Security Market Segment LS
Friday, 16 June 2017 11:26

Tools, automation, practices and culture all help security


Organisations might not be doing the right things to achieve good IT security, and there are indications that they aren't all motivated by the right concerns.

Part of the problem with IT security has been human nature, VMware networking and security business unit senior vice-president and general manager Jeff Jennings (pictured) suggested. People working in IT have a lot to do, and solving other problems tends to be easier and more fun than taking care of security issues. Vendors such as VMware can provide the tools, but the culture within an organisation has to change for them to be used to their fullest extent.

"Wannacry raised the level of awareness," VMware ANZ networking and security director Raymond Maisano told iTWire, noting the way one local health organisation's board made sure the IT department was on top of the issue.

On the other hand, Centre for Internet Safety managing director Nigel Phair (who, with Jennings, spoke at VMware's Evolve 2017 event in Melbourne yesterday) believes Wannacry only had a short-term impact on thinking, which returned to normal after a week. That said, such events probably have cumulative effects, he suggested.

But most of the concern about security breaches relates to the potential impact on an organisation's brand, Maisano suggested. So in the absence of mandatory breach reporting (which will come into effect in the coming months) organisations have generally kept quiet, even though "breaches are happening, there's no doubt about that."

Jennings, who lives in California where where breach reporting is already mandatory, told iTWire the number of notifications he receives has fallen since it was first introduced, and is now just a trickle. That suggests mandatory reporting does lead to a greater emphasis on security.

So what needs to be done in practical terms?

A still common mistake is to assume that perimeter protection is enough, said Maisano. Factors such as device proliferation, the disaggregation of services, and worker mobility mean that is no longer true (inasmuch as it ever was). It is still necessary, but not sufficient.

Microsegmentation is an important part of the security picture because it provides a way to control which other systems a particular virtual machine can communicate with, Jennings told iTWire. This is rarely possible when relying on physical firewalls, he said.

VMware's NSX puts this capability into the hypervisor, and assigned security policies are automatically applied wherever the workload is running.

Another issue is that around 60% of organisations don't have dedicated security teams. The relatively small size of the average Australian company has some effect on that, with many smaller organisations turning to managed security service providers to look after things. But Maisano said he is aware of a substantial and well-known local brand that is only now setting up a security team.

And some aren't on top of basic security hygiene factors such as encrypting data at rest and enforcing the use of complex passwords, warned Jennings, noting that layered defences help provide good security.

Jennings also pointed out that much of the initial use of public cloud happened in an informal way, for example when developers felt constrained by IT operations' lack of responsiveness. It was unrealistic to expect everything to be done securely in such a situation.

As the use of cloud became more widespread, organisations started to develop architectures with security in mind, in some cases going to the extent of building custom management planes.

"It's not impossible to secure things, (but) it's difficult to do it in a way that's consistent and comfortable for the enterprise," said Jennings.

So VMware is working to better support customers running hybrid infrastructure. Many organisations need a cross-cloud architecture, so the VMware stack is already available on a variety of public clouds, including AWS, SoftLayer, and those operated by the company's vCloud Air partners.

This allows organisations to operate using the same controls in the cloud as they apply to their own infrastructure, and takes advantage of existing skills.

But some also want to use native public cloud capabilities, for example to deploy microservices on AWS, so VMware is developing such capabilities.

Great security requires consistency, and automation can help provide consistency, he said. "When people rush, they make mistakes," but automation means tasks are performed correctly and quickly.

VMware's presumption is that such consistency is going to be more cost-effective, even if it means that some systems are overprotected. There's always a trade-off between security and cost, but organisations don't want to have to figure out everything separately on each platform.

Whether or not that presumption is correct will be revealed as VMware releases successive products in this area and customers put them to work, said Jennings.


As part of our Lead Machine Methodology we will help you get more leads, more customers and more business. Let us help you develop your digital marketing campaign

Digital Marketing is ideal in these tough times and it can replace face to face marketing with person to person marketing via the phone conference calls and webinars

Significant opportunity pipelines can be developed and continually topped up with the help of Digital Marketing so that deals can be made and deals can be closed

- Newsletter adverts in dynamic GIF slideshow formats

- News site adverts from small to large sizes also as dynamic GIF slideshow formats

- Guest Editorial - get your message out there and put your CEO in the spotlight

- Promotional News and Content - displayed on the homepage and all pages

- Leverage our proven event promotion methodology - The Lead Machine gets you leads

Contact Andrew our digital campaign designer on 0412 390 000 or via email



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.



Recent Comments