Bhanu Vemula

Author Archives: Bhanu Vemula

Securing Modern Applications

Modern applications are changing enterprise securityApps today are comprised of dozens, or even hundreds, of microservices. They can be spun up and down in real time and may span multiple clouds (onpremises, private cloud, and public cloud). Traditional security stacks just aren’t suited to protecting these applications consistently 

To effectively secure modern apps, we start by identifying unique application assets across cloudssuch as users, services, and data. We then continuously evaluate their risk and automatically make authorization decisions to adjust our application security and compliance posture based on asset identityregardless of where they are or where they have moved.  

Security professionals can learn how to use VMware network and security solutions to secure modern applications in the following VMworld sessions: 

Security Policies for Modern Applications: An Evolution from Micro-segmentation (ISCS2240) 

Enterprises are embracing cloud native transformation and modernizing traditional applications, from monolithic to microservices architectures. As applications transform and span multiple clouds (onpremises, private cloud, and public cloud), it’s essential to Continue reading

Closing security gaps and eliminating blind spots in the data center: a software-based approach to securing east-west traffic

It’s no secret that traditional firewalls are illsuited to securing east-west traffic. They’re static, inflexible, and require hair-pinning traffic around the data center. Traditional firewalls have no understanding of application context, resulting in rigid, static policies, and they don’t scaleso they’re unable to handle the massive workloads that make up modern data center traffic. As a result, many enterprises are forced to selectively secure workloads in the data center, creating gaps and blind spots in an organization’s security posture. 


A software-based approach to securing east-west traffic changes the dynamic. Instead of hair-pinning traffic, VMware NSX Service-defined Firewall (SDFW) applies security policies to all workloads inside the data center, regardless of the underlying infrastructure. This provides deep context into every single workload 


Anyone interested in learning how the Service-defined Firewall can help them implement microsegmentation and network segmentationreplace legacy physical hardwareor meet growing compliance needs and stop the lateral spread of threats, should check out the following sessions: 


Creating Virtual Security Zones with NSX Firewall Continue reading

Meet compliance requirements cost-efficiently by implementing East-West security at scale 

Compliance is more than a necessary evil. Sure, its complex, expensive, and largely driven by manual processes, but it’s also a business enabler. Without the ability to prove compliance, you wouldn’t be able to sell your products in certain markets or industries. But meeting compliance requirements can’t be cost-prohibitive: if the barriers are too high, it may not make business sense to target certain markets.  


The goal, of course, is to meet and prove compliance requirements in the data center in a simple, cost-effective way. With the intent to provide safety and maintain the privacy of customers, new government and industry regulations are becoming more robust, and many require organizations to implement East-West security through micro-segmentation or network segmentation inside the data center. Of course, this is easier said than done. Bandwidth and latency issues caused by hairpinning traffic between physical appliances inhibit network segmentation and micro-segmentation at scale.  


VMware NSX applies a software-based approach to firewalling that delivers the simplicity and scalability necessary to secure East-West traffic. It does this with no blind spots or gaps in coverage— Continue reading