The State of SDP Survey: A Summary
The CSA recently completed its first annual “State of Software-Defined Perimeter” Survey, gauging market awareness and adoption of this modern security architecture – summarized in this infographic.
The survey indicates it is still early for SDP market adoption and awareness, with only 24% of respondents claiming that they are very familiar or have fairly in-depth knowledge of SDP. The majority of respondents are less knowledgeable, with 29% being “somewhat” conversant in SDP, 35% having heard of it, and 11% knowing nothing about it.
A majority of organizations recognize the need to change their approach to a Zero Trust Architecture– 70% of respondents noted that they have a high or medium need to change their approach to user access control by better securing user authentication and authorization.
Survey respondents noted that the largest barrier to SDP adoption is existing in-place security technologies, closely followed by organizational lack of awareness and budgetary constraints. This is consistent with SDP’s early adopter market status, and its unique role as an integrated security architecture that enhances and, in some cases, eliminates the use of traditional security tools and technologies. Lack of awareness and perceived budgetary constraints point to a need for the CSA to educate the market on SDP’s security benefits and provide additional research to organizations about the cost benefit of SDP’s ability to provide preventive security compared with cyber breach detection after the fact.
Respondents clearly understand that SDP functionally overlaps with VPN and NAC solutions, and also understand that SDP will benefit in-place systems such as IAM and SIEM. Organizations also see the benefits that SDP provides, with a majority indicating they could realize an improved security posture (63%) and a reduced attack surface (52%). A strong minority also see the benefits of reduce costs (48%) and improved compliance (44%).
In terms of adoption, a majority of organizations see themselves using SDP as a VPN replacement (64%) or a NAC alternative (55%) – both of which are common first projects for SDP.
Based on this initial survey, we’re pleased to see this level of awareness, and optimistic that the concept of Zero Trust can be achieved by implementing SDP. Clearly, organizations are just beginning the transition from traditional security technologies to SDP and are looking for guidance. The CSA is addressing this demand with SDP resources and information – in fact, a majority of survey respondents requested additional technical documents, marketing resources, and webcasts. The SDP Working Group has recently published the SDP Architecture Guide research document, and other resources such as version 2.0 of the SDP specification, and additional guidance noted in the architecture document will follow.
SDP is clearly a very important security development, providing an updated approach to current measures that fail to address the inherent vulnerabilities in the network and application connectivity protocols of the past. If you'd like to download the above infographic as a pdf, you can find it here: https://cloudsecurityalliance.org/artifacts/sdp-awareness-and-adoption-infographic
We'd like to thank the following individuals from the SDP leadership team for their work in creating this report and accompanying blog post:
- Juanita Koilpillai
- Nya Murray
- Jason Garbis
- Junaid Islam