Mobile and cloud technologies may not have entirely erased the network perimeter, but they’ve certainly punched a number of holes in it. As a result, organizations must rethink traditional network security practices.
For decades, IT security was designed to create a hardened perimeter that shielded the company network from the outside world. However, organizations today are highly dependent on external sources of data, applications, and services. While they can no longer wall themselves off from these external resources, they must have some degree of oversight. Malware and other advanced threats frequently piggyback on web apps to get inside the network.
The need to ensure the safety of traffic moving back and forth between public and private sources is leading to rapid uptake of the software-defined perimeter (SDP), a security approach that focuses on software rather than traditional physical security measures. Analysts with the Market Prognosis research firm say the SDP market will grow at a compound annual rate of 36.7 percent to reach $10.9 billion by 2023.
Much of this growth may be driven by organizations implementing SDP to replace traditional VPNs — Gartner has predicted that 60 percent of enterprises will do this by 2021. At issue is the cumbersome way VPNs treat remote access to cloud-based applications, requiring traffic to be backhauled through the data center. This adds latency and creates a network chokepoint.
The SDP approach evolved from work done at the U.S. Defense Information Systems Agency and has been formalized as a specification published by the Cloud Security Alliance (CSA). SDP uses encryption to “black out” certain segments of the network so they cannot be detected by unauthorized users. If they can’t be seen, they can’t be compromised.
In traditional security models, a user who is verified at the perimeter — whether authorized or not — can see and potentially access everything within the network. SDP, on the other hand, protects network resources through the use of session-specific controls based on contextual variables. In addition to the user’s identity, SDP looks at location, time of day, the device being used, and its security posture to determine which network segments the user is permitted to access.
SDP also provides security controls at the content level within a secured network segment. Even after a user is authenticated, SDP uses classification and encryption to ensure that sensitive data can only be accessed by users with proper authorization. User activity can also be restricted — for example, users can be prevented from downloading data or attaching a sensitive file to an email. Best-in-class SDP solutions maintain logs and audit trails that allow IT to tack and analyze anomalies.
In addition to advanced protection, SDP solutions bring new levels of simplicity and automation to the security infrastructure. By combining device authentication, identity-based access, fixed perimeter and dynamically provisioned connectivity controls, an SDP strengthens security while reducing management complexity.
Cloud and mobile technologies are enabling increased efficiency and productivity in the workplace, but they also introduce some unique security risks. With the ability to cryptographically black out sensitive network resources, the software-defined perimeter creates an effective defense. Hackers can’t attack what they can’t find.
Reach out to a Rahi Systems representative today to learn about our network services and solutions to see how we can help you create a secure permitter and ensure the safety of your data. Whether it’s stored locally or in the cloud, our team of skilled professionals can help!