Security

Operate with the confidence of security. View our commitment to keeping your data safe at rest and in transit for your cloud, hybrid, and on-premises deployments.

Privacy

VMware cares about privacy – it is engrained in our culture and built into everything we do. Our comprehensive privacy program encompasses our roles as a business and as a service provider in the delivery of our products and services.

We are committed to policies that enable us and our customers to comply with our respective privacy obligations.

Compliance

Realize extensive compliance in every region. View our comprehensive list of compliance standards and regulations.

Resiliency

Stay informed on the status of your solutions. Access a transparent view of global product and service availability.

Why VMware Cloud Security?

Cloud, hybrid or on-premise – your security is our priority.
Extensive Security Experience

From government and defense, to the largest data centers in the world, VMware has a long history as a trusted partner in the most sensitive environments around the world. Now we’ve expanded this reputation to our cloud offerings.

 

Built-in Compliance

VMware builds security into the foundations of every one of our cloud solutions. This means our offerings align with major compliance certifications to maintain standards that meet industry best-practices.

 

Accelerate Without Compromise

Whether migrating to the cloud, building modern apps, scaling your data center or automating multi-cloud operations, move with agility and confidence.

 

Discover more information on security specific to each VMware Cloud Service

VMware participates at the Cloud Security Alliance (CSA) STAR Level 1 by completing the Consensus Assessments Initiative Questionnaire (CAIQ) to document compliance with the Cloud Controls Matrix (CCM).  STAR Self-Assessments are updated annually.

You can view the CAIQ documents for VMware Cloud Services here.

VMware Cloud Security Capabilities

Software Security

With world-class security partnerships and an industry-leading Security Development Lifecycle process, VMware ensures Cloud operational and security controls are aligned with industry benchmarks and best-practices.

Data Security

VMware maintains stringent data protection standards, to ensure appropriate handling at every classification level, from processing and storage to transmission and destruction of data. Data in the cloud is a shared responsibility, and we define controls to ensure ownership and stewardship of customer organizational data remains with the customer.



Network Security

VMware Cloud solutions build on top of the base network security provided by our IaaS partners. Network environments are logically separated and protected by firewalls to safeguard business security requirements and ensure appropriate protection and isolation.

Identity and Access Management

Based on the principle of least privilege, VMware cloud solutions use identity and access management controls, ensuring the appropriate level of access for all personnel to keep your data and systems safe and secure.

 

Vulnerability and Patch Management

The VMware comprehensive vulnerability management program includes third-party vulnerability scanning and penetration testing across network, application and local operating system layers, helping you stay ahead of new and emerging gaps in security.

Operations Management

VMware Cloud solutions continuously collect and monitor environment logs correlated with both public and private threat feeds, to spot suspicious and unusual activities. This is supported by continuously updated contact with industry bodies, risk and compliance organizations, local authorities, and regulatory bodies to ensure new threats are apprehended rapidly.

Related Resources

Security Measures in VMware Tanzu Mission Control

Discover how VMware Tanzu Mission Control approaches security and implements security measures.

Horizon Service Cloud Security Overview

Learn more about the security controls implemented in the cloud connected components of Horizon Service.

VMware Security Blog

Make sure your enterprise is secure with the latest trends, tips and technology from VMware’s security leaders and experts.

Information Security Management at VMware

Discover key elements of information security policies at VMware

Information Security Policy Attestation

Discover more about which industry standards our information security policies are aligned with as well as our policy review schedule. 

How we Protect Data we Process as a Business

Transparency on how we collect, use, disclose, transfer and store personal information.

How we Protect Data we Process as a Business

Transparency on how we collect, use, disclose, transfer and store personal information.

Products and Services Notice

Applies to the personal information VMware collects and uses in connection with your use of VMware products and services, including:

 

  • Cookies and similar tracking technologies we may use when providing the products or services.
  • Data we collect to improve our products and services and your customer experience.

Details regarding VMware’s customer experience improvement and analytics programs relating to VMware products and service can be found here.

Privacy Notice

Addresses the personal information we collect when you:

 

  • Visit, interact with or use any of our websites, social media pages, mobile apps (where linked to the Privacy Notice), online advertisements, marketing communications.
  • Visit, interact with or use any of our events, sales, marketing and other offline activities.
  • Purchase VMware products and services and provide account-related personal information.

Cookie Notice

Addresses how VMware uses cookies and similar tracking technologies when you use and interact with our websites and our online properties.

