Understanding software-defined perimeter

In network security, a perimeter of a network of computers and other equipment is formed as a secure barrier protecting digital assets in the network from being accessed and compromised by unauthorized users. In cloud computing, building such a perimeter is challenging due to a wider and likely unknown boundary of multiple overlay networks of cloud services, resources and devices communicating with each other. To overcome this challenge, the software-defined perimeter (SDP) proposed by the Cloud Security Alliance (CSA) can be used to build a manageable secure perimeter for cloud-connected services, resources and devices. So far, SDP has proved to be a strong defense against network attacks under simulated tests and security challenges, hackathons conducted by CSA. In this chapter, we present the SDP specification and also discuss its security features and components, including zero visibility, single packet authorization, mutual transport layer security, device validation, dynamic firewalls and application binding that are behind the successful defense of SDP and a potential solution for securing data in the cloud.