Well, you have been following our blogs, reading about our vociferous appeal to transform your WAN with the Lavelle Networks SD-WAN platform. There has been a lot of news and press about how to do network security the right way in this new world of Software Defined “Everything”.
If you are anxious, that there is no answer to modernise your security architecture, well, help is at end. There is a brand new concept which has been gaining popularity as THE SECURITY ARCHITECTURE of choice in a cloud first, digital always, world. Beginning from Google’s path breaking work to move all their internal enterprise workloads to the Google Cloud, so that security is done the right way. The concept is born from the fact that in today’s modern enterprises all the data and information is really in the cloud, and no longer in the premises. So just like when banking was invented, we really only needed to secure access to our bank accounts, as cash assets was not at home any more, we will see the same trend come to our enterprise data. SD-WAN helps you transform your network for the cloud, so it is only apt that we bring to you our note on SDP – Software Defined Perimeter.
In an SDP architecture, we acknowledge that our enterprise perimeter is no longer the physical network edge like a branch WAN link or a DC link, which is where we typically placed firewalls and security appliances. The SDP paradigm says that our network is in the cloud, and the perimeter is virtual, so let’s move the security enforcement also to that virtual perimeter in the cloud. In a true sense, it is your software defined network perimeter which extends all over your cloud – public or private. Of course, SDP works best when you have mostly web enabled or web based native or hybrid applications. A lot of the SDP enforcement techniques are built on the basis of an all-HTTP application world, which is a very fair assumption in 2018.
Software Defined Perimeter (SDP)
Basic framework of SDP
- A zero trust architecture, which does not assume that any traffic should be trusted by default. Everything has to authenticate and authorise.
- It uses the triumvirate of modern access – device, user, application to establish different models for each combination. For eg; you accessing your enterprise email from your phone is a different access pattern from your friend accessing their email from your phone.
- A set of distributed network proxies are deployed in the cloud, and no user can get to your cloud applications without going through these designated virtual perimeter touch points.
- Given the increasing sophistication of attacks, in SDP, we do not assume that an authenticated user means every transaction can be trusted. Every application transaction (read REST API) is verified for breach or access anomalies.
- SDP is agnostic to whether the end application is in your private cloud, public cloud or even the cloud provider
- The fundamental transition is that inspecting at the network level is not sufficient, all security inspection needs to happen at the access pattern level (which device, which user, which application, which exact application transaction) to completely provide rock solid security
- Being software defined, and cloud based, SDP is resilient to DoS, DDoS, Man in the Middle, Injection attacks.
Do we need SDP so soon?
Well it depends on how behind you are in your Digital Transformation initiatives. If you are like the customers we meet, there is a tearing need to be modernise IT applications, move them to the cloud, take more and more of your business online. In such a case, you should look carefully at an SD-WAN + SDP architecture, which gives you best of breed networking and best of breed security and ensures you are ready for the new digital world of business.
SDP is designed to address the security concerns of the enterprises wanting to strike balance between innovation and compliance. And like the folks at Google figured, if SDP allows you to trust your cloud finally, then everything else will fall into place anyway.
Going back to the banking example in the beginning, we breathe easy now that our banking assets are protected, so we can move from any bank to any bank. Kind of like the hybrid cloud challenges enterprises face. Use SDP and you are automatically on the way to the world we all know we will live in – hybrid, hybrid and more hybrid cloud.
At Lavelle Networks, we pride ourselves in always providing the best information and inputs when it comes to your decisions and choices for next generation enterprise networking. So take a look at SDP and reach out to us, if you would like a trusted friend to talk through this about.