Why VMware thinks you’ve got app security all wrong

Virtualising the network can ease the "root canal" pain of app security, according to VMware.

Instead of separately securing each and every app instance running on your infrastructure, the virtualisation specialist is encouraging IT teams to take a different approach using a software-defined network to define security settings for a whole slew of apps at once.

The latest version of VMware's network virtualisation product announced at VMworld 2015 this week, NSX 6.2, introduces this concept of network encryption.

Apps have become such a common part of IT infrastructure they are a distributed system in their own right, said Martin Casado, chief networking architect, with instances appearing all over the network.

As a result, this makes securing them individually a headache, and their distributed nature leaves IT with little visibility into where problems originate.

"Consider troubleshooting. Two words: root canal," he said at VMworld 2015 in San Francisco this week. "If the user has a problem you get a call, and without end-to-end visibility it's very difficult to know what's going on.

"Because of the complexity of applications, once we've deployed [them] we don't want to touch them. As a result the entire organisation becomes incompliant, or worse, insecure."

Tom Corn, the company's senior VP of security products, added: "We live in a hyper-connected world and in this world the perimeters are too porous, the attack surface is simply too wide."

The challenge, VMware believes, is not in securing individual apps but in encrypting data as it moves across the network between applications.

This is exactly what NSX 6.2 allows IT to do, said Casado, turning encryption from being endpoint-focused to being an "infinite service" that covers the entire network infrastructure.

"It accumulates all the pieces together so that you can configure and troubleshoot the application as a whole," he said.

This means customers can set the security policy for every instance of an app at once, rather than having to tackle each instance of the app on the network.

With NSX, shifting apps from one cloud network to another means their specific security policies shift across, too.

A total 100 customers are already using NSX 6.2 in production, according to VMware, while US broadcaster Tribune Media used the product alongside a VMware hypervisor to deploy 140 apps over five months, getting only nine help desk calls overall.