VMware has a strong reputation in system infrastructure management and now intends to wedge its way into the enterprise security market. The vendor has momentum but might find it difficult to become a leader in this extremely complex and competitive market.
Data center environments evolve and change with time, as do security the requirements for those environments. As data centers continue to move toward the cloud, VMware hopes to extend its capabilities to emerging security niches and gain a foothold in the future security market.
Most companies highly prioritize security. In fact, IDC forecasted worldwide spending on security-related hardware, software and services will reach $133.7 billion in 2022, an increase of more than 45% from 2018.
The challenges of efficient security
Security evolves constantly. Early security tactics focused on securing the network layer with products such as firewalls that repelled intruders at the network perimeter.
But the bad guys found other ways into corporate data. In response, organizations must use dozens of security tools to ward off the hackers in multiple ways. In fact, a Safebreach survey recently found that the average enterprise-level company deploys around 75 security products.
Companies now must deal with security sprawl, or the challenges that stem from managing so many different products. Software changes constantly and new users continually enter networks, so keeping many different security products aligned becomes more difficult. Criminals search for cracks in areas where one product’s capabilities end and another one’s begins.
Running so many products and platforms also increases maintenance work. Techies bounce from one system to another when troubleshooting. As the number of endpoints and checkpoints rise, many IT admins can feel overwhelmed by the amount of work security management presents.
Evolving security models
“VMware is driving thought leadership in zero-trust security,” said Peter Lindstrom, vice president of enterprise and next-generation security research at IDC, an IT analyst company based in Framingham, Mass.
Organizations used to trust the data stored in their data centers. This approach let hackers access and alter information freely if they could bypass the network perimeter. As a result, many organizations have now adopted a zero-trust policy, which means these businesses trust nothing and constantly check information both inside and outside of the network perimeter. VMware hopes to provide security products that align with this new strategy.
VMware also wants to use its system management knowledge and cachet to simplify security administration and reduce sprawl. VMware has a number of products — such as NSX and AppDefense — that already include security functionality. The company has also acquired niche security startups: AirWatch, which monitors mobile devices; CloudCoreo, which secures cloud environments; and Carbon Black, which secures endpoints.
VMware can extend the capabilities of its different products and integrate them with other one another. A large number of businesses already rely on VMware management tools, and such advances lower training requirements and simplify management and troubleshooting.
“VMware will be able to incorporate security functionality into the hypervisor,” stated Marco Alcala, CEO at Alcala Consulting, an IT consulting firm based in Pasadena, Calif. “In that case, businesses will be able to turn security functionality on with minimal effort.”
In March 2019, VMware introduced a VMware Service-Defined Firewall to help organizations protect their data. This new internal firewall locks down “known good” behavior at both the network and host level to reduce a possible attack surface.
Impediments to adoption
Still, VMware faces challenges in its latest foray. VMware’s security portfolio is smaller than more established security vendors and lacks some key elements.
“I could see VMware adding security analytics to its product line,” Alcala said.
VMware is not well known in the security market. As a result, the executives in charge of making security purchases have little familiarity with the vendor’s security offerings and might look toward more popular, vetted security vendors.
“The big boys in enterprise security, like Symantec, Cisco and Juniper, have well-established practices and satisfied customers,” Lindstrom said. “VMware is the new guy in town, so corporations [might] be skeptical about what it can deliver.”
VMware has extended its reach and its recognition through acquisitions. Bringing all of the different pieces, however, means integrating products not originally designed to work with another — a laborious undertaking. Personnel challenges also arise whenever large companies assimilate smaller ones.
“Heterogeneous support has been an ongoing challenge for all vendors, including VMware,” Lindstrom said. Typically, vendors embrace their own products rather than support competitors’, even though their customers might employ products from multiple vendors and require such connectivity.