransomware damage costs are anticipated to reach $20 billion this year, 57 times more than it was in 2015 and up 225% from the prior year. Without question, ransomware is clearly the most rapidly growing type of cybercrime. In fact, there are now hacker groups offering ransomware-as-a-service offerings, providing criminals with everything they need to launch an attack. organization will become a victim of a ransomware attack every 11 seconds. Manufacturing, healthcare, academic institutions, infrastructure, and financial services organizations are all key targets, but the reality is that ransomware groups aren’t picky — every business in every sector is an opportunity to make money. According to the FBI’s Internet Crime Complaint Center (IC3), a new attack now happens every 11 seconds.

That’s why I was encouraged to see that VMware’s VMworld 2021 announcements didn’t stop with the cloud. With sophisticated ransomware threats on the rise, VMware’s Carbon Black Cloud is an attractive offering. Carbon Black can be deployed with simple switch in the management center and the security solution analyzes billions of events to determine what is normal for an organization, making it easier to identify and stop a potential threat actor.

VMware also rolled out a Disaster Recovery-as-a-Service solution, VMware Cloud Disaster Recovery. This is another easy-to-use solution that enables rapid recovery so organizations can avoid paying the ransom and get back to business without much time lost. I believe that solutions of this nature, whether offered by VMware or any other vendor, are solutions that are soon to be critical pieces of security infrastructure.

Hybrid Workplaces Require Protection for Employees Everywhere

As I mentioned earlier, navigating a global pandemic has accelerated a shift in workplace norms. No longer must employees physically be in an office in order to do their jobs, and it’s quite clear that hybrid work, and a hybrid workplace, are realities of the future of work, and the now of work that are here to stay. That said, with those arrangements comes headaches for IT teams who are responsible for ensuring company data is secured no matter where an employee is. We are seeing many offerings from vendors designed to provide protection for a remote, hybrid workplace, and it’s not surprising to see VMware join the pack.

The VMware Anywhere Workspace built on Zero Trust security capabilities answers the call, offering controlled levels of access to apps and data to address the needs of a distributed workforce.

VMware VMWorld 2021 Security Offerings Wrap Up

In summary, cybersecurity threats and crimes are increasing in volume and sophistication and the cobbled together security approach that some organizations have just won’t cut it anymore. VMware’s WMworld 2021’s announcements around security offerings show the company is entering the arena alongside many other vendors with security-focused offerings, hoping to protect customers in data centers, public clouds, containers and other endpoints. This new security announcements built on Zero Trust architecture are the kind of innovations that I would expect from VMware. This is, however, a crowded space with innovative technology offerings around security being a key focus for vendors today.

Beyond security-focused offerings alone, it will be interesting to watch VMware execute its pivot from an expert in virtualization-centric offerings to hoping to become an expert and trusted vendor partner in all things multi-cloud orchestration, and definitely something we’ll be watching with interest.

Disclosure: Futurum Research is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Additional insights from Futurum Research:

Microsoft Issues Warning on Large Scale Phishing-as-a-Service Operation

The New Normal: Hybrid Work Means Greater Focus on Endpoint Security

AT&T Phone-Unlocking Malware Scheme Costs Company $200 Million and Shines Light on Potential Threats

Image Credit: Fierce Telecom

About the Author

A serial entrepreneur with a technology centric focus, Shelly has worked with some of the world’s largest brands to lead them into the digital space, embrace disruption, understand the reality of the connected customer, and help navigate the process of Digital Transformation. Read Full Bio.