I am so excited about the global momentum we’ve built with large organizations around our collaboration announcement with VMware to provide continuous compliance on NSX-T. The DevOps world has shifted from periodic to continuous - continuous integration / continuous delivery (CI/CD) application development drives continuous change - at odds with period project-driven compliance models. Together, vArmour and VMware enable our customers to ensure continuous compliance of sensitive applications across hybrid clouds.

Continuous Compliance

The adoption of CI/CD techniques to build regulated applications breaks the traditional project-driven approach to compliance. Developers are adding new functionality to their applications at a breakneck pace. As a data point, examining the top 10% of Alexa Internet Ranked organizations, the most successful companies in the top 95th percentile deployed new code 42 times per week, compared to only 4 times per week for the bottom 5th percentile. Compliance requirements are continuous too - regulations and frameworks like PCI and FISMA apply every day, not just at annual audit time. However, the compliance and audit processes of many organizations remain stuck in an annual cycle of re-discovery and audit. Developers call new libraries and containers, often with no understanding of the underlying communication needs or attack surface, requiring painful and costly discovery and reverse-engineering at year end.

Continuous compliance solves this problem. Continuous compliance is the inevitable response to CI/CD. Continuous compliance combines the continuous discovery and measurement of application behaviors, coupled with intent-based compliance and security policies that dynamically expand and contract as applications change. With continuous compliance, the time-consuming and costly project-based model for compliance transitions to an invisible, integral part of the CI/CD pipeline. With continuous compliance, costs go down, and organizations experience better security outcomes with reduced attack surface.

VMware and vArmour Deliver

Integrating continuous compliance into your CI/CD hybrid cloud process requires two main elements: (1) an API-driven intelligent policy controller to build, measure and monitor compliance policies; and (2) a scalable, automated, and secure cloud platform to deliver the applications. vArmour and VMware brings those two elements together in private and hybrid clouds for the first time.

The vArmour Application Controller, powered by vArmour’s Conform technology, simplifies compliance and security across multi-cloud. Conform links compliance and security policy requirements to public and private cloud. With support for NSX-T, vArmour Application Controller can manage key compliance uses cases for NSX-T environments:

  • Continuous Compliance Policy CreationComputing and maintaining compliance policies aligned with major compliance frameworks including PCI, GDPR, SWIFT CSP, NIST, etc.
  • Continuous Compliance Measurement:Receive your organization-specific email forwarding address via email

“Compliance obligations are continuous - you have them every day,” said Tim Eades, CEO at vArmour. “vArmour’s Conform technology makes it simple for organizations to embrace the hybrid cloud while maintaining continuous compliance. We’re excited to work with VMware to ensure joint customers can easily secure and maintain compliance for critical applications and data across multi-cloud.”

Source: vArmour