InstaSafe® – Next-Gen Trusted AccessInstaSafe® – Next-Gen Trusted AccessInstaSafe® – Next-Gen Trusted AccessInstaSafe® – Next-Gen Trusted Access
  • Home
  • Products
    • InstaSafe® Secure Access
      • InstaSafe® Secure Access
      • MPLS Failover
      • AD Connect +
    • InstaSafe® Cloud Access
      • InstaSafe® Cloud Access for AWS
      • InstaSafe® Cloud Access for Azure
      • Hybrid Infrastructure Connectivity
      • MultiCloud Peering using ICA
      • Site to Site Connectivity
    • Zero Trust Security Solution
      • Zero Trust Application Access
  • Solutions
    • Solutions by Use Case
      • MPLS Failover
      • AD Connect +
      • InstaSafe® Cloud Access for AWS
      • InstaSafe® Secure Access for Azure
      • Hybrid Infrastructure Connectivity
      • MultiCloud Peering using ICA
      • InstaSafe® Cloud Access for AWS
      • Site to Site Connectivity
    • Solutions by Industries
      • FSI
      • Bank
      • Retail
      • ITES
      • Travel
      • Logistics
      • Government
  • Resources
    • Resources
    • Webinars
    • Blog
    • Developers Center
  • Partner
  • Company
    • About
    • Team
    • Newsroom
    • Careers
    • Contact
  • Pricing
  • Login
    • ZTAA Login
    • SafeHats login
  • Request Demo
  • SAFEHATS

How Does Software Defined Perimeter (SDP) works?

Avatar

Evolution of the term ‘perimeter’

The military definition of the term ‘perimeter’ is simple – we are inside and the enemy is outside. In cyber security, the term is tuning to something different over the last two decades. In the early 2000’s the concept of firewalls and virtual private network (VPN) emerged widely for corporations to establish connectivity that are network centric approaches. Organizations establish SSL VPN and Wifi networks that enable people, such as partners to access the corporate network. During 2007, Jericho forum published commandments, a list of 11 principles that define what must be observed when planning for security in the new world. According to the Jericho Forum, the Deperimeterization “has happened, is happening, and is inevitable” and organizations should “plan for it and should have a roadmap of how to get there. Historically, enterprises deployed perimeter security solutions in the datacenter to protect their critical applications from external threats. Later in 2013, Cloud security alliance (CSA) published a paper on Software defined perimeter based on it’s working group to demystify this term for modern secure business use-cases.

 

Emergence of Software defined perimeters (SDP) concept

With adoption of BYOD (bring your own device), having contractors and partners within corporate networks, over permissions for users to have access to systems, Cloud concepts such as IaaS, PaaS and SaaS made the term ‘perimeter’ irrelevant due to security consequences, as they are based on hardware technologies. Software defined perimeters (SDP) replaces physical appliances with logical components that bring together standard security controls such as PKI, TLS, IPSec, SAML and concepts such as federation, device attestation and geo-location to enable connectivity from any clients to any information resource. Software defined perimeter mitigates most common network based security attacks by dynamically creating one-to-one network connections between users and the data they access.

 

Software defined perimeter (SDP) Architecture

Typical SDP architecture made up of three components namely SDP client, SDP controller and SDP gateway as shown in the reference architecture. The SDP client runs on each device, the SDP controller authenticates with identity provider and enforces policy based on the configuration granting users to access data, the SDP gateway acts as broker to protect resources.

 

 

The Software defined perimeters (SDP) Works are as follows

  1. SDP client device authorization requests will be validated by SDP controller and it applies the access policies that is based on combination of attributes such as user profiles, device status, location and infrastructure fingerprint.
  2. SDP controller returns a cryptographically signed tokens to the SDP client after checks the context, that authorize to access set of resources
  3. SDP client uploads live entitlements that SDP gateway uses to discover resources or applications matching the user’s context.
  4. SDP gateway and SDP client establish a mutual session dynamically allocated to access the resources, if granted via encrypted tunnel. Access logs are recorded for audit purpose
  5. SDP controller continuously monitors for any context changes and ensures session segmentation between the SDP client and resources.

