The Software-Defined Perimeter and IaaS: A New Initiative

By Kurt Glazemakers, CTO, Cryptzone

As enterprises embrace infrastructure as a service (IaaS) platforms, shifting new development and production into these environments, they face some challenges due to the dynamic nature of IaaS. Security, compliance and business & IT efficiency – specifically around granting, controlling, and reporting on which users can access which systems and services across a network – become major concerns.

The problem is that traditional security tools are unable to cope with the speed, scale, and complexity of this new, dynamic world, especially if organizations embrace dynamic release systems such as DevOps. As a result, security teams are unfortunately encountering familiar problems in their IaaS environments, including an inability to keep pace with a dynamic environment, users with over-privileged network access, and an inability to easily perform compliance reporting. Cloud service providers are facing similar challenges with IaaS management access.

Putting the Software-Defined Perimeter to use
A Software Defined Perimeter (SDP) helps solve these issues by establishing one perimeter for each user, effectively creating an individualized perimeter – a network ‘segment of one’. This segment of one delivers fine-grained authorization, contextual awareness and fewer hard-coded rules for IT and security teams to manage.

At Cryptzone, we are seeing great adoption of SDPs. And adoption is only set to increase.  Customers, partners and prospects increasingly want to apply SDP to cloud environments – both on-premises and cloud-based IaaS and for DevOps.

Leading the industry with a new SDP for Infrastructure as a Service (IaaS) initiative
Today we are pleased to announce the formation of a new SDP for IaaS Initiative with the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment.

We want to help lead the industry to define the problem and apply SDP as part of the solution for IaaS. Our goals for the Initiative include:

  • Documenting specific security, compliance and architecture challenges that arise from enterprise adoption of IaaS
  • Exploring how an SDP solution can solve these problems
  • Providing architectural and deployment guidelines and best practices for secure IaaS, including the impact of DevOps initiatives
  • Influencing the SDP specification to address IaaS-specific requirements

We aim to deliver with CSA an analysis and taxonomy of IaaS-specific security, network, identity, and compliance challenges, explanation of how an SDP architecture can address these challenges and deployment scenarios and use cases that examine aspects such as network configuration, identity management, authentication and security groups.

We want you!
If you want to help change the cloud security space, we want you! We’re actively seeking participation from enterprises, cloud providers, and technology vendors to collaborate on the creation of the deliverables listed above. This effort will begin in March 2016, with a goal of producing initial version of documents by Q3 2016. To participate contact Jason Garbis at jason.garbis[at] or learn more at the CSA.

Leave a Reply

The name and email fields are solely used to comment on posts. Cloud Security Alliance does no further processing of this data. See Section 3 of the CSA Privacy Policy for details.

Share this content on your favorite Social Network.