Word of the Day: software-defined perimeter

Word of the Day: Daily updates on the latest technology terms

Word of the Day Daily updates on the latest technology terms | September 17, 2019 software-defined perimeter (SDP) Software-defined perimeter (SDP) is a policy-based security framework that uses identity to control access to resources. Essentially, an SDP functions as a broker between internal applications and end users. The framework was developed by the Cloud Security Alliance (CSA) and is based on the U.S. Department of Defense's "need to know" access model. CSA's SDP framework allows network engineers to segment network resources with security policies in a way that mirrors a physically-defined network perimeter. When the authentication process is complete, trusted devices are given a unique and temporary connection to the network infrastructure. Unauthorized users and devices that do not comply with policy will not be able to connect. With SDP network security software, network administrators are able to dynamically deploy micro-perimeters for hybrid and multi-cloud environments to isolate services. SDP software is purpose-built to give medium and large organizations the perimeter security model needed for zero trust applications and workload-centric network connectivity between on-premises and cloud environments. In addition to limiting attack surfaces, SDP software also eliminates vendor chaos by allowing for installation on any host, without requiring network reconfiguration or hardware appliance lock-in. SDP vs. VPN Any device that accesses an isolated network through a VPN presents a risk of bringing malware to that network environment unless there is a requirement in the VPN connection process to assesses the state of the connecting device. Without an inspection to determine whether the connecting device complies with an organization's security policies, attackers with stolen or excessive credentials can access network resources, including switches and routers. The problem is that VPN tunneling protocols were created before distributed computing in hybrid and cloud environments became the norm. Network administrators who manage VPNs should consider adding software-defined perimeter (SDP) components to their VPN infrastructure. The addition of SDP programming gives medium and large organizations the ability to use a zero trust model for access to both on-premises and cloud network environments. SDP deployment models SDP deployment models can be characterized by the way they structure interactions among clients, servers and gateways. The primary approaches to implementing software-defined perimeter technology include: Client-to-gateway deployment positions the servers behind an Accepting Host, which acts as a gateway between the protected servers and clients. Clients are called Initiating Hosts in SDP terminology. The client-to-gateway SDP can be deployed inside a network to reduce such lateral movement attacks as operating system (OS) and application vulnerability exploits, man-in-the-middle attacks and server scanning. It can also be deployed directly on the internet in order to segregate protected servers from unauthorized users, as well as to mitigate attacks.   Client-to-server deployment is similar to the client-to-gateway deployment except that the server being protected by the SDP is the system that runs the Accepting Host software (instead of the gateway). Deciding between the client-to-gateway and the client-to-server deployment is usually based on a number of factors, including analysis of load-balancing needs, the servers' elasticity -- how adaptable the cloud server is to changes in workloads -- and the number of servers an enterprise needs to protect behind the SDP. Server-to-server deployments use servers that offer any kind of application programming interface (API) over the internet, can be protected from all unauthorized hosts on the network -- including a Simple Object Access Protocol (SOAP) service, a remote procedure call (RPC), a representational state transfer (REST) service or similar -- and use it to communicate between the Accepting Host and the Initiating Host. Client-to-server-to-client implementations depend on a peer-to-peer (P2P) relationship between the clients. In this deployment model, the SDP obfuscates the IP addresses of the connecting clients, and the server acts as the intermediary for both clients. Continue reading... Quote of the Day "With SDP network security software, network administrators will able to dynamically deploy highly available micro-perimeters for hybrid and multi-cloud environments to isolate services for fine-grained user access and eliminate the security risks of a VPN." - Don Boxley Related Terms Cloud Security Alliance network attack surface zero trust model man-in-the-middle attack VPN Learning Center What is a software-defined perimeter, and do I need it? A software-defined perimeter improves enterprise security by making users and devices invisible to outside attacks. Discover the basics of SDP and learn how it can alleviate common security challenges. Have newer security methods made NAC systems obsolete? With developments in security methods like zero-trust security and software-defined perimeter, the importance of network access control appears to be diminishing. But NAC systems can still prove relevant at the network edge. Better security through software-defined perimeter know-how SDN is redefining the security perimeter. Learn how software-defined perimeter architecture -- like a bouncer at a super-exclusive club -- controls access to sensitive systems and valuable data. How cloud network services affect transformation and security Three networking experts explored how cloud network services can affect network transformation, planning and security. Learn more of their thoughts on the role of cloud in different facets of networking. Achieve network perimeter security through deep segmentation Establishing network perimeter security now requires the use of SDN to achieve deep segmentation. Learn how to put in place a software-defined perimeter. Quiz Yourself Read the FAQ to get the ______ on open source cloud computing. a. low down b. lowdown c. low-down Answer Stay in Touch For feedback about any of our definitions or to suggest a new definition, please contact me at: mrouse@techtarget.com Visit the Word of the Day Archives and catch up on what you've missed! FOLLOW US About This E-Newsletter The Word of the Day is published by TechTarget, Inc., 275 Grove Street, Newton, Massachusetts, 02466 US. Click to: Unsubscribe. You are receiving this email because you are a member of TechTarget. When you access content from this email, your information may be shared with the sponsors or future sponsors of that content and with our Partners, see up-to-date Partners List, as described in our Privacy Policy. For additional information, please contact: webmaster@techtarget.com. © 2019 TechTarget, Inc. all rights reserved. Designated trademarks, brands, logos, and service marks are the property of their respective owners. Privacy Policy | Partners List