Senior Staff Architect, End User Computing, VMware.
Peter specializes in Identity and Access Management. He's widely appreciated as a speaker at events like VMworld, VMUG and vFORUM. He is the author of two books as well as numerous white papers and blog posts. When the work day is over, Peter volunteers as a Scout leader for the local Sea Scout troop outside Stockholm, Sweden.

Introducing VMware Zero Trust

November 01, 2019

Introducing VMware Zero Trust

Security is an ongoing challenge for organizations and, with today’s dynamic workforce, the challenge is ever-increasing. Forrester first coined the term Zero Trust, referring to a security model that does not automatically trust entities within the security perimeter.

VMware is dedicated to the Zero Trust vision, and for us, Zero Trust means building a dynamic, modern security architecture that builds trust on a much broader and deeper basis than traditional security measures.

Watch the following video for a technical overview of the VMware Zero Trust architecture, or continue reading for a brief summary.

 

The Five Pillars of Zero Trust

The Zero Trust architecture consists of five pillars—device trust, user trust, transport/session trust, application trust, and data trust. You must establish trust in each pillar to make decisions to grant or deny access. By establishing trust across the five pillars, we gain visibility and can gather analytics across the board. Visibility and analytics are a critical part of the Zero Trust architecture, and they help to establish a deeper and broader footprint in each pillar.

VMware is uniquely positioned to help you on your Zero Trust journey, with the broadest portfolio of solutions covering all five pillars of trust. 

Expand the drop-down menu items to see examples of the parameters that might categorize each pillar and find out which VMware solutions can help to establish trust.

By interrogating device trust, we can get details on the following parameters:         

 

Device Trust Parameters Products to Solve Device Trust
Device Management
  • VMware Workspace ONE UEM to build device trust
  • VMware Unified Access Gateway to perform device authentication
Device Inventory
Device Compliance
Device Authentication

 

As part of Zero Trust, we must use more secure user authentication methods. This pillar requires a strong conditional access engine that can help make decisions using dynamic and contextual data.

User Trust Parameters Products to Solve User Trust
Passwordless Authentication
  • VMware Workspace ONE Access and
  • VMware Workspace ONE Intelligence to perform strong authentication and dynamic conditional access
Multi-factor Authentication
Conditional Access
Dynamic Risk Scoring

 

By using the principle of least-privilege access to resources, we limit access rights to users and grant the minimum permissions required to perform their work.

 

Transport/Session Parameters Products to Solve Transport/Session Trust
Micro-segmentation
  • VMware Unified Access Gateway and VMware Horizon 7 to secure transport for the session
  • VMware NSX-T Data Center for segmentation of resources to help implement least-privileged access on the network
Transport Encryption
Session Protection

With the modernization of user authentication, allowing single sign-on to applications, we gain both security and an improved user experience. For traditional applications that are not designed for Zero Trust, we add protection in the form of isolation.

 

Application Trust Parameters

Product to Solve Application Trust
Single Sign-On
  • VMware Horizon 7 and VMware Workspace ONE UEM to implement application trust
  • VMware Workspace ONE Access to perform single sign-on based on strong user authentication
Isolation
Any Device Access

 

Finally, we must make sure that the data stays secure.

Data Trust Pillar Parameters Products to Solve Data Trust
Protecting Data at Rest
  • VMware Workspace ONE UEM, VMware Horizon 7, and VMware NSX-T Data Center to protect, control, and ensure the integrity of data
Integrity
DLP (Data Loss Prevention)

Classification

 

Analytics and Automation

By establishing trust across the five pillars, you can gain visibility and analytics. You need a system that gives you visibility by logging all traffic. This information can then be used to learn and monitor network patterns. The resulting analytics help you make effective dynamic policy and trust decisions.

With visibility and analytics, you can build automation and orchestration. Workspace ONE and Horizon platform services allow you to collect contextual information from across the entire environment. This contextual awareness feeds intelligence, allowing you to make just-in-time decisions, and use automation for threat remediation.

Expand the drop-down menu items to learn more about the elements required for analytics and automation and to find out which VMware solutions can help.

Achieving visibility and developing analytics depends on the following parameters:         

 

Visibility and Analytics Parameters Products to Build Visibility and Analytics
Log Collection
  • VMware Horizon 7
  • VMware Unified Access Gateway
  • VMware Workspace ONE Access
  • VMware Workspace ONE UEM
  • VMware Workspace ONE Intelligence
  • VMware Workspace ONE Trust Network
Central Repository for All Logs
Dashboards for Monitoring
Console for Troubleshooting

 

As part of Zero Trust, we must use more secure user authentication methods. This pillar requires a strong conditional access engine that can help make decisions using dynamic and contextual data.

Automation and Orchestration Parameters Products for Building Automation and Orchestration
Compliance Engine on the Device
  • VMware Workspace ONE UEM
  • VMware Workspace ONE Intelligence
APIs for Integration with External Programs 
Contextual Workflows for Automatic Remediation

 

 

For details about VMware Horizon and Workspace ONE features that give you visibility and help you analyze behavior, and for descriptions of the automation features for Workspace ONE UEM and Workspace ONE Intelligence, see the new guide Zero Trust Secure Access to Traditional Applications with VMware.

Summary

You have seen that VMware can cover all pillars of trust in the Zero Trust architecture. VMware also offers visibility and analytics and, on top of that, allows you to build automation and orchestration.

To learn more, follow the Zero Trust Activity Path which contains a curated list of assets to help you master the VMware Zero Trust architecture. This activity path and more resources are available on Digital Workspace Tech Zone.

 

 

November 01, 2019

Senior Staff Architect, End User Computing, VMware.
Peter specializes in Identity and Access Management. He's widely appreciated as a speaker at events like VMworld, VMUG and vFORUM. He is the author of two books as well as numerous white papers and blog posts. When the work day is over, Peter volunteers as a Scout leader for the local Sea Scout troop outside Stockholm, Sweden.