Solution Brief

Mitigating Cloud Security & Compliance Risks with VMware Secure State

Reducing misconfigurations, monitoring malicious activity, and preventing unauthorized access are foundational activities necessary to ensure security and compliance of applications and data in the cloud. As criminals become more sophisticated in their abilities to exploit cloud misconfiguration vulnerabilities, security teams need a smarter approach to prevent security breaches.

VMware Secure State is an intelligent cloud security and compliance monitoring platform that helps organizations reduce risk and protect millions of cloud resources by remediating security violations and scaling best practices at cloud speed.

Six points about VSS

"According to Gartner, through 2025, 99% of cloud security failures will be the customer’s fault and 90% of the organizations that fail to control public cloud use will inappropriately share sensitive data."1

How VMware Secure State Works

Foundational to VMware Secure State is an Interconnected Cloud Security Model, an intermediate data layer that leverages cloud APIs, change events, and native threat data that help security teams visualize resource misconfigurations, connections, and their associated risks. As objects, data, and relationships change, the service intelligently updates the model in near real-time to correlate direct and indirect risks of each change.

Event Based Micro-Inventory, Interconnected Cloud Security Model, Real-Time Insights

Delivered as a Service, VMware Secure State is easy to onboard and provides support for both pre-defined and custom security and compliance policies. Once configured, VMware Secure State helps security prioritize violations, visualize context, report issues, and plan actions necessary to remediate risks.

Who can benefit from VMware Secure State?

  • Cloud Security Architects
  • Security Operations
  • Governance, Risk, and Compliance Vulnerability Management
  • Cloud Operations Engineer DevOps Engineers

In cloud, security is a shared responsibility between a cloud provider and a customer’s security and application teams. VMware Secure State helps organizations operationalize security by supporting multiple cloud providers and enabling security administrators to distribute insights across application owners at real-time speed. With easy access to security findings and actions via API, application owners can proactively verify configurations at the time of deployment and minimize the cost associated with implementing security policies.

Key Use Cases

Posture Management

Improve cloud security posture with real-time visibility into resource relationships, misconfigurations, risk scores, and change activity

Continuous Compliance

Continuously assess and improve compliance with support for a range of compliance frameworks including CIS, NIST, GDPR, SOC 2, PCI, and HIPAA

Threat Correlation

Correlate events from cloud-native threat feeds with resource misconfigurations to monitor suspicious activities, run investigations, and respond quickly

DevSecOps / Shift Left

Proactively verify configurations as a part of CI/CD pipeline, notify developers on violations, and build guardrails to scale security

Screenshot of VSS Platform Page

“VMware Secure State enables us to visualize risk with a graph view, so that we can easily convey the impact of changes to key stakeholders – for example, we can show that something is not just affecting a server but also certain databases that are connected to it.”

— Kolby Allen
Platform Operations Architect, Zipwhip

Key Features

Shows interconnected nature of VSS and Instance relations

Table describing the key features and benefits of VSS

Key Integrations

Table describing integrations and benefits of VSS

Want to learn more?

With VMware Secure State’s real-time detection and remediation capabilities, you can proactively mitigate risks across cloud environments. To talk to an expert on cloud security and compliance best practices, or request a free VMware Secure State trial, visit

1 Is the Cloud Secure? Gartner blog post, October 2019