 

Software defined perimeters (SDP) security use-cases

Organizations today adopt security strategies based on numerous factors, that includes the ‘software defined perimeter’ solution part of their overall cyber security program. The key security use-cases are

  • Work from home – enterprise workforce today require access to corporate resources from their home. With user credentials being compromised and arise in insider threat, organization need to ensure protection of critical data based on ‘need to know’ basis
  • Adherence to compliance – SDP avoids additional costs associated with audits, as it provides visibility and control on systems on networks outside of the protected network.
  • Utilize existing investments – Ability to augment capabilities with existing network security solutions potentially doesn’t enforce to ‘replace’ all of the investments. SDP solution shall integrate with most of the enterprise networking and security APIs
  • Cloud workload migration – SDP provides a controlled path to move applications from datacenter to cloud.
  • Identity centric security – user based security protection strategies replaces the pitfalls exists in network / IP source based access control mechanisms.

 

  • What is Zero Trust Security
  • How to Implement Zero Trust Security
  • Zero Trust Network Access Models

Leave a Comment

Cancel reply

Your email address will not be published. Required fields are marked *

The Cybersecurity Newsletter You Should Subscribe To Stay Updated

Get latest cybersecurity news and in-depth coverage of current and future trends in It Security and how they are shaping the cyber world

You are subscribed.
Oops, something went wrong. Try again.

Recent Posts

  • 5 Common Cybersecurity Myths Busted
  • How to Build a CyberSecurity Team?
  • Tips for Enterprises to Maximize their Cybersecurity ROI
  • What is Data Classification and How Businesses Can Benefit from It
  • Identity & Access Management Simplified with Zero Trust Solution

Recent Comments

    • You may also like

      Zero Trust Security for Digital Transformation – Instasafe

      Read now
    • You may also like

      Zero Trust Network Access Models – Instasafe

      Read now
    • You may also like

      InstaSafe’s Security Precepts for designing a zero trust architecture

      Read now
    • You may also like

      5 Attacks: InstaSafe Secure Access’ SDP based architecture can protect you against

      Read now
    • You may also like

      Understanding Zero Trust: Microsegmentation – Instasafe

      Read now
    Copyright © 2012-2020 InstaSafe® Technologies. All Rights Reserved | Privacy Policy | Terms | Responsible Disclosure Policy | iOS App Terms of Use | System Status
    • Home
    • Products
      • InstaSafe® Secure Access
        • InstaSafe® Secure Access
        • MPLS Failover
        • AD Connect +
      • InstaSafe® Cloud Access
        • InstaSafe® Cloud Access for AWS
        • InstaSafe® Cloud Access for Azure
        • Hybrid Infrastructure Connectivity
        • MultiCloud Peering using ICA
        • Site to Site Connectivity
      • Zero Trust Security Solution
        • Zero Trust Application Access
    • Solutions
      • Solutions by Use Case
        • MPLS Failover
        • AD Connect +
        • InstaSafe® Cloud Access for AWS
        • InstaSafe® Secure Access for Azure
        • Hybrid Infrastructure Connectivity
        • MultiCloud Peering using ICA
        • InstaSafe® Cloud Access for AWS
        • Site to Site Connectivity
      • Solutions by Industries
        • FSI
        • Bank
        • Retail
        • ITES
        • Travel
        • Logistics
        • Government
    • Resources
      • Resources
      • Webinars
      • Blog
      • Developers Center
    • Partner
    • Company
      • About
      • Team
      • Newsroom
      • Careers
      • Contact
    • Pricing
    • Login
      • ZTAA Login
      • SafeHats login
    • Request Demo
    • SAFEHATS
    InstaSafe® – Next-Gen Trusted Access
    X
    InstaSafe Work From Home Solutions
    Register Here