Cloud Security Alliance Issues Expanded Specification for the Software-Defined Perimeter (SDP)
Growing adoption of Zero Trust principles and corresponding growth in deployments of SDP-based solutions called for enhanced set of guidelines
The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, released Software-Defined Perimeter (SDP) Specification v2.0, an update to the original Software-Defined Perimeter (SDP) v1 (2014). The enhanced specification encompasses the architectural components, interactions, and basic security communications protocol for the Software-Defined Perimeter. It’s hoped that the publication of version 2 will encourage more enterprises to adopt a Zero Trust paradigm for securing their applications, networks, users, and data.
“While the original specification was sound and provided a solid architectural and conceptual foundation for securing connectivity, it was largely silent on several areas, including SDP access authorization policies, onboarding, and securing non-person entities. Given that the information security industry has embraced the principles espoused in the SDP architecture in recent years, thanks in part to the shift toward cloud and the ever-heightened threat landscape, we felt it was time to issue an updated and enhanced set of specifications,” said Shamun Mahmud, CSA senior research analyst.
Download Our Top Whitepaper : Building Reliable and Secure Fintech Systems in 2022
Produced by CSA’s Software-Defined Perimeter and Zero Trust Working Group, the paper focuses on the control plane that enables secure connectivity within the security perimeter, and the data plane that enforces secure connectivity between initiating hosts (IH) and accepting hosts (AH), whether they’re servers, devices, or services. Specifically, it expands and enhances the following areas:
- SDP and its relationship to Zero Trust
- SDP architecture and components
- Onboarding and access workflows
- Single Packet Authorization (SPA) message format, use of User Datagram Protocols (UDP), and alternatives
- Initial discussions on IoT devices and access policies
The paper also includes additional documentation published since 2014, namely the SDP Glossary and the SDP Architecture Guide, and provides enhanced sequence diagrams and explanations of connections and messages in the following SDP sub-protocols: AH to Controller, IH to Controller, and IH to AH.
Recommended AI News: Justpoint Announces $6.9 Million in Seed Extension Funding
[To share your insights with us, please write to sghosh@martechseries.com]
Comments are closed.