More Related Content
Similar to CSA Presentation - Software Defined Perimeter (20)
CSA Presentation - Software Defined Perimeter
- 3. Security Challenge
© Cloud Security Alliance, 2014.
Connect to
Application
Denial of Service
Provide
Credentials
Credential Theft
Server Exploitation
Multifactor
Token
Connection Hijacking
APT/Lateral Movement
- 5. SDP Security Model
© Cloud Security Alliance, 2014.
Connect to
Application
Provide
Credentials
Multifactor
Token
- 6. SDP Security Architecture
© Cloud Security Alliance, 2014.
SDP Controller
SDP
Gateways
2. User Authentication & Authorization
Enterprise identity: separation of trust
SAML IdP integrated with LDAP groups
0. One time on-boarding
Client root of trust
Digital artifacts & thin client
3. Dynamically Provisioned Connections
Applications isolated and protected
Usability: portal page of applications
Hosting
& IaaS
DMZ &
Data Center
SD
P
Client
Crypto
Client
Crypto
Gatewa
y
IP’s
1. Device Authentication & Authorization
SPA: anti DDoS, defeats SSL attacks
mTLS & fingerprint: anti credential theft
SAML
IdP
Issuing
CA
- 7. Achievements (last 2 years)
© Cloud Security Alliance, 2014.
• Version 1 specification
• 3 SDP Hackathons (4th in progress)
• Gartner endorsement as “next big thing”
• 4 Workgroups
• Enterprise
• FISMA Moderate
• Auto/IoT
• DDoS
- 8. Action Plan
© Cloud Security Alliance, 2014.
• 2 new workgroups
• IaaS
• IoT
• Version 2 specification
• Content challenge
• Increased outreach
• The future is looks good!