Analysts are not employed by SDxCentral and the views, thoughts, and opinions expressed in their content belong solely to the author and do not reflect the views of SDxCentral. Note: AvidThink is a separate organization, created by Roy Chua, that is not affiliated with SDxCentral.
This article is underwritten by VMware. The underwriter of this article helps fund its creation but it has no control over the specific content of the article.
Regardless of size cybersecurity has become a massive source of frustration for organizations all sizes. A greater percentage of IT spending is now being consumed by cybersecurity products and services that while perceived as being critical to the business, don’t in of themselves help a business to grow.
A recent survey of 1,300 organizations conducted by ESI ThougtLab and the Wall Street Journal finds on average organizations will increase their spending on average cybersecurity by 13 percent in the coming year. That’s on top of a seven percent increase in cybersecurity spending this year, the report finds.
The most galling aspect of that increased spending, of course, is that the economic damage being inflicted by cyberattacks continues to be measured in billions of dollars. The challenge and opportunity many IT leaders are now wresting with is determining to what degree modernizing their IT environment might enable them to reduce spending on cybersecurity. The key difference being that every dollar invested in a modern IT environment enables an organization to ad the very least reduce the total cost of IT or increase the total amount of revenue being generated by new applications.
At the recent VMworld Europe 2018 conference VMware CEO Pat Gelsinger went so far as to tell conference attendees that in view of the current growth in spending on cybersecurity the total amount of money being allocated is not just unsustainable, it’s just plain crazy.
“Today security is broken,” says Gelsinger. “We need to think about security in a fundamentally different way.”
Instead of chasing bad using a bolt-on approach, Gelsinger says VMware is now making a case for making security an intrinsic element of a software-defined data center. At the core of that effort is a VMware vSphere Platinum Edition, which makes use of machine learning technology to monitor application behavior. Any anomalous behavior that occurs outside the scope of that behavior is automatically prevented from being executed. Now Gelsinger says VMware is taking that concept to the next level to enable the machine learning algorithms to also recognize the proper attributes of additional modules of code that might be added to that application over time.
As a complement to that approach, VMware also advocates implementing microsegmentation using VMware NSX network virtualization software. That approach prevents malware from moving laterally across the enterprise should any application become infected.
Collectively, both approaches promise to significantly reduce the total cost of cybersecurity by not only reducing the total number of cybersecurity products and services that need to be acquired, but also sharply reducing the amount of cybersecurity fatigue that IT administrators experience. Multiple cybersecurity technologies today create alerts hourly that usually wind up being false positives that IT teams either need to spend time investigating or run the risk of ignoring altogether. Alas, a decision to ignore those alerts is made a lot more than anyone in IT cares to admit.
In time it will be interesting to see how many other IT vendors will begin to justify investing in their platforms embedding zero-trust architecture that will reduce the need to spend as much on cybersecurity. It’s clearly a message that should resonate with IT and business leaders alike. The real challenge, of course, is having enough confidence in the cybersecurity resiliency of the underlying platform to first evaluate and then make that decision.
For more information, please visit the VMware Cloud-Native Apps Resource Center.