Most enterprise IT professionals agree that securing the network only at the perimeter is inadequate for today’s data centers. Once malware has managed to make its way behind the firewall by latching onto an authorized user (or other means), it can move easily from workload to workload. This lateral movement is possible due to a lack of sufficient internal network controls regulating server-to-server or east-west network traffic.
Micro-segmentation, enabled by VMware NSX®, is a breakthrough model for data center security. Network security policies are enforced by firewall controls integrated into the hypervisors that are already distributed throughout the data center. This enables security that is both ubiquitous and granular. Security policies can also be changed more easily—even automatically—moving when VMs move and adapting to changes in workloads.