With the advent of virtualization and the cloud, IT changed overnight. We went from securing static, definable networks and services to ones that are now highly dynamic. IT is now anything but static and everyone has access to your services and devices.
Cyber security had to change and the revolution started with key contributions from a few folks – Junaid Islam, Bob Flores, Jeff Swietzer, whom I met at a NIST conference and jumped in with two feet to help them create the Software Defined Perimeter (SDP) specification, a highly regarded security protocol. The protocol advocates an authenticate-first approach for securing every connection to a predetermined service, application or critical infrastructure that remains hidden. The primary effect of the SDP architecture is that it transforms the application infrastructure into an effectively invisible or “black cloud” environment that shows no domain name system (DNS) information or IP addresses.
The Cloud Security Alliance has collaborated in development of the SDP for cloud environments and published version 1 of the specification that follows NIST cyber security guidelines and adopts key security features from the DoD and the intelligence community. SDPs have been called “game changing” and represent the new paradigm for enabling significant risk reduction – particularly for organizations rewriting code for new security frameworks, embracing mobile technologies and IoT while needing to meet compliance deadlines.
The Department of Homeland Security (DHS) funded Waverley Labs to deliver the first and only open source reference implementation of SDP for the distributed denial of service use case. Many other use cases have since been identified and the open source components are available here. Waverley Labs is now dedicated to running the center, creating a robust community and spearheading the revolution.
The SDP Center is your resource for learning about and deploying SDPs as integral to reducing your attack surface and proactively implementing protections from malicious cyber threats while helping you focus mostly on the insider threat.