Keeping Pace: The Need to Orchestrate Security Policy in the Digital Enterprise

The modern digital enterprise is now powered and paced by a plethora of software applications spanning the gamut from legacy systems-of-record to modern, cloud-native systems-of-engagement and insight. They’re hosted in diverse environments as well—from  on-premises hardware to private and public clouds. Security approaches are also highly diverse, deployed in specific environments and for specific functions, in many cases with complex and non-transferable rulesets. Not surprisingly, implementing consistent security policies, which has always been a challenging task, has become significantly more complex with predictable consequences including higher operating costs, resource bandwidth issues, and a continual set of whack-a-mole prevention and incident response tactics.

Security complexity of digital business
Defining and updating security policies has always been critical to good cyber hygiene, a foundational first step. But this step is only as valuable as your capability to deploy those policies, and anticipated updates, at scale and at the pace of digital business. Because of the diverse nature of your IT infrastructure, you need to ensure that security policies can be enforced across cloud platforms like AWS and Azure; endpoint platforms like Tanium and CrowdStrike; and private clouds such as VMware NSX.

This is not an easy problem to solve. Enterprises often find themselves with a patchwork quilt of security in place. Many security vendors require their own agents on each platform or workload to achieve consistent enforcement, but that can create complexity and delays. In response, many enterprises are moving to the use of the native enforcement capabilities inherent in their existing infrastructure, because security policies are most effective when they can be orchestrated and enforced by native platforms.

vArmour solves the security quilt problem
vArmour supports the native enforcement model through an API-based, agentless platform to orchestrate the policies for enforcement based on observed application behavior baselines, and easy-to-use, pre-built templates to input security requirements.

As each platform operates in its own fashion, policies require an embedded knowledge of the platforms and must be adapted to native syntax. They should also have the ability to translate automatically into the native syntax of different platforms. vArmour transforms policies into the usable native syntax for each platform with a single click of a button. In its latest software release, vArmour makes these deployments even easier with a policy deployment model that lets users deploy policies as JSON files using DevOps tools such as Terraform. 

vArmour also allows flexibility in policy deployment. In some cases, security teams opt to start slow in testing new security policies. They limit the deployment  to a specific application or applications on a given platform. Or security teams  may want to deploy policy only to a specific set of workloads. That flexibility helps security teams to more effectively monitor and manage the risk of issues or errors, like blocked “good” traffic. 

With this flexibility in how and where you deploy new security policies, and the capability to enforce quickly, repeatedly and natively across all the platforms, the vArmour policy deployment framework lets security teams keep pace with changing requirements in today’s digital enterprise. 

Find out more at the vArmour Orchestrated Segmentation Solution Page.

Follow Andrew Hendry on Twitter @awhendry.