Security is a process that belongs to everyone in IT and technology, not just the “security team” or the chief information security officer (CISO).

This is especially true in small and medium-sized businesses that may not have a separate security team. Regardless of an organization’s size, cloud and virtual infrastructure administrators are often the primary implementers of security controls in an organization, while the security team sets policy, audits for compliance, and conducts incident response. Everyone within the organization participates in the process in some way. As such, the information presented here is intended to aid everyone in gaining an understanding of security design principles, and how they apply to operations in the VMware Cloud.