New Research Published: CSA Software-Defined Perimeter for the Cloud
I’m pleased to announce the availability of the newest Cloud Security Alliance (CSA) security research exploring how the Software-Defined Perimeter (SDP) can be applied to Infrastructure-as-a-Service environments.
Cloud adoption has soared over the past few years, and yet recent surveys indicate that security is still a concern. In one Cloud Security Alliance survey, over 67% of respondents indicated that an inability to enforce corporate security standards represents a barrier to cloud adoption, while 61% noted that compliance concerns pose a barrier.
To address this, over the last 10 months, I’ve worked alongside the CSA’s Software Defined Perimeter Working Group to establish a clear sense of the security challenges facing IaaS enterprise users. This research outlines the problems that arise from combining native IaaS access controls with traditional network security tools, and demonstrates how SDP can solve these problems across various use cases.
It’s quickly becoming widely understood that SDP is the preferred new way to securely deploy services. Leading analyst firms are pointing to SDP as a strong alternative to traditional network security solutions. And enterprises have recognized that SDP can address their concerns about adopting cloud, but the Software-Defined Perimeter approach is still relatively unknown to many. Read ‘Why a Software Defined Perimeter for more information’.
How a Software-Defined Perimeter Applies to IaaS Environments
We’ve spent the time and effort, in partnership with other SDP practitioners and with our knowledge and experience, to create this new security research outlining how Software-Defined Perimeter applies to IaaS environments.
Security for IaaS is particularly interesting, because it’s a responsibility that’s shared between enterprises and cloud providers, and because IaaS has different (and in some ways more challenging) user access and security requirements than traditional on-premises systems. Our new research focuses on how SDP can be applied to Infrastructure-as-a-Service environments, and explores the following use cases:
- Secure Access by Developers into IaaS Environment
- Secure Business User Access to Internal Corporate Application Services
- Secure Admin Access To Public Facing Services
- Updating User Access When New Server Instances Are Created
- Hardware Management Plane Access for Service Provider
- Controlling Access Across Multiple Enterprise Accounts
Get the Software Defined Perimeter Research
Now that this research is published, we’re just beginning work on version two of the SDP specification. Please join us on Basecamp if you’re interesting in contributing or learning more about that project as well.
Thanks to all the people who commented and contributed to this research over the past 10 months.