Achieving GDPR compliance with VMware NSX
VMware NSX allows one to deploy security controls inside the data centre network at a much favourable cost compared to deploying a hardware equivalent. It is also straightforward to implement and operate. VMware NSX uses ISO framework to validate the VMware NSX products that can be applied to match GDPR requirements. The features that make this software favourable for GDPR compliance include:
NSX provides a zero-trust security model
In a zero-trust security model, the network is virtualised, and all resources are accessed securely regardless of location and control is on a need to know.
One can inspect and log all traffic from any source or destination as it allows for micro-segmentation of the network. Micro-segmentation separates the security visibility and control domain into two parts: the end node and the security control. The security controls must be distributed and have enough performance. NSX also automates the repair of any compromised VM.
Fig 2. Perimeter-centric vs micro-segmentation network security
As seen in Figure 2 above, micro-segmentation makes it easy to monitor data and is operationally feasible, unlike perimeter-centric network security. This is because there are very few lateral controls inside the perimeter.
VMware NSX has a smart grouping capability of NSX Service Composer with the distributed firewall. Perimeter security and zoning are insufficient and cumbersome.
The Service Composer allows one to create groups coined “Security groups”. They can have dynamic membership criteria which can be part of the computer name of a Virtual Machine, its guest Operating System name or the VM name.
Fig 3. Groups defined by customised criteria
These are some of the security groupings that are created to ease management of the network.
Data Privacy Impact Assessment (DPIA)
NSX will help organisations and their Data Protection Officer to build their DPIA by delivering a real-time security overview that is realistic on the whole Datacenter. It is inclusive of:
- Real-Time visibility into the security group memberships & effective firewall rules for a VM, between VMs and between VM and the physical network.
- Datacenter time machine – it tracks changes in the system for troubleshooting or audit purposes.
- Compliance Engine which has a Simple Search Interface used to write policies and set alerts.
- Instantly raises the alarm upon policy violation and non-compliance.
Security groups allow building flexible and highly adaptive, applications centred security policy where VMs are stored after they are allocated, and inherit their firewall rules per the application’s requirements.
Real-time security level monitoring
By driving policy-based solutions more rooted into the network, NSX eliminates the need for complicated and time-consuming network configuration. This can help an organisation to check the system for attacks in real-time, handle any threats and provide the latest and most appropriate advice on safeguarding your data.
Allows you to move workloads seamlessly
NSX runs VMs and all their connected networks security policies between data centres in very few minutes. It avoids interrupting the running application, enabling active-active data centres and immediate distracted recovery options.