by Lawrence Pingree | April 30, 2015 | Comments Off on Are Software Defined Perimeters (SDP) in your Future?
Increasingly, we are seeing solutions emerge to address advanced threats that have penetrated the internal network (even internal threats) – most solutions focus on micro-segmentation, network behavior analysis or multi-domain analytics. I continue to have clients that are working to perform internal network and cloud-based segmentation of their networks for security purposes. There are many ways to perform this segmentation, most of which focus on following workloads through some form of API integration with the client’s network hardware or workload management capability, moving towards SDN fabrics or deploying additional hardware firewalls.
One method that seems interesting (at least to me) is endpoint software that helps define what some are calling a “software defined perimeter” to reduce the deployment friction involved with complex integration or orchestration. SDP is often deployed as an agent technology that basically creates a no-trust network stack. Meaning, before packets are allowed to come into and be processed by the endpoint, an authentication step and encryption is performed. One interesting concept related to the endpoint to create dynamic trust was a DARPA project called Introduction Based Routing (IBR) (see http://www.darpa.mil/opencatalog/CyberGenome.html).
An SDP working group has been established at the Cloud Security Alliance (see https://cloudsecurityalliance.org/research/sdp/). The software defined perimeter (SDP) appears to be a very practical technology. SDP has the potential to be quite disruptive to traditional network technologies with positive implications for both enterprise networks and cloud deployments of the future.
What are your thoughts? (please submit your thoughts as comments below)
If Gartner clients are interested in talking about this concept, feel free to ask for an inquiry.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.