Software-Defined Perimeter for Cloud Research – Available Now for Review
Helping enterprises improve their security is Cryptzone’s core mission. That’s why, in addition to our role as a vendor of enterprise security software, we’ve also been helping lead industry research into improved security, in conjunction with the Cloud Security Alliance (CSA).
Along these lines, I’m pleased to announce a milestone in our CSA work – the publication of research on applying the Software-Defined Perimeter to Infrastructure-as-a-Service environments. In partnership with the Cloud Security Alliance, the research is now available for public review here.
This initiative was launched in the Spring of 2016, and over the past nine months a group of people from enterprises, service providers, and technology vendors, have discussed, debated and now written about how the Software-Defined Perimeter (SDP) architecture can and should be applied to Infrastructure-as-a-Service environments. The research takes into account different perspectives and requirements, providing a balanced view on applying SDP to IaaS.
We’ve identified six key use cases, and put them into context of why and how a Software-Defined Perimeter is relevant and necessary for securing user access into cloud environments. These include:
- Secure Access by Developers into IaaS Environment
- Secure Business User Access to Internal Corporate Application Services
- Secure Admin Access To Public Facing Services
- Updating User Access When New Server Instances Are Created
- Hardware Management Plane Access for Service Provider
- Controlling Access Across Multiple Enterprise Accounts
A Software-Defined Perimeter can be applied to public cloud environments such as AWS, Azure, or Google Compute, as well as on-premises virtualized environments. And we’ve even considered things from the perspective of a multi-tenant service provider.
This entire initiative is open and public, as part of the Cloud Security Alliance. You can view the document here — please feel free to dive in and comment on it.
If you’re interested in actively participating in this work, let me know – my contact information is Jason.Garbis(at)Cryptzone.com.