Cloud Software Defined Perimeter

The software defined perimeter (SDP) security framework incorporates security standards from organizations such as the National Institute of Standards and Technology (NIST) as well as security concepts from organizations such as the U.S. Department of Defense (DoD) into an integrated framework. It defines a way to protect application infrastructure from network-based attacks.

Traditional fixed perimeters allowed internal services to remain secure from external threats for a number of years due to the powerful but simple characteristics of blocking visibility and accessibility from outside the perimeter to internal applications and infrastructure. But the traditional fixed perimeter model is rapidly becoming obsolete because of BYOD and phishing attacks providing untrusted access inside the perimeter and SaaS and IaaS changing the location of the perimeter.

SDP address these issues by giving application owners the ability to deploy perimeters that retain the traditional model’s value of invisibility and inaccessibility to “outsiders,” but can be deployed anywhere – on the internet, in the cloud, at a hosting center, on the private corporate network, or across some or all of these locations.

The SDP brings together standard security tools including PKI, TLS, IPsec, SAML, and standards, as well as concepts such as federation, device attestation, and geo-location to enable connectivity from any device to any infrastructure. Connectivity in an SDP is based on a need-to-know model, in which device posture and identity are verified before access to application infrastructure is granted. SDP mitigates the most common network-based attacks, including: server scanning, denial of service, SQL injection, OS & application vulnerability exploits, password cracking, man-in-the-middle, cross-site scripting (XSS), cross-site request forgery (CSRF), pass-the-hash, pass-the-ticket, and many others. From an end-point perspective, an SDP uses a lightweight access protocol to support deployment on mobile applications, networked sensors, and application servers. For more information, please see, Software Defined Perimeter by CSA.