New Security Research – the Software-Defined Perimeter for the Cloud
By Jason Garbis, Vice President of Products, Cryptzone
On behalf of the Cloud Security Alliance, I’m pleased to announce the publication of our newest security research from the Software Defined Perimeter (SDP) Working Group, exploring how the SDP can be applied to Infrastructure-as-a-Service environments. Thanks to all the people who commented and contributed to this research over the past 10 months, especially Puneet Thapliyal from Trusted Passage.
Cloud adoption has soared over the past few years, and yet recent surveys indicate that security is still a concern. In one Cloud Security Alliance survey, over 67% of respondents indicated that an inability to enforce corporate security standards represents a barrier to cloud adoption, while 61% noted that compliance concerns pose a barrier.
It’s quickly becoming widely understood that SDP is the preferred new way to securely deploy services. Leading analyst firms are recommending that public-facing services be protected with a new security approach, and are talking about SDP as a strong alternative to traditional network security solutions.
Enterprises have recognized that SDP can address their concerns about adopting cloud, but the Software-Defined Perimeter approach is still relatively unknown to many (here is a quick primer on SDP if you need a refresh). Security architects and IT leaders are eager to learn more about how to best design and deploy SDP-based systems.
As a vendor that offers an SDP solution, and as a leader of the SDP Working Group, we’re happy to share our knowledge and experience. This is why we’ve spent the time and effort, in partnership with other SDP practitioners, to create this new security research outlining how Software-Defined Perimeter applies to IaaS environments.
Security for IaaS is particularly interesting, because it’s a responsibility that’s shared between enterprises and cloud providers, and because IaaS has different (and in some ways more challenging) user access and security requirements than traditional on-premises systems. Our new research focuses on how SDP can be applied to Infrastructure-as-a-Service environments, and explores the following use cases:
- Secure Access by Developers into IaaS Environment
- Secure Business User Access to Internal Corporate Application Services
- Secure Admin Access To Public Facing Services
- Updating User Access When New Server Instances Are Created
- Hardware Management Plane Access for Service Provider
- Controlling Access Across Multiple Enterprise Accounts
Finally, now that this research has been published, we’re just beginning work to outline more architectures and new applications of the protocol in version 2 of the SDP specification. Please join us if you’re interesting in contributing or learning more about that project as well.