“Today’s security challenges cannot be secured with mere incremental thinking. We need a new security architecture that fundamentally changes how we prevent, detect, and respond to threats.” This clarion call to action from Pat Gelsinger, the visionary CEO of VMware, was the core of the powerful message delivered Thursday afternoon at the 2016 RSA Conference 2016—the tech industry’s premier security conference. In his keynote address to a packed audience (onsite and via live stream), Gelsinger laid out a powerful argument that when it comes to the many security challenges companies face today, “The core problem we face is structural—it’s architectural.”
In the course of his keynote, “IT Security: Architecture vs. Sprawl,” Gelsinger looked at security issues from a number of perspectives—from technical to historical— to argue that the security challenges we face today can no longer be addressed in an ad hoc, reactive way. Instead, these challenges now require a broader, systematic approach that will allow us to “make security better, faster, and less expensive.”
In order to do that, however, we need to answer this question: “How do we build an architecture for security that benefits everyone in our industry?”
The Great Divide
Gelsinger referenced the results of a recent VMware-sponsored global study, conducted by The Economist Intelligence Unit (EIU), which surveyed 1,100 senior executives on data security practices within their firms. Gelsinger pointed out that the results showed a profound disconnect in corporate boardrooms over the importance of cyber security between senior business leaders, such as CEOs, COOs, and CFOs, and senior technical decision makers charged with security, such as CIOs and CISOs. He said this divided mindset reflects the fragmented approach to security issues that has made security an afterthought in corporate planning and priorities, and, far more often than not, “the last invited to the party.”
When it comes to security, Gelsinger says, the inevitable result of this Great Divide is “a picture of diminishing returns,” where “the only thing outpacing security spend today, is security losses.”He analogized the state of today’s security planning to examples of real-world urban sprawl, to “cities that expand fast with no architectural plan.” Eventually that combination of rapid growth and lack of planning creates profound challenges that are difficult, if not impossible to address on a piece-meal basis.
In our world, Gelsinger says, the similar challenge to urban sprawl is complexity: complexity that begins with the modern business app. He re-phrased the former Sun Microsystems executive, John Gage’s famous theorem that “The network is the computer.” Now, Gelsinger says, it is more accurate to say, “The application is a network.”
Architecting the Bridge
Gelsinger pointed out that the typical business app today connects to seven different clouds. Add in the explosion in the number of devices and the interdependency of all of these services and network elements, and, as he says, “It’s no wonder that security has become so complex.”
“The core problem we face,” Gelsinger continued, “is structural.” And the solution, he argues, is an architecture for security: a true architecture capable of bridging the divide between security policies and security innovations. A true architecture that is now possible, thanks to virtualization.
Gelsinger explained that the virtualization layer is in the unique position to provide the overlay architecture for security that he says, “will raise all boats.” It offers this opportunity because it provides the two key capabilities: alignment and ubiquity.
How Virtualization Enables the Security of Everything
Alignment is possible because virtualization provides the layer between the physical infrastructure below and the apps above, allowing you to “connect the dots” by seeing the infrastructure through the lens of the app. Ubiquity comes into play by virtue of virtualization being the first ubiquitous layer we’ve ever had: one that cuts across compute, network, storage, and even clouds.
Gelsinger explained that this combination of capabilities would allow companies to “architect in” security. Using the micro-segmentation made possible by alignment and ubiquity, he said, network virtualization offers the opportunity to not only transform every aspect of how we address security, but, because it embraces individual security innovations, birth a new renaissance in security that would “raise all boats” in the security innovation ecosystem.
Gelsinger shared the RSA stage with Tom Corn, VMware’s senior vice president for Security Products, to demonstrate how leveraging the unique capabilities of VMware NSX network virtualization can work to easily, seamlessly, and powerfully prevent, detect, and respond to real world cyber attacks.Gelsinger closed by calling on different segments of the audience to join VMware in the renaissance in security that network virtualization makes possible.
“For VMware,” he said, “security is a core mission. We will invest and enable. We are not a security vendor per sé,” he concluded, “but if we do our job right, we will be the most important company in security.”
The future of security will never be the same. The era of building a true architecture for security is here.
Watch the highlights from Gelsinger’s keynote in the video below.