Watch the CSA Summit Keynote on The Software-Defined Perimeter
Too often network security is a problem. Many organizations struggle with finding the right solution that secures IT and still supports the business, its customers and the compliance teams responsible for approving controls and reporting on them.
That’s where a Software-Defined Perimeter solution can make a difference. A Software-Defined Perimeter is a new security model that hides servers from unauthorized users. As authorized users connect to the network, it dynamically creates secure connections, individualized for each user. When done properly, it dynamically simplifies and improves security so that organizations can operate at scale and speed.
Jason Garbis, VP of Products at Cryptzone recently gave the keynote at the Cloud Security Alliance Summit. He discussed the Software-Defined Perimeter and why it’s adoption is especially important as the world has become more hybrid and diversified.
In the video, Garbis discusses why we need to move to a Software-Defined Perimeter. Here are some of the key reasons:
IT is becoming Hybrid and Diversified
80% of enterprises are embracing and adopting hybrid cloud architectures (traditional IT resources will move from corporate data centers to cloud environments and co-located facilities or even off-premises to customer and partner locations), according to an IDC survey. 68% of these organizations are concerned about their security according to a Cloud Security Alliance survey. That doesn’t mean they are fighting against the shift to hybrid cloud. In fact, many of them are embracing it for technology and economic reasons, but still have security concerns.
Hybrid IT Spans Platforms, Tenancy, Locations
One of the implications of this change is that now we have a much more diverse and fractured environment. We have IT, security and business systems that span different platforms and technologies in different locations. And we are trying to manage all these systems and technologies across a very diverse set of platforms and tools and probably have a very diverse set of teams responsible for managing and operating them. The implication is that we end up with a fractured view with no single policy model, no single view and no single enforcement point for security across IT landscapes. The end result is complexity. That complexity leads to business friction, particularly on the security and compliance side. The result is a lack of visibility and a proliferation of vulnerabilities that our attackers are more than happy to exploit.
Embracing Trends Including Identity-Centric Security
There are a number of trends that businesses are embracing and utilizing. First, there’s a very significant shift from hardware-based infrastructures to software. This goes beyond the traditional computing infrastructure to storage, network functions and security.
This shift to software means that everything has an API allowing us to move to a more open and dynamic environment. We see lines of business becoming more innovative, coming up with new and exciting ways to connect lines of business with other data sources and organizations.
We’re also moving to a much more interconnected world. The challenge is that security teams are working with the wrong ingredients, or ingredients that haven’t changed in a long time. A simple example of that is a firewall. A firewall rule is very simple – it says that packets from this IP address are allowed to go to that IP address. But this isn’t meaningful to anyone. There’s no indication of why that rule exists – why should this packet be able to go from this IP address to that IP address; under what conditions should those packets be able to flow?
What we need is a way to align our security approach with what the business and compliance teams want – a shift to something that is identity-centric. We need a way that we can look at access and security from a user perspective and not from a data or network prospective.
TCP/IP is a Weak Security Foundation
As fantastic as TCP/IP is, it doesn’t provide us with a strong foundation for security. It operates under a model of “connect first, authenticate second”. What that means is our computer systems that are connected to a corporate network, or increasingly to the internet, are visible to any device that’s on that network. Any device on the planet can probe and scan to see what services our servers are offering and begin to take advantage of them. We see this in DDoS attacks and witness attackers able to exploit misconfigured default credentials or known weak points.
The Brilliance of a Software-Defined Perimeter
A Software-Defined Perimeter flips this model on its head. Users authenticate first and then, and only then, can they connect to server resources. Watch the keynote to learn more or read more about what is a Software-Defined Perimeter.