Las Vegas, NV – November 13, 2013 – The Cloud Security Alliance (CSA), a not-for-profit organization which promotes the use of best practices for providing security assurance within cloud computing, today announced the launch of the Software Defined Perimeter (SDP) Initiative, a project to develop an architecture for creating highly secure and trusted end-to-end networks between any IP addressable entities, allowing for systems that are highly resilient to network attacks.
Technology consumerization has resulted in the proliferation of new computer systems in use by enterprises, such as mobile devices in Bring Your Own Device (BYOD) configurations, and non-traditional computers comprising the Internet of Things (IoT). Cloud computing infrastructure is supplanting internal IT backend systems as these employee-owned devices are becoming the primary computer of choice at the endpoint. Innovation must provide more granular and elegant solutions to mitigate security risks and enforce organizational policies across any combination of corporate-owned, public and consumer information technology.
The Software Defined Perimeter (SDP) is a collaboration between some of the world’s largest users of cloud computing within CSA’s Enterprise User Council. SDP is a framework of security controls that mitigates network-based attacks on Internet-accessible applications by eliminating connectivity to them until devices and users are authenticated and authorized. SDP is being designed to be highly complementary to Software Defined Networks (SDN), the popular network layer construct which decouples routing and architectural decisions from the underlying equipment to create virtual networks. SDP traverses several OSI layers to tie applications and users with trusted networks, using vetted security models. SDP allows even heavily compromised systems to participate in secure transactions and operate authorized cloud services.
“It is critical to the future of cloud technology that it is demonstrably more secure than legacy IT systems,” said Bob Flores, former CTO of the CIA and Chief Executive Officer of Applicology Incorporated. “SDP is an important component to allow both cloud providers and customers to secure applications all the way from the back end to the consumer device, and we look forward to working with some of the worlds largest enterprises on its development.”
“CSA is making this royalty-free research publicly available in order to catalyze the development of more secure clouds and BYOD deployments,” said Jim Reavis, Executive Director of Cloud Security Alliance. “Some of the largest brands and companies have agreed to participate in this initiative, and will be disclosed in the course of this initiative.”
The Software Defined Perimeter (SDP) research working groups are now open for participation, collaboration and peer review. More information can be obtained from the SDP site at www.cloudsecurityalliance.org/SDP. CSA is announcing the following initial roadmap for delivery of SDP:
– Software Defined Perimeter Whitepaper. The SDP whitepaper and an overview of the SDP framework will presented at the CSA Congress, December 4-5, 2013 in Orlando, Florida.
– Software Defined Perimeter “Deep Dive”. Detailed information about SDP and a prototype demonstration will be delivered at the CSA Congress Architecture Workshop, December 6, 2013 in Orlando, Florida.
– Software Defined Perimeter “Enterprise Implementation”. An implementation case study of SDP will be presented at the CSA Summit at the RSA Conference, February 24, 2014 in San Francisco.
– Software Defined Perimeter “Hacker Contest”. An educational contest will be held to test SDP in a secured cloud configuration. Live reports will be displayed at the CSA booth at the RSA Conference, February 25, 2014 in San Francisco.
– Software Defined Perimeter “Developer’s Workshop”. Case studies of SDP will be reviewed and a workshop to help organizations seeking to implement SDP will be held at the SecureCloud Conference, April 1-2, 2014 in Amsterdam.
A more complete one year roadmap of SDP activities will be published at the CSA Congress.
About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.