Cloud Security Alliance’s Latest Research Examines Symbiotic Relationship Between Software Defined Perimeter (SDP) and Zero Trust
May 28, 2020The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today released a new research white paper, Software Defined Perimeter (SDP) and Zero Trust. Produced by CSA’s Software Defined Perimeter Working Group, the paper makes a case for why SDP is the most effective architecture for adopting a Zero Trust strategy, an approach that is being heralded as the breakthrough technology for preventing large-scale breaches.
Aimed at chief information officers (CIO), chief information security officers (CISO) and other corporate executives who are already embracing Zero Trust, the paper demonstrates how SDP can be used to implement Zero Trust networks, how it’s applied to network connectivity, and what makes it the most advanced implementation of a Zero Trust strategy. The report also lays out the security and business benefits of implementing an SDP Zero Trust solution as defined in the CSA SDP Architecture Guide, as well as the risks and the accompanying requirements for mitigating them.
“Most of the existing Zero Trust security measures are applied as authentication and sometimes authorization, based on policy after the termination of Transport Layer Security (TLS) certificates,” said Nya Alison Murray, senior ICT architect and co-lead author of the report. “Network segmentation and the establishment of micro networks, which are so important for multi-cloud deployments, also benefit from adopting a software-defined perimeter Zero Trust architecture.”
A Zero Trust implementation using SDP enables organizations to defend new variations of old attack methods that are constantly surfacing in existing network and infrastructure perimeter-centric networking models. Implementing SDP improves the security posture of businesses facing the challenge of continuously adapting to expanding attack surfaces that are, in turn, increasingly more complex.
The report notes particular issues that have arisen that require a rapid change in the way network security is implemented, including the:
- Changing perimeter, whereby the past paradigm of a fixed network perimeter, with trusted internal network segments protected by network appliances such as load balancers and firewalls has been superseded by virtualized networks, and the ensuing realization that the network protocols of the past are not secure-by-design.
- IP address challenge, noting that IP addresses lack any type of user knowledge to validate the trust of the device. With no way for an IP address to have user context, they simply provide connectivity information but do not get involved in validating the trust of the endpoint or the user.
- Challenge of implementing integrated controls. Visibility and transparency of network connections is problematic in the way networks and cyber security tools are implemented. Today, integration of controls is performed by gathering data in a SIEM for analysis.
The Software-Defined Perimeter Working Group was created with the goal of developing a solution to stop network attacks against application infrastructure. Those interested in learning more about the group or participating in future research should visit the Software-Defined Perimeter Working Group page.
Download the free report at Software Defined Perimeter (SDP) and Zero Trust.