Software Defined Perimeter (SDP) and Zero Trust report has been released by the Cloud Security Alliance (CSA). This report co-authored by Waverley Labs examines SDP as the optimal implementation to support a true Zero Trust strategy. Zero Trust implementation using Software-Defined Perimeter enables organizations to defend new variations of old attack methods that are constantly surfacing in existing continuous monitoring and infrastructure perimeter-centric networking models.
“Zero Trust” security
Software-Defined Perimeter (SDP) and Zero Trust indicates the effects of an SDP Zero Trust deployment on risky transactions based on a single packet analysis revealing a lack of positive identification. According to the report, when applied to network connectivity, SDP is agnostic of the underlying IP-based infrastructure, allowing it to home in on securing all connections making it the best architecture for achieving Zero Trust. It is possible to see the white paper from Waverley Labs.
One of the authors of report Nya Alison Murray from Waverley Labs said,
“Adopting a SDP implementation enforces the separation of establishing trust from data transfers. Most of the existing “Zero Trust” security measures are applied as authentication and ‘sometimes’ authorization based on policy after the termination of TLS certificates. Certificate validation is a complex verification and validation process, and there are known possible vulnerabilities with TLS 1.2, TLS 1.3 and mutual TLS. Network segmentation and the establishment of micro networks, so important for multi-cloud deployments, also benefit from adopting a software defined perimeter Zero Trust architecture.”
The paper outlines a call to action for a Zero Trust proof of concept (POC) that would demonstrate:
- Communications that are classified as highly sensitive can be secured (using an SDP approach) over any type of network, even the internet, from one secure environment to another without having to run the gauntlet of the network layer to application layer insecurities.
- Advances in Software Defined Networking can support a Software-Defined Perimeter in order to create separate control and data planes as well as a deny-all firewall implementation.
- How the SDP approach to network forwarding across a hybrid multi-cloud deployment is perfectly aligned with the principles of Zero Trust networking based on a single packet inspection.