VMware vSphere Security Configuration Guides Update

One of the hardest things to do is security updates for your IT infrastructure. There are so many moving parts involved, from applications owners to cybersecurity teams to changing windows. Most teams follow an in-house checklist to ensure they are keeping compliant. Things can be even simpler when the vendor provides security guidelines for you.

The VMware team has updated the VMware Security Configuration Guide (SCG) according to Bob Plankers on the VMware vSphere Blog.

Today we release updates to the vSphere Security Configuration Guides for all supported versions of vSphere. For vSphere 6.5 and 6.7 the changes are minor, and make some recommendations based on improvements to those products (service disablement, and the deprecation of the svga.vgaOnly guidance). Most installations of vSphere 6.5 and 6.7 are fairly mature, and we didn’t want to “rock the boat” as the saying goes. If a vSphere Admin has to spend political capital to make changes in older environments I’d rather they did it on patching first. After all, patching and good access control hygiene are commonly accepted as the two biggest ways to improve security.

The SCG is the baseline for hardening and auditing guidance for VMware vSphere, with an edition for each release of vSphere. As new threats develop, this guidance is often updated. It’s always a good idea to share this content with your security teams so you both understand how security is being handled.

Patching and hardening your infrastructure is your first level of defense. Team are sometimes slow to touch legacy system that have been running for months. They don’t want system updates to break, but the threats are becoming more complex. Whether you have a greenfield or brownfield infrastructure, following the SCG is a great way to stay compliant and secure.

Did you know there was a VMware Security Configuration Guide (SCG)? Have you applied it in the past? What was your experience like? Do you use something else to keep your environment compliant? Let me know on Twitter, and thanks for reading.