Software-Defined Perimeter

With Zero Trust becoming one of the most talked about cybersecurity trends today, Software-Defined Perimeter (SDP) should also be considered in this discussion. Using SDP in Zero Trust implementation enables organizations to defend against new attack methods that are constantly surfacing in existing network models. Implementing SDP can improve the overall security posture of businesses facing challenges when adapting to expanding and increasingly distributed attack surfaces. 

The CSA Zero Trust working group is embracing industry’s expanded scope of Zero Trust going forward and will continue to promote SDP as a recommended architecture for achieving Zero Trust benefits, particularly as part of the ZT Network Pillar. The CSA will continue to revise and elaborate on the SDP specification (now V2 published 3/22 and supported by the SDP Architecture Guide), to capture and codify the knowledge gained from past experience and new developments. 

SDP provides the ability to hide assets, which enables deny-all gateway until users/devices are proven. It also provides single packet authorization which enables integrated controls for authentication and authorization. Additionally, it provides the ability to authenticate before access. 

One of the main benefits of SDP is that it reduces the attack surface, which means enhanced protection for cloud applications. Reducing the attack surface gives more centralized control to system owners as well as increased visibility to all authorized connections. Another benefit is the reduction in  the cost of ownership by lowering  costs for endpoint prevention/detection and incident response while also reducing complexity for integrating controls.