Security is a team sport, says Tom Corn, SVP and GM of security products at VMware.
It’s a top priority for C-suite executives (hello, Capital One data breach), and it’s been blurring the roles between the security and networking teams for years. However, application security is also changing the role of virtual administrators (vAdmins) and expanding their job responsibilities as silos between InfoSec and the rest of the enterprise begin to converge.
“Broadly speaking, these days the InfoSec team ultimately tries to focus themselves around how do they set broad policy around security — the strategy, the governance model — and how do they detect, investigate, and react to vulnerabilities in the infrastructure,” Corn said.
Meanwhile, the task of hardening the infrastructure inside a software-defined data center falls to the vAdmin team, he added.
“This happened a long time ago with the network team, where now the network team is typically operating firewalls,” Corn said. “But now, with vAdmins, we’re seeing them take this broader role.” This involves monitoring virtual machines (VMs), and making sure they aren’t behaving strangely, which could signal an attack.
“The security team will often scan for vulnerabilities, but they are working with the virtual-infrastructure team to remediate those vulnerabilities,” Corn said. “And they are starting to take a more active role.”
This becomes increasingly important as enterprises deploy hybrid clouds, which can lead to more complex IT environments with some applications running in public clouds and others in on-premises data centers. It also means more VMs to configure and patch — and that expands the attack surface for data breaches.
At least 99% of cloud security failures through 2023 will be the customer’s fault, according to Gartner. And according to the Cloud Security Alliance’s most recent report, published last week, data breaches remain the No. 1 cloud security threat, followed by misconfiguration and inadequate change control at No. 2.
“It’s not that common that someone says I was breached because I don’t own this [security] product,” Corn said. “It’s more common that people say I was breached because of the complexity of my environment.”
Because of this, vAdmin job descriptions are starting to include security-specific roles, he added. “Things like: taking an active part in security initiatives, setting up virtual infrastructure securely, tightening virtual infrastructure, dealing with vulnerabilities in VMs.”
This has a couple benefits when it comes to securing workloads and data. First, it frees up the security team to spend more time investigating the circumstances of a vulnerability or breach to ensure they don’t happen again. This is important as enterprise security professionals are famously in high demand and short supply.
And it also means that everyone is on the same page when it comes to protecting workloads and data, Corn said. “The InfoSec team is scanning for vulnerabilities and the infrastructure team is constantly monitoring for these vulnerabilities as they come up,” he explained. “They are now all working together on the same problem as opposed to being completely siloed — siloed views are where you have misalignment and misconfiguration, and that ultimately leads to data breaches. The beauty of having the infrastructure team involved is starting to have a single version of truth.”