Cloud Security Alliance Publishes New Research on the Software Defined Perimeter and Zero Trust
Co-authored by Waverley Labs, new paper examines SDP as the optimal implementation to support a true Zero Trust strategy
Waverley Labs, a pioneer in Software Defined Perimeters (SDP) and digital risk reduction solutions, announced that the Cloud Security Alliance (CSA) has published new research titled Software Defined Perimeter (SDP) and Zero Trust.
The CSA is the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment.
Produced by Cloud Security Alliance’s Software-Defined Working (SDP) Group, and co-authored by Juanita Koilpillai, Founder and Chief Executive Officer of Waverley Labs, and Nya Alison Murray, Senior ICT Architect, Trac-Car Technology, the paper sheds light on the use of SDP as the optimal implementation to support a Zero Trust Strategy.
It illustrates how a Zero Trust implementation using Software-Defined Perimeter enables organizations to defend new variations of old attack methods that are constantly surfacing in existing continuous monitoring and infrastructure perimeter-centric networking models.
It details how an SDP Zero Trust deployment can deny risky transactions based on a single packet analysis revealing a lack of positive identification. When applied to network connectivity, SDP is agnostic of the underlying IP-based infrastructure, allowing it to hone in on securing all connections making it the best architecture for achieving Zero Trust.
“Adopting a SDP implementation enforces the separation of establishing trust from data transfers,” said Nya Alison Murray. “Most of the existing “Zero Trust” security measures are applied as authentication and ‘sometimes’ authorization based on policy after the termination of TLS certificates. Certificate validation is a complex verification and validation process, and there are known possible vulnerabilities with TLS 1.2, TLS 1.3 and mutual TLS. Network segmentation and the establishment of micro networks, so important for multi-cloud deployments, also benefit from adopting a software defined perimeter Zero Trust architecture.”
The paper outlines a call to action for a Zero Trust proof of concept (POC) that would demonstrate how SDP addresses the challenges of application delivery in a hybrid multi-cloud environment. Specifically, the POC would demonstrate:
- Communications that are classified as highly sensitive can be secured (using an SDP approach) over any type of network, even the internet, from one secure environment to another without having to run the gauntlet of network layer to application layer insecurities.
- Advances in Software Defined Networking can support a Software Defined Perimeter in order to create separate control and data planes as well as a deny-all firewall implementation.
- How the SDP approach to network forwarding across a hybrid multi-cloud deployment is perfectly aligned with the principles of Zero Trust networking based on a single packet inspection.