Featured Research: Software Defined Perimeter Initiative
The cloud, and the Internet as we know it today, is an unlikely outcome from the DARPA research conducted decades ago. Through a combination of standards, innovation, and a culture of openness, we have built a remarkable foundation for our ever-changing society, as well as the global economy. As we continue to extend the Internet with cloud as everyone’s data center and hundreds of billions of Internet-connected devices, we must continue to question how we architect and secure our presence online.
In its formation, CSA provided a catalogue of recommendations and fairly high-level best practices. This was an appropriate approach, as this work was parallel to NIST‘s definitional work in taxonomizing the cloud. As we mature and gain clarity around next-generation information technology, CSA will provide more detailed guidance and technical specifications. One of our newest and most important projects is the Software Defined Perimeter (SDP) Initiative.
The SDP Initiative defines an architecture to create highly secure and trusted end-to-end networks between any IP addressable entities, allowing for systems that are highly resilient to network attacks. SDP has many use cases, from incorporating BYOD mobile and new generations of devices into enterprise networks, to creating robust virtual private clouds. The SDP Initiative is a collaboration between some of the world’s largest users of cloud computing within CSA’s Enterprise User Council. SDP incorporates security standards from organizations such as NIST and takes inspiration from classified networks implemented at organizations such as the U.S. Department of Defense (DoD). SDP works to mitigate network-based attacks on Internet-accessible applications by eliminating connectivity to them until devices and users are authenticated and authorized. By making networks “black,” or invisible to devices by default, several types of network attacks are mitigated. You can learn more about SDP at https://cloudsecurityalliance.org/research/SDP.