Protecting the stored data is only a part of the data security; you also need to encrypt or make secure the network connections and how data is moved. Data in motion is trickier to protect. The best way is always to use secure channels and communication.

At the VM level, it is a problem that is addressed and managed as in any physical environment. Do not only use VLAN (or VXLAN) to segregate traffic, but use the right network traffic rules (in this case, NSX can help with micro-segmentation) and try to avoid clear text network communication.

However, you have also the infrastructure to consider. VMware vSphere management traffic is already on SSL connections since version 3.5, but other types of traffic are usually not encrypted, such as vMotion (until vSphere 6.5), or FT logging or storage traffic based on IP, such as iSCSI or NFS traffic.

If you need to transfer data over an unsecured channel, always use network encryption such as MACsec or IPsec.