Telstra’s decision to invest in California-based company vArmour was driven by witnessing the struggle businesses face when securing data centres, particularly heavily virtualized and cloud DCs.
“Historically if someone is able to get into a data centre and hack a data centre, it then becomes very easy to transverse that data centre – so if they break into an application or a server or something else, then they can get anywhere within an enterprise,” Telstra Ventures’ Marcus Bartram told a media briefing.
vArmour is designed to secure so-called ‘east-west’ traffic within a data centre, delivering security to individual virtualized workloads.
Telstra revealed overnight that its VC arm had taken a strategic stake in vArmour as part of the security company’s US$41 million Series D funding round.
vArmour’s vice-president of strategic markets, Keith Stewart, said that its security offering was inspired by the need to deliver an alternative to traditional perimeter security models: “All of those models are very hardware-centric, and hardware and the cloud don’t mix. The cloud is a transition to software, it’s a transition to on-demand models. So we had to push hardware aside and go down a different route.”
In addition, he said, businesses have become more interconnected, with organisations having relationships with partners, customers, suppliers and sometimes with competitors. “The application fabric — the IT fabric — has evolved to be that level of interconnection,” Stewart said.
“This idea of a perimeter — that there is some fixed location where I can have good guys on one side and bad buys on another — was outdated. It didn’t fit the way businesses operated. So we needed an architecture that blew up the traditional idea of a perimeter while still enabling people to be secure as they approach cloud.”
Feedback from customers indicated that an agent-based approach was not the best way of tackling the issue, he said: “Everybody has agent fatigue. There are so many different pieces of software that I have to put inside an individual workload; they conflict with each other, I have an ongoing certification challenge, I have a management challenge I don’t need another agent. First problem.
“The second problem is as a primary security control some would question using an agent-oriented approach to get there... If the thing you are relying on to protect yourself is inside the thing that you’re trying to protect, the first thing the bad guys are going to do when they get in is turn that off.”
“You need a set of controls that give you that same sort of individual workload-centric view but are independent from it, and that’s really what caused us to build the architecture that is today’s vArmour technology,” Stewart added.
vArmour is a distributed system that takes the approach of “micro-segmentation”.
“We take security, we move it down the individual things you’re trying to protect, and we wrap them up in their own individual ‘micro-perimeter’,” he said.
The Series D funding will be used to boost the global expansion of vArmour, he said.