AppGate Blog: Software-Defined Perimeter

Written by Chris Scheels & George Wilkes on July 20, 2020

SDP and Elastic Cloud Gateways – Insight from ESG Research

ESG recently surveyed 376 IT and Cybersecurity professionals in North American organizations regarding network security and the idea of Elastic Cloud Gateways – a convergence of traditionally siloed and disparate technologies unified in the cloud, introduced in August 2019 prior to Black Hat.


We could spend a lot of time drilling into the ECG acronym, but the purpose of this blog is to highlight what the AppGate teams believes to be key findings from the ESG Research report: The Emergence of Elastic Cloud Gateways. We then unpack how a Software-Defined Perimeter helps overcome core challenges and fits into the ESG model.

Network Security Has Become More Difficult

64% of respondents say network security at the edge has become more difficult than it was 2 years ago.  

It is not surprising that organizations with more branch offices, remote workers and cloud usage had a higher propensity to declare network security as more difficult. But why?

The leading reason was an increase in threat sophistication and targeted attacks. The increase of distributed users and mobile devices accessing the network round out the top 3 drivers of increased network security complexity at the edge:


Complexity is the bane of security. With the explosion of point products, defense in depth and overlapping functionality it is difficult for security teams to manage and maintain consistent security policies across multiple and disparate tools. 

The percentage of organizations with at least 40% of their perimeter network security controls delivered from the cloud is expected to double over the next 24 months.   

There is an obvious and inevitable shift toward the cloud, but it is a complex multi-year journey. Many organizations will remain on-premise for the foreseeable future, due to varying challenges. This further complicates network security, because with so many workloads, resources and DevOps migrating to the cloud, legacy and appliance-based technologies can’t scale and fall short of protecting the dynamic edge of today’s modern enterprises. 

What’s more is that many cloud delivered solutions neglect or struggle to fully protect traditional on-premise resources that are not shifting to the cloud. Yes, as much as we love our clouds, the world remains hybrid and disparate.

SDP as an Integral Part of ECG

The Software-Defined Perimeter is not a silver bullet and won’t solve all problems faced by enterprises, but many of these key issues and challenges uncovered in the research (listed above) can be overcome with a Software-Defined Perimeter (SDP). SDP is an integral part of building an Elastic Cloud Gateway to provide secure, granular access to enterprise resources regardless of where they are hosted. 

As previously mentioned, moving toward the Elastic Cloud Gateway model is a journey. There is no single solution available today capable of delivering ESG to its fullest extent. Same goes for SASE and Zero Trust. The ESG research is telling when it boils down to SDP adoption, and we tend to agree.


  • The Innovators: Progressive digital businesses able to adopt modern secure access solutions and use them extensively. Often these organizations are not hindered by legacy investments and are cloud first.
  • The Early Adopters: Those using SDP selectively are on their journey toward ESG, Zero Trust or SASE (pick your preference). They’ve identified key use cases within their organization to introduce modern secure access solutions. Swapping out a network architecture that took 5, 10, even 20 years to build doesn’t happen overnight; it’s a journey and the beauty of SDP is that it is very use case friendly:
    • Remote User Access / VPN Replacement
    • Secure Cloud and Hybrid Access
    • True Café Style Network
    • DevOps, 3rd Party Access or M&A
    • Securing Legacy Applications
    • Securing Unmanaged Devices
  •  The Early Majority: The number of organizations planning or indicate interested in SDP has likely increased given the recent COVID19 pandemic – this survey was conducted before mass remote workforce initiatives. Most start with a VPN Replacement and scale from there.  
A Fortune 10 AppGate customers is rolling out a complete enterprise wide legacy network infrastructure replacement with SDP, creating an ultra-secure (Zero Trust) 100% Café style network for hundreds of thousands of users while saving millions in appliance-based technology. As our customers and the 9% of extensive adopters can attest, SDP is a complete and comprehensive secure access architecture that secures resources in the cloud, on-premise, datacenter and all hybrid networks. 

While on the journey to a complete secure access infrastructure, the key is to focus on use cases that pose the biggest risk or pain today, then continue to add new uses cases, until you have a complete Café network requiring only BYO Layer 2 access.

SDP is not another point solution, it is a holistic secure access platform that covers any user, any device, any resource, in any location. It protects corporate resources regardless of location: datacenter, on-premise, colocation, public or private cloud. It secures access from all devices:  desktops, servers, laptops, tablets, phones and even IoT devices –– all in one solution with a unified policy model.

No Two Organizations are the Same. Solution Flexibility is Critical.

The number one ranked attribute for Elastic Cloud Gateway’s to include is flexibility. Requiring a solution that has the ability to scale performance and features as needed to meet changing needs of business. AppGate's SDP solution is an enterprise-grade solution that is fully redundant, and highly available. It is built for the cloud with nearly unlimited linear scale and can dynamically adjust performance based on business demand or lack thereof. Furthermore, rich bi-directional APIs allow you to weave secure access into the very fabric of your network, IT, business and security systems.



Parting Thought

AppGate’s Software-Defined Perimeter enables the journey of planned migration to fully cloud delivered network security solutions. Like the research, we agree there is a rapidly growing shift away from appliance-based solutions to cloud delivered solutions such as SDP. Again, this is a process that takes time and a comprehensive solution needs to be able to exist and secure both worlds in a hybrid fashion until such a day. SDP is architected from the ground up for such a journey. It is network infrastructure agnostic and supports hybrid and heterogeneous environments. 

A Few Ways to Learn More:

Source: ESG Publication, The Emergence of Elastic Cloud Gateways, July 2020.