Search
Appgate SDP
SDP Overview
Learn how Appgate SDP reduces risk and complexity, and why it's the industry's most comprehensive Zero Trust network access solution.
How Appgate SDP Works
Find out about the inner-workings of the most flexible and adaptable Zero Trust Network Access solution available today.
SDP Integrations
Explore security, IT and business-system integrations that can enhance and help you adapt Appgate SDP to your existing workflows
SDP for Developers
Access developer tools and resources to maximize the value of your Appgate SDP deployment.
Zero Trust Network Access for:
Risk-Based Authentication
Overview
Learn how Risk-Based Authentication provides a frictionless, intelligent and data-informed approach to user authentication.
Strong Authentication
Find out how you can provide secure, frictionless access with the right multi-factor authentication method.
Transaction Monitoring
Explore the tools you can use to intelligently identify and prevent online fraud.
Behavioral Biometrics Service
Learn how behavioral analysis and machine learning stop fraudulent online web activity in real-time.
Secure Consumer Access for:
Digital Threat Protection
Overview
Discover how you can gain unparalleled threat visibility and the risk management tools that enable early identification and elimination of potential attacks.
Key Features
Take a deep dive into the features and tools contained within our industry-leading Digital Threat Protection (DTP) solution.
SECURE NETWORK ACCESS

Brent GaynorDecember 14, 2020

Beware the SDP in Sheep’s Clothing

Expanding on what a real Software-Defined Perimeter is and how it provides better business agility.

Share

Optiv posted an interesting blog in mid-2019 outlining the key differentiators of the SDP standard to educate readers on what is, and is not, an SDP as defined by the Cloud Security Alliance SDP specification. The standard was developed to provide a concise and purposeful architecture for secure enterprise access. The contemporary techniques of real SDPs are inherently more secure and offer a higher degree of agility for operational efficiency at enterprise scale than other technologies masquerading as SDP.

In this blog, we cover three additional signs that a solution is grounded in the true definition of SDP:

  • Conditional access
  • Adaptable architecture
  • Business agility

We’ll also highlight some features to look for to ensure the highest-level operational agility, efficiency and scaling of your secure access strategy. Why should you care? Because an ideal architecture that can evolve and grow with the business creates efficiencies while ensuring compliance and eliminating security gaps.

Conditional Access

The notion of the perimeter as we once knew it is dead, but that doesn’t mean that perimeters don’t exist. The new perimeter paradigm will consist of micro-perimeters. A Software-Defined Perimeter is exactly this — micro-perimeters that are defined by software as opposed to antiquated perimeters bound by hardware. It provides a secure path from the accessing device through the network to the destination resources in a manner that both insulates and isolates authorized users from external threats and access beyond their permissions. A true SDP solution provides micro-perimeters. A micro-perimeter is a unique per-instance path that is conditionally activated to create a segment of one between the user and resource. The use of the word “conditionally” is not accidental. Access for each user is subject to frequent reassessment. In a true SDP solution, these conditions are configurable and programmable via API.

A micro-perimeter simplifies compliance. Activity is logged and tracked on a user, device, application and contextual basis. This audit trail shows access granted for each micro-segmented network, including user, device type, device posture, MFA, location and more. And because resources are isolated, the audit scope is significantly reduced. Attackers can’t even perform the most basic reconnaissance — such as port scans — because the network resources are invisible.

Adaptable Architecture

Another unique benefit of SDP is the “Software-Defined” bit. SDP provides a layer of adaptability that cannot be emulated with existing software or hardware models. Because tomorrow’s needs are unknown, you need the ability to pivot with minimal disruption. Whether this means deploying in a VM, as part of a container, or embedded in a device, a software-defined architecture provides the portability of a Zero Trust perimeter across an increasingly wide variety of unforeseen use cases.

Additionally, the adaptable architecture offers the ability to extend your security to employ the same high availability and scale found in enterprise cloud software. As a software-defined security framework, autoscaling for instances within a cloud is available - whether for demand-based scaling or auto-deployed instances to protect and maintain security posture for new resources. Think of the later mechanism as running “security as code”.

Business Agility

The digital nature of business necessitates ad-hoc access to do everything in today’s world. Customer data is needed for marketing, sales and demographic analysis. Intellectual property may be accessed for shared industry research or outsourced engineering, and operational metrics are frequently used across organizations for efficiency and cost analysis.

Over time, ad-hoc and unforeseen access demands result in the toggling of permissions and policies. This creates unrecoverable “security drift” where overworked administrators and security operators (SecOps) don’t recall nor understand the reasoning for the original granting of permissions. This creates an overexposed network.

SDP mitigates much of this drift. A properly designed SDP with a unified policy model provides control and flattens the access policies in a way that a typical legacy environment consisting of firewalls, ACLs, security groups, NACs, VPNs and identity providers simply cannot.

Lastly, agility demands an API-first approach to provide sufficient touchpoints to inject workflow policies that integrate with ITSM’s and other business systems to provide conditional- and human-validated access.

Workflow integrations such as these enable security to offer access for services and upgrades that would otherwise require manual intervention. Further, the ability to bind SDP to workflows provides a clear audit trail highlighting when and where the access was granted and revoked.

Summary

SDP is much more than a rebranding of remote access, it’s a set of architectural principles, which facilitate agile business needs that not only outperform but also empower new business models and drive operational efficiencies. We are just getting started, but as we deploy SDP-enabled environments these are some of the capabilities which differentiate a true Software-Defined Perimeter from the pretenders.

Learn More About SDP:

Receive News and Updates From Appgate