Advanced Cyber Compliance: Security, Compliance, and Resilience for VCF
Source: VMware Blog
# VMware Advanced Cyber Compliance – Episode Overview
Cyber compliance is no longer a once‑a‑year exercise driven by audits and spreadsheets. For many organizations, it has become a daily operational requirement tied directly to business survival.
In the latest episode of **Virtually Speaking**, Pete Flecha and John Nicholson continue our series on **[Advanced Services for VMware Cloud Foundation](https://youtube.com/playlist?list=PL8_k3uUCO39uFSUmnhzlggmRmEzNQ06GF&si=Vdzz156ghgptOzl7)** with a deep dive into **VMware Advanced Cyber Compliance**—a service designed to help VMware Cloud Foundation customers:
- **Automate compliance** across environments
- **Reduce cyber risk** through continuous monitoring
- **Prove recovery readiness** at scale
## Guest Speakers
- **Belu De Arbelaiz** – Broadcom, VMware Cloud Foundation Division
- **Adam Hawley** – Broadcom, VMware Cloud Foundation Division
Together they unpack:
1. **Why Advanced Cyber Compliance exists**
2. **The problems it solves**
3. **How it fundamentally changes the approach to compliance and resilience**
> *“Compliance is no longer a checkbox; it’s a continuous, automated safeguard for business continuity.”* – Pete Flecha
---
**Watch the full episode** on the [Virtually Speaking YouTube playlist](https://youtube.com/playlist?list=PL8_k3uUCO39uFSUmnhzlggmRmEzNQ06GF&si=Vdzz156ghgptOzl7) and learn how to make compliance a strategic advantage for your organization.Why Compliance Has Become Mission‑Critical
Regulatory pressure is increasing across every industry:
- Financial services (EU) – navigating DORA
- Healthcare – meeting HIPAA requirements
- Global organizations – complying with GDPR, PCI DSS, or regional equivalents
The Core Challenge
The problem isn’t just the number of regulations; it’s the rate of change.
- Requirements evolve constantly.
- Rules vary by geography, industry, and even workload type.
- Many organizations still rely on manual processes, disconnected tools, and point‑in‑time checks that quickly become outdated.
As Belu explains in the episode, this approach no longer works in a world where threats and regulations change daily.
The New Reality
Compliance must be continuously enforced, not merely assessed periodically.
What Advanced Cyber Compliance Delivers
Advanced Cyber Compliance (generally available since November) is purpose‑built for VMware Cloud Foundation customers who need more than basic security controls. It concentrates on three core outcomes:
- Continuous compliance and risk visibility
- Automated detection and remediation of configuration drift
- Proven cyber‑ and disaster‑recovery for on‑premises environments
Instead of stitching together multiple tools, Advanced Cyber Compliance provides these capabilities as a VCF‑integrated service, reducing complexity while boosting operational confidence.
Desired State Configuration at Scale
Advanced Cyber Compliance leverages VMware Salt to manage desired‑state configuration (DSC) across large VMware Cloud Foundation (VCF) environments.
Why DSC matters
Compliance means ensuring every system is configured exactly as required—whether dictated by regulatory standards or an internal risk profile. With Advanced Cyber Compliance you can:
- Define templates or policies that describe the desired state for ESXi hosts and other VCF components.
- Continuously monitor the environment for drift.
- Automatically remediate non‑disruptive changes.
- Flag issues that need maintenance mode or a restart.
- Gain clear, real‑time visibility into compliance status across the entire fleet.
How it works at scale
| Feature | Benefit |
|---|---|
| Single Salt master | Can monitor tens of thousands of endpoints. |
| Continuous drift detection | Immediate identification of configuration deviations. |
| Automated remediation | Non‑disruptive fixes are applied automatically. |
| Escalation workflow | Issues requiring manual intervention are highlighted for maintenance mode or restarts. |
| Unified dashboard | Provides a single pane of glass for compliance posture. |
Result: Organizations dramatically reduce manual effort—often to a fraction of the time previously required—to maintain compliance across massive infrastructures.
