csa presentation - software defined perimeter
TRANSCRIPT
![Page 1: CSA Presentation - Software Defined Perimeter](https://reader031.vdocuments.us/reader031/viewer/2022030202/58a8109d1a28ab3d6e8b6781/html5/thumbnails/1.jpg)
© Cloud Security Alliance, 2016
Software Defined Perimeter
Junaid IslamCo Chair
![Page 2: CSA Presentation - Software Defined Perimeter](https://reader031.vdocuments.us/reader031/viewer/2022030202/58a8109d1a28ab3d6e8b6781/html5/thumbnails/2.jpg)
© Cloud Security Alliance, 2016
Agenda•Architecture•Achievements•Action Plan
![Page 3: CSA Presentation - Software Defined Perimeter](https://reader031.vdocuments.us/reader031/viewer/2022030202/58a8109d1a28ab3d6e8b6781/html5/thumbnails/3.jpg)
© Cloud Security Alliance, 2014.
Security Challenge
Connect to Application
Denial of Service
Provide Credentials
Credential TheftServer Exploitation
MultifactorToken
Connection HijackingAPT/Lateral Movement
![Page 4: CSA Presentation - Software Defined Perimeter](https://reader031.vdocuments.us/reader031/viewer/2022030202/58a8109d1a28ab3d6e8b6781/html5/thumbnails/4.jpg)
© Cloud Security Alliance, 2014.
Security Challenge
Connect to Application
Provide Credentials
MultifactorToken
![Page 5: CSA Presentation - Software Defined Perimeter](https://reader031.vdocuments.us/reader031/viewer/2022030202/58a8109d1a28ab3d6e8b6781/html5/thumbnails/5.jpg)
© Cloud Security Alliance, 2014.
SDP Security Model
Connect to Application
Provide Credentials
MultifactorToken
![Page 6: CSA Presentation - Software Defined Perimeter](https://reader031.vdocuments.us/reader031/viewer/2022030202/58a8109d1a28ab3d6e8b6781/html5/thumbnails/6.jpg)
© Cloud Security Alliance, 2014.
SDP Security Architecture
479729cec9a2187c914df2b3078e320f
1. Dev
ice
Auth2
SDP Controller
SDPGateways
2. User Authentication & AuthorizationEnterprise identity: separation of trustSAML IdP integrated with LDAP groups
0. One time on-boardingClient root of trustDigital artifacts & thin client
3. Dynamically Provisioned ConnectionsApplications isolated and protectedUsability: portal page of applications
3. Dynamic
Connection2. Use
r
Auth2
3. Dynamic Connection
Hosting& IaaS
DMZ &Data Center
SDP
ClientCryptoClientCryptoGatewa
yIP’s1. Device Authentication & Authorization
SPA: anti DDoS, defeats SSL attacksmTLS & fingerprint: anti credential theft
SAMLIdP
IssuingCA
![Page 7: CSA Presentation - Software Defined Perimeter](https://reader031.vdocuments.us/reader031/viewer/2022030202/58a8109d1a28ab3d6e8b6781/html5/thumbnails/7.jpg)
© Cloud Security Alliance, 2014.
Achievements (last 2 years)
• Version 1 specification
• 3 SDP Hackathons (4th in progress)
• Gartner endorsement as “next big thing”
• 4 Workgroups• Enterprise• FISMA Moderate• Auto/IoT• DDoS
![Page 8: CSA Presentation - Software Defined Perimeter](https://reader031.vdocuments.us/reader031/viewer/2022030202/58a8109d1a28ab3d6e8b6781/html5/thumbnails/8.jpg)
© Cloud Security Alliance, 2014.
Action Plan
• 2 new workgroups• IaaS• IoT
• Version 2 specification• Content challenge
• Increased outreach • The future is looks good!
![Page 9: CSA Presentation - Software Defined Perimeter](https://reader031.vdocuments.us/reader031/viewer/2022030202/58a8109d1a28ab3d6e8b6781/html5/thumbnails/9.jpg)
??? ?© Cloud Security Alliance, 2016