I’ve been thinking about this for awhile and actually referenced Maslow in a personal blog about my past life and how I got into IT. It really hit home a couple years ago when our SVP and GM of Security products at VMware, Tom Corn (thanks for the motivation Tom), started talk track around defining good security vs chasing all the bad in the security landscape these days.
I was blown away around the numbers and facts around the average number of security products every enterprise customer has running in their environment. Tom was presenting to one of my customers and he had a slide that really hit home and at least in my brain, it mapped to a lot of similarities around Maslow’s Hierarchy of Needs.
In a nutshell, and without having to read through the wikipedia link above, the hierarchy covers one’s basic needs to survive at the bottom of the pyramid, and as one moves up the ladder, one addresses things above the basic survival needs more towards the self-esteem standpoint. This was something I remembered from my college days and still use as a basic model to determine my own self-worth and making sure I’m doing the right things in my personal and professional life.
Now how does this compared to Tom Corn’s presentation? It’s eerily similar when you start looking at the challenges that most enterprise customers deal with on a daily basis.
Source: Gartner, Market Guide for Cloud Workload Protection Platforms, Neil MacDonald, March 26th 2018
Looking at the bottom of this pyramid, focusing on the basic things like following the various hardening guides, implementing a configuration management policy, patching your systems, monitoring for configuration drift is a large chunk of the basics that everyone should just be doing. The problem is that there’s so much to do in just this part of the pyramid around day 2 operations that prevents companies from doing this well and keeping things current.
Taking a step up on the ladder, adding firewalls and network segmentation with some level of visibility into the network covers another large chunk of the pyramid. Imagine if even at this layer, all this could be automated. I’ve worked at many companies over my IT career and working at VMware, I’ve also experienced some of the challenges my customers face dealing with these challenges firsthand.
Ironically, adding Antivirus is way up at the top of the pyramid, but unfortunately, many spend way too much time determining their antivirus strategy and deploying successfully due to the changing nature of zero-day attacks. Antivirus is becoming less and less necessary to protect systems in the enterprise.
Where am I going with this? I truly believe that VMware along with our partner ecosystem has the best strategy to automate the large chunk of the pyramid at the bottom by using the VMware Virtual Cloud Network, I don’t see a better way to automate security in the Software Defined Data Center. The changing needs of applications will drive organizations to take a different approach to securing their environment and leveraging IT capabilities such as adaptive micro-segmentation will enable the day to day operational teams the flexibility to focus on more value added activities.