What is a software defined perimeter?
Information access and identity management controls have never been more in the data developer news-stream as they are today.
Software Defined Networks (SDN) have a massive part to play in terms of the way cloud architectures are now being constructed to operate, many of which will be multi-tenant deployments with complex integration gateway challenges.
Building virtual barriers between different services, different computing instances, different analytics operations, different data workflows and different layers of a complex cloud infrastructure requires that we create a system of delineation — so how do we draw those lines?
Increasingly prevalent in this space is the notion of Software Defined Perimeter (SDP) principles.
As previously discussed on Computer Weekly, a Software Defined Perimeter approach can form part of a multi-layered approach to network security using a zero-trust model.
Black cloud, device posture
Software Defined Perimeter has also been called a ‘black cloud’ — it evolved from work done at the Defense Information Systems Agency (DISA) in the USA.
Connectivity in a Software Defined Perimeter is based on a need-to-know model, in which ‘device posture’ and identity are verified before access to application infrastructure is granted
You might even call a Software Defined Perimeter a means of creating an ‘air gapped network’ in many ways.
As noted at the above link on TechTarget, examples of this type of application access are legion and might encompass healthcare clinical networks, industrial control networks, broadcast networks, retail payment networks etc.
Working in this space is Luminate.
Azure integration
The firm’s technology for secure access to corporate applications in hybrid cloud environments has now announced that its agentless Secure Access Cloud platform is integrated with Microsoft Azure.
What this means for users is direct, secure access to applications and services deployed on Azure.
“Traditional security tools that were effective for on-premises datacentres can take months to configure when the datacentres are distributed and involve cloud hosting. Once in place, these tools may provide users with excessive access to the entire network and increase the network attack surface,” said Luminate CEO Ofer Smadari. “Luminate provides fast and secure access to applications that are hosted on Microsoft Azure without backhauling traffic through the VPN or DMZ. Luminate’s platform takes only five minutes to configure and can be dynamically managed with ease.
Luminate’s platform also integrates with Azure Active Directory for authentication and policy management throughout the lifetime of the user’s session.
As cloud momentum continues, Software Defined Perimeters will (very arguably) now grow… what will (again, arguably) be interesting is how the major cloud platform players work with specialist providers to create secured zero-trust architectures and drive us towards what could 100% API driven infrastructures that are capable of integrating with automation and orchestration tools.