If you want to have security at the network layer so that only certain users have access to the finance server, or if you want to ensure that your web server always has higher priority than your email server in getting out to the internet, or if you want to make sure that your password server at Yahoo can only send and receive encrypted traffic; these are the kinds of things that are made easier, cheaper and more manageable via SDN and by extension Nicira. All of these things are quite difficult to accomplish in large networks.
No, SDN really isn't about this at all - its about segregation of the control and data planes, and in some respects about bringing a new level of programmability to the network layer. The scenarios you describe are easily achieved without SDN.
I think the keywords are that SDN makes these things easier, cheaper and more manageable by abstracting it out of the network hardware and into the software, specifically virtualized software. That is why VMWare sees a good fit in Nicira.
