csa presentation - software defined perimeter
Post on 18-Feb-2017
324 Views
Preview:
TRANSCRIPT
© Cloud Security Alliance, 2016
Software Defined Perimeter
Junaid IslamCo Chair
© Cloud Security Alliance, 2016
Agenda•Architecture•Achievements•Action Plan
© Cloud Security Alliance, 2014.
Security Challenge
Connect to Application
Denial of Service
Provide Credentials
Credential TheftServer Exploitation
MultifactorToken
Connection HijackingAPT/Lateral Movement
© Cloud Security Alliance, 2014.
Security Challenge
Connect to Application
Provide Credentials
MultifactorToken
© Cloud Security Alliance, 2014.
SDP Security Model
Connect to Application
Provide Credentials
MultifactorToken
© Cloud Security Alliance, 2014.
SDP Security Architecture
479729cec9a2187c914df2b3078e320f
1. Dev
ice
Auth2
SDP Controller
SDPGateways
2. User Authentication & AuthorizationEnterprise identity: separation of trustSAML IdP integrated with LDAP groups
0. One time on-boardingClient root of trustDigital artifacts & thin client
3. Dynamically Provisioned ConnectionsApplications isolated and protectedUsability: portal page of applications
3. Dynamic
Connection2. Use
r
Auth2
3. Dynamic Connection
Hosting& IaaS
DMZ &Data Center
SDP
ClientCryptoClientCryptoGatewa
yIP’s1. Device Authentication & Authorization
SPA: anti DDoS, defeats SSL attacksmTLS & fingerprint: anti credential theft
SAMLIdP
IssuingCA
© Cloud Security Alliance, 2014.
Achievements (last 2 years)
• Version 1 specification
• 3 SDP Hackathons (4th in progress)
• Gartner endorsement as “next big thing”
• 4 Workgroups• Enterprise• FISMA Moderate• Auto/IoT• DDoS
© Cloud Security Alliance, 2014.
Action Plan
• 2 new workgroups• IaaS• IoT
• Version 2 specification• Content challenge
• Increased outreach • The future is looks good!
??? ?© Cloud Security Alliance, 2016
top related