Most education IT professionals agree that securing the network only at the perimeter
is inadequate for the demands put on today’s district and school data centers. Once
malware has managed to make its way behind the perimeter firewall by latching onto
an authorized user (or other means), it can move easily from workload to workload. This
lateral movement is possible due to a lack of sufficient internal network controls
regulating server-to-server or east-west network traffic.
Micro-segmentation, enabled by E-Rate eligible VMware NSX™, is a breakthrough model
for data center security. Network security policies are enforced by firewall controls
integrated into hypervisors that are already distributed throughout the data center.
This enables security that is both ubiquitous and granular, placing security policies close
enough to workloads and applications to give them rich context while keeping them
removed enough to have isolation from threats. Security policies also become more
dynamic by being coupled directly to the workload, moving, changing, and being
deleted as required.