Compliance and Cyber Recovery Go Hand in Hand
One of the key differentiators of ACC is that it doesn’t stop at configuration and audit readiness.
Modern regulations increasingly require organizations to prove recovery capability—not just document it. This means demonstrating:
- How data is protected
- How quickly systems can be restored
- How recovery processes are tested and validated
ACC includes cyber‑ and disaster‑recovery capabilities for on‑premises VCF environments, helping organizations meet Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) without relying on manual, high‑risk failover testing.
As Pete points out in the discussion, regulators—particularly in Europe—are moving away from theoretical recovery plans and toward demonstrable operational resilience.
Alignment with Real‑World Security Frameworks
ACC aligns closely with the NIST Cybersecurity Framework, covering all five core functions:
| NIST Function | How ACC Supports It |
|---|---|
| Identify | Provides asset inventory and risk‑based classification to pinpoint critical resources. |
| Protect | * Desired‑state enforcement |
- Continuous drift detection to maintain secure configurations. | | Detect | * Real‑time monitoring of deviations from the desired state
- Anomaly detection for abnormal credential use. | | Respond | * Automated remediation workflows that instantly correct violations. | | Recover | * Integrated recovery capabilities that enable rapid restoration after an incident. |
Why This End‑to‑End Approach Matters
- Evolving attack techniques: A growing share of ransomware incidents now leverage valid credentials obtained via phishing or social engineering.
- Beyond blocking: The real challenge is to detect abnormal behavior, limit blast radius, and recover quickly when credentials are compromised.
“A significant percentage of ransomware attacks now involve valid credentials, obtained through phishing or social engineering.” — Adam
By addressing protection, detection, response, and recovery in a unified workflow, ACC helps organizations stay resilient against modern credential‑based threats.
Breaking Down Organizational Silos
A recurring theme throughout the episode is collaboration.
Historically, infrastructure, security, and compliance teams have operated in silos—using different tools and speaking different languages. ACC (Advanced Cloud Compliance) was designed to bring these teams together around a shared platform, shared visibility, and shared outcomes.
By integrating compliance, security, and recovery directly into VMware Cloud Foundation, organizations can move away from fragmented point products and toward a more cohesive operational model.
Who Benefits Most from ACC?
ACC is available exclusively to VMware Cloud Foundation customers and is especially valuable for organizations that:
- Operate in regulated industries
- Manage complex, multi‑region environments
- Need to prove cyber‑recovery and resilience
- Want to reduce manual compliance overhead
The Bigger Picture
As part of the broader Advanced Services portfolio, ACC enables customers to extend the core platform to meet their most demanding security and compliance requirements.
What’s Next in the Series
This episode is part of the Virtually Speaking series on VCF Advanced Services.
Upcoming episodes will:
- Dive deeper into individual services.
- Feature subject‑matter experts sharing real‑world use cases.
If your roadmap includes cyber compliance, operational resilience, or regulatory readiness, this episode shows how Advanced Cyber Compliance can turn those challenges into automated, manageable outcomes.
▶️ Watch the full episode now and stay tuned on the VMware Cloud Foundation YouTube channel.
Links Mentioned
- Virtually Speaking Series Overview
- VMware Cloud Foundation & Advanced Services Info
- VMware Advanced Cyber Compliance (ACC)
- VMware vDefend (Advanced Security)
- VMware Avi Load Balancer
- VMware Tanzu Data Intelligence
- VMware Data Services Manager (DSM)
- Network Observability for VCF
- ValueOps by Broadcom
- Identity Security for VCF
- VMware Cloud Foundation YouTube Channel
The Virtually Speaking Podcast
The Virtually Speaking Podcast is a technical show dedicated to VMware topics related to private and hybrid cloud. Each week, Pete Flecha and John Nicholson bring in subject‑matter experts from VMware and the broader industry to discuss their areas of expertise.
If you’re new to the Virtually Speaking Podcast, check out all episodes at and follow us on Twitter/X: @VirtSpeaking.
Discover more from the VMware Cloud Foundation (VCF) Blog
Subscribe to receive the latest posts directly in your inbox.