Just when you thought you were safe from software-defined everything – i.e. storage (SDS), networking (SDN), data center (SDDC), or security (SDS or SDDS) – the Cloud Security Alliance has launched what it calls the Software Defined Perimeter Initiative, a new project to develop an ‘architecture for creating highly secure and trusted end-to-end networks between any IP addressable entities, allowing for systems that are highly resilient to network attacks.’ The not-for-profit CSA, formed in 2008 and with 48,000 individual members, is focused on promoting the use of best practices for providing security assurance within cloud computing, and providing education on the uses of cloud computing to help secure all other forms of computing.
According to the alliance, the SDP initiative is a collaboration between some of the world’s largest users of cloud computing within CSA’s Enterprise User Council. It will be led by Bob Flores, former CTO of the CIA and current CEO of Applicology, who will be giving a keynote at the CSA Congress 2013, Dec 4-5, Orlando, and Junaid Islam, founder and CTO of Vidder.
A security vendor known for transforming military-grade, top secret networking technologies into an enterprise-ready security control that mitigates network-based attacks from unauthorized users, Vidder has been using the SDP term for some time.
The company said cloud-based perimeters can be used to secure all types of Internet-facing applications, including SaaS, extranets, and mobile infrastructure to Internet-of-Things. In addition to Vidder, a number of other vendors have been active in this space, including nCircle (Perimeter Profiler), and Panda Security (Virtual GateDefender Performa). Software-defined security and the spin-offs like SDP are necessary because existing security solutions are largely powered by manual processes, “Human Middleware”, and they can’t keep up with today’s dynamic networks, according to NetCitadel, the developer of what it calls the first SDS platform to orchestrate real-time dynamic updates of security policy and controls across security infrastructure in response to changes on cloud, virtual and physical environments.
CSA is predominantly driven by big users, the Fortune 500, said Islam, and they believe that while clouds can potentially dramatically lower the cost of application infrastructures, to be useful they have to meet minimal controls for privacy, security and data controls. “It’s really about how to create secure clouds.”
SDP is a new standard intended to take security to the next level, he said. The bulk of CSA’s work has been to provide security inside the cloud, but now that they’ve done that, the focus is shifting to securing the cloud perimeter. We have taken the best ideas from standards groups like NIST, PCI and HIPPA, procedures and processes from the Department of Defence and financial institutions, and putting into them into a standard we’re calling software-defined perimeter.
“It’s not just to reflect best practices… but easy to use,” said Islam. “Imagine we take these best ideas from smart people and implement them as cloud services. We can package and then can sell them as services.”
It’s a completely new way to think about clouds, he said. “We thought about cloud as low-cost infrastructure. Now we can think about cloud to protect all of my infrastructure, whether in the cloud or back in my office. From a CSA perspective we see this as a logical evolutionary step.”
It’s a great concept, but Islam said they still have to do the detail work. He said CSA started work two years ago to make software in the cloud tamper proof, and it’s only now emerging, being bought and used. Next year the alliance will be announcing the initial results from two of the world’s largest companies that are deploying SDS elements.
“I think the Software Defined Perimeter can be a game-changer… but we have to prove it.”
Under The Hood
CSA is announcing the following initial roadmap for delivery of SDP:
-Software Defined Perimeter Whitepaper: The SDP whitepaper and an overview of the SDP framework will presented at the CSA Congress, December 4-5, 2013 in Orlando, Florida.
-Software Defined Perimeter Deep Dive: Detailed information about SDP and a prototype demonstration will be delivered at the CSA Congress Architecture Workshop, December 6, 2013 in Orlando, Florida.
-Software Defined Perimeter Enterprise Implementation: An implementation case study of SDP will be presented at the CSA Summit at the RSA Conference, February 24, 2014 in San Francisco.
-Software Defined Perimeter Hacker Contest: An educational contest will be held to test SDP in a secured cloud configuration. Live reports will be displayed at the CSA booth at the RSA Conference, February 25, 2014 in San Francisco.
-Software Defined Perimeter Developer’s Workshop: Case studies of SDP will be reviewed and a workshop to help organizations seeking to implement SDP will be held at the SecureCloud Conference, April 1-2, 2014 in Amsterdam.
A more complete one-year roadmap of SDP activities will be published at the CSA Congress. For conference and registration information for the upcoming CSA Congress CLICK HERE