Register for CSA’s SECtember conference and trainings today


CSA Official Press Release

Published 03/03/2016

Cloud Security Alliance Software Defined Perimeter Working Group Announces New SDP for IaaS Initiative

Cloud Security Alliance Software Defined Perimeter Working Group Announces New SDP for IaaS Initiative

New Initiative To Address How SDP Can Solve Security, Compliance and Administration Challenges for Infrastructure as a Service (IaaS)

San Francisco, CA – March 2, 2016 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the formation of a new SDP for Infrastructure as a Service (IaaS) initiative. In addition, the SDP working group is hosting its fourth Hackathon throughout the RSA Conference, with a top prize of $10,000 available to the first participant to either access or disrupt a cloud-based mission critical application.

Enterprises are rapidly embracing IaaS platforms, and many have made the strategic decision to quickly shift new development and production into these environments. While bringing many benefits, this change also brings with it many security, compliance, and business efficiency challenges – specifically around granting, controlling, and reporting on which users can access which systems and services across a network. Traditional security tools are unable to cope with the speed, scale, and complexity of this new, dynamic world, especially if organizations embrace dynamic release systems such as DevOps. As a result, security teams are unfortunately encountering familiar problems in their IaaS environments, including an inability to keep pace with a dynamic environment, users with over privileged network access, and an inability to easily perform compliance reporting. Cloud service providers are facing similar challenges with IaaS management access.

“Adopting a Software-Defined Perimeter approach can solve these problems, and enable secure, efficient, dynamic, and precise control of user access to IaaS environments,” said Kurt Glazemakers, Cryptzone CTO and technical lead for the SDP for IaaS initiative. “With this initiative, we hope to demonstrate how an SDP can better protect IaaS services for enterprise usage, and deliver uniform, seamless protection of on-premises and IaaS resources.”

“The SDP approach allows enterprises to embrace the dynamic nature of IaaS without compromising security or compliance,” said Luciano ‘J.R.’ Santos, Executive Vice President of Research for the CSA. “By understanding and leveraging an SDP model, organizations can then enable hybrid or multi-platform clouds by abstracting provider-specific configurations, and leveraging consistent policies, identity stores, and processes across their environments.”

Goals of the Initiative include:

  • Documenting specific security, compliance, and architecture challenges that arise from enterprise adoption of IaaS
  • Exploring how an SDP solution can solve these problems
  • Providing architectural and deployment guidelines and best practices for secure IaaS, including the impact of DevOps initiatives
  • Influencing the SDP specification to address IaaS-specific requirements

Planned deliverables include:

  • Analysis and taxonomy of IaaS-specific security, network, identity, and compliance challenges
  • Explanation of how an SDP architecture can address these challenges
  • Deployment scenarios and use cases that examine aspects such as network configuration, identity management, authentication, and security groups

Call for Participation:

The initiative is one of five from the working group seeking participation from enterprises, cloud providers, and technology vendors to collaborate on the creation of the deliverables listed above. This effort will begin in March 2016, with a goal of producing initial version of documents by Q3 2016. To participate contact Jason Garbis at jason.garbis[at] or visit

The CSA will host SDP demonstrations at its booth, #S2614 (South Hall), at noon PDT each day of the RSA Conference in San Francisco.

About Cloud Security Alliance

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem. CSA has developed the definitive best practices for the industry, such as the “Security Guidance for Critical Areas of Focus in Cloud Computing”, the “Cloud Controls Matrix”, “Top Threats to Cloud Computing” and 50 other cloud security research artifacts.


Kari Walker
ZAG Communications
[email protected]

Share this content on your favorite social network today!

About Cloud Security Alliance

The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.

For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.