The VMware Cloud Foundation Approach to Platform Security

VMware Cloud Foundation offers a wide array of features and capabilities to help organizations be and stay secure. In the short time we have we’ll talk about recent improvements aimed at making hard security tasks easy or non-existent (ESXi Live Patch, Image-Based Lifecycle Management, audit & remediation tools, Identity Federation and its relationship to attacker trends, etc.)

In this presentation, Bob Plankers from VMware by Broadcom discusses the VMware Cloud Foundation’s approach to platform security, emphasizing the importance of making security features easy to use and adopt. He highlights that VMware’s goal is to ensure that security is intrinsic to the system, with minimal effort required from users to enable it. The focus is on reducing friction in security processes, making it easier for organizations to comply with regulatory requirements and adopt security best practices. Plankers explains that VMware has been working on several improvements, such as ESXi Live Patch, Image-Based Lifecycle Management, and audit and remediation tools, all aimed at simplifying traditionally complex security tasks. He also touches on the importance of defense in depth, where multiple layers of security are implemented, starting from hardware-level protections like secure boot and trusted platform modules (TPMs) to software-level features like code signing and encryption.

Plankers also delves into the broader security landscape, discussing how VMware Cloud Foundation integrates security across the entire stack, from infrastructure to workloads. He emphasizes the importance of availability and resilience, noting that features like V-motion, DRS, and high availability are critical security features that ensure systems remain operational even during attacks or failures. Additionally, he discusses VMware’s efforts to support post-quantum encryption, identity federation, and continuous monitoring for security controls. The presentation concludes with a focus on reducing the friction associated with patching and updates, including the introduction of live patching for ESXi, which allows for faster and less disruptive updates. Overall, VMware’s approach is to make security a seamless and integral part of the infrastructure, allowing organizations to focus on their workloads while maintaining a strong security posture.