“Information security controls must become aware of changes in the infrastructure around them,” writes Neil MacDonald, VP & Gartner Fellow Analyst at Gartner, in a report named ‘The Impact of Software-Defined Data Centers on Information Security’, published October 16, 2012, refreshed August 18, 2014. “At its core, information security policies define connectivity — what users and groups should be able to connect to which types of applications (and, likewise, which should not). Any shift to software-defined infrastructure is incomplete without the enforcement of security policy compliance in terms of connectivity.”
Software-defined data centers enable greatly improved operational efficiencies and agility, as well as fundamentally better security. With VMware NSX, networks can be programmatically managed, allowing networking and security services to be provisioned in minutes throughout the data center. Micro-segmentation allows unit-level security controls to be implemented in a scalable and cost-effective manner both within and between data centers.
Tufin and VMware have collaborated to deliver end-to-end visibility into the security of virtual and physical environments. The combination of the Tufin Orchestration Suite with VMware NSX will help automate the design, provisioning, analysis and auditing of network security policy changes, from the application layer down to the network layer. Available by October 2014, this solution will help streamline micro segmentation, speed up application deployments, and automate security policy change processes.
“The software-defined data center is positioned to revolutionize network security," said Reuven Harrison, CTO at Tufin. "The ability to enforce micro-segmentation through the isolated hypervisor layer is a game-changer, but to fully reap its benefits, security managers need to control and manage it as part of their organizational policies and processes. Tufin’s collaboration with VMware ensures that VMware NSX becomes part of a consolidated plane of management and provides the level of control needed to enforce a tight and consistent security policy across the entire data center."
Security Policy Orchestration for the Software Defined Data Center
The interoperable Tufin Orchestration Suite and VMware NSX solution will address these challenges by delivering the ability to:
• Manage and control micro-segmentation across heterogeneous networks
• Centrally manage security policies on firewalls, routers and switches throughout the entire physical and virtual data-centers via a single interface
• Assess the risk posture and perform risk assessment before making policy changes
• Perform real-time compliance monitoring, analysis and alerts on NSX security policy changes
• Continuously track security policy configuration changes across enterprise firewalls
The interoperable solution will help enterprises to realize the full agility, efficiency and cost benefits of a Software-Defined Data Center, while ensuring network resources are protected by business- appropriate security policies.
“Micro-segmentation is the key to a Zero Trust model, and with VMware NSX™, customers can have an economically and operationally feasible way to deploy micro-segmentation to transform data center security architecture,” said Hatem Naguib, vice president, networking and security, VMware. “The combination of VMware NSX and the Tufin Orchestration Suite™ will enable customers to maintain a unified Security Policy across their physical and virtual environments."