Cloud Security Alliance Issues Expanded Specification for the Software-Defined Perimeter (SDP)

Growing adoption of Zero Trust principles and corresponding growth in deployments of SDP-based solutions called for enhanced set of guidelines

SEATTLE – March 10, 2022 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today released Software-Defined Perimeter (SDP) Specification v2.0, an update to the original Software-Defined Perimeter (SDP) v1 (2014). The enhanced specification encompasses the architectural components, interactions, and basic security communications protocol for the Software-Defined Perimeter. It’s hoped that the publication of version 2 will encourage more enterprises to adopt a Zero Trust paradigm for securing their applications, networks, users, and data.

“While the original specification was sound and provided a solid architectural and conceptual foundation for securing connectivity, it was largely silent on several areas, including SDP access authorization policies, onboarding, and securing non-person entities. Given that the information security industry has embraced the principles espoused in the SDP architecture in recent years, thanks in part to the shift toward cloud and the ever-heightened threat landscape, we felt it was time to issue an updated and enhanced set of specifications,” said Shamun Mahmud, CSA senior research analyst.

Produced by CSA’s Software-Defined Perimeter and Zero Trust Working Group, the paper focuses on the control plane that enables secure connectivity within the security perimeter, and the data plane that enforces secure connectivity between initiating hosts (IH) and accepting hosts (AH), whether they’re servers, devices, or services. Specifically, it expands and enhances the following areas:

• SDP and its relationship to Zero Trust
• SDP architecture and components
• Onboarding and access workflows
• Single Packet Authorization (SPA) message format, use of User Datagram Protocols (UDP), and alternatives
• Initial discussions on IoT devices and access policies

The paper also includes additional documentation published since 2014, namely the SDP Glossary and the SDP Architecture Guide, and provides enhanced sequence diagrams and explanations of connections and messages in the following SDP sub-protocols: AH to Controller, IH to Controller, and IH to AH.

Download the free report.

The Software-Defined Perimeter and Zero Trust Working Group was created to validate and protect the devices and connections on a network. Those interested in learning more about the group or participating in future research are invited to join.

About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.