Additional Notices

VMware may have additional privacy notices for specific websites, events, mobile apps, including "just-in-time" disclosures and in-product privacy notices. These notices may supplement or clarify VMware's privacy practices or may provide additional choices about how VMware processes data.

How we Protect Data as a Service Provider

Enabling you to comply with data protection and privacy requirements.

Processing of Customer Content

VMware processes, stores and hosts content you or your end users have uploaded to VMware services as “Customer Content” (as defined in the VMware Terms of Service or other relevant agreement). VMware processes personal data contained within Customer Content as a “service provider” or “processor” acting on your instruction. View our FAQs for more information.

Data Processing Addendum

VMware’s obligations and commitments as a data processor are set forth in VMware’s Data Processing Addendum (DPA). Our DPA Summary Coversheet offers additional context and outlines the applicability of our DPA. VMware processes personal data contained within Customer Content in accordance with this DPA and the applicable agreements. Standard agreements for each product and service can be found on our End User Terms and Conditions.

Binding Corporate Rules

VMware has achieved Binding Corporate Rules (BCR) as a processor, acknowledging we have met the standards of the EU General Data Protection Regulation for international transfers of personal data contained in Customer Content.

Sub-processors

VMware may use third-party companies to provide certain services on its behalf. Third party service providers who process personal data contained in Customer Content (sub-processors), will have written agreements and data transfer mechanisms in place to protect personal data in the manner set forth in the Data Processing Addendum.

 

VMware Cloud Security

VMware has programs, policies, and practices to ensure personal data contained in Customer Content is adequately protected (including regular training and confidentiality agreements for employees handling data), and to help identify, prevent and resolve security vulnerabilities in our products and services. These programs are continually reviewed and updated.

 

 

Unified Endpoint Management

VMware offers solutions that enable you to protect your organization’s information and systems, accessed and made available through corporate owned or personal devices, using management controls. View information on Workspace ONE’s privacy and security program and disclosure relating to data collected and used by the service.

 

Related Resources

VMware Cloud on AWS Privacy

Learn about who is responsible for personal data in VMware Cloud on AWS SDDCs and how VMware protects any data in its domain.

VMware Cloud Disaster Recovery Privacy

Discover how VMware processes and protects your personal data in connection with the VMware Cloud Disaster Recovery Service Offering

VMware Cloud Web Security Privacy

Learn about the types of personal data collected by this secure web gateway and how VMware processes and protects it.

CloudHealth by VMware Privacy

Discover how VMware processes and protects personal data on the trusted platform for optimizing multi-cloud environments.

VMware Carbon Black Cloud Privacy

Learn about the types of personal data collected by this cloud native security solution and how VMware processes and protects it.

VMware SD-WAN Privacy

Learn about the types of personal data collected by this network overlay solution and VMware’s role in protecting it.

 

VMware Workspace ONE Privacy

Learn about the types of personal data collected by this digital workspace platform and how VMware processes and protects it.

VMware Tanzu Mission Control

Discover how VMware processes and protects your personal data in connection with the VMware Tanzu Mission Control Offering.

VMware Secure Access

Discover how VMware processes and protects personal data in the Secure Access hosted offering.

VMware Horizon Privacy

Discover how VMware processes and protects your personal data in connection with the VMware Horizon Service.

VMware Tanzu Service Mesh Privacy

Learn how VMware processes and protects your personal data in connection with VMware Tanzu Service Mesh.

Maintaining Compliance Together

VMware continuously monitors existing and emerging security standards and requirements and integrates applicable requirements into our cloud service compliance programs. As VMware partners with you on enabling your compliance, you, as the customer, are required to ensure the Service Offering meets your compliance and regulatory obligations.

If you have questions about compliance, we encourage you to discuss your business goals and objectives with your VMware Sales Representative.

Existing Cloud Compliance Programs

Continually updated information on the compliance programs most relevant to you.
For information on VMware Product Compliance click here.
Filter by
Filter by

 

 

Additional Compliance Information

Thank you for your interest in compliance at VMware.

Please contact your VMware Sales Representative if you need additional information about our compliance programs. Your sales representative can also assist you in gaining access to compliance reports not available for immediate download.

Service Status

Service Location

Service Status

Frequently Asked Questions

Trust Center

For more information related to VMware Cloud Trust Center, we encourage you to reach out to your VMware Sales Representative. Your representative will be able to obtain the information to best support your request.

Yes, please visit here.

Ready to Get Started?