CSA releases Software Defined Perimeter 1.0
The Cloud Security Alliance (CSA) announced at Infosecurity Europe 2014 the release of two key documents related to the CSA’s Software Defined Perimeter (SDP), an initiative to create the next generation network security architecture. The SDP Version 1.0 Implementation Specification and SDP Hackathon Results Report provide important updates on the SDP security framework and deployment in protecting application infrastructures from network-based attacks.
The SDP, a collaboration between some of the world’s largest users of cloud computing within CSA’s Enterprise User Council, is a new approach to security that mitigates network-based attacks by creating dynamically provisioned perimeters for clouds, demilitarized zones, and data center infrastructures.
The SDP Version 1.0 Implementation Specification provides a detailed description of the base architecture. It provides the necessary information to design and implement a highly secure network system for a wide variety of use cases.
As part of the updated framework, key concepts comprising the SDP, such as Single Packet Authorization (SPA) and Mutual Transport Layer Security (TLS) have undergone extensive review. Additionally, a number of CSA members, including some of the largest global companies, have SDP pilots in place.
Also being released today, the SPD Hackathon Results Report Whitepaper provides a detailed explanation of the SDP concept, its multiple layers of security controls, and the results of the hacking contest. The Hackathon, announced by Alan Boehme of Coca Cola at the CSA Summit at RSA 2014, invited hackers worldwide to attack a server defended by the SDP. While more than 10 billion packets were fired at the SDP from around the world, no attacker broke through even the first of five layers of security controls specified by the SDP architecture.
“The Hackathon provides critical validation for the multi-layer SDP security model. Even after 10 billion attack packets, no one was able to crack even the first layer of SDP security controls during the event,” said Junaid Islam, co-chair of the SDP Working Group and CTO of new CSA corporate member Vidder, Inc. “Its the goal of this research initiative to keep testing SDP against real life attack scenarios to provide the highest level of security for cloud, mobile computing and the Internet of Things applications.”
In releasing the SDP Version 1.0 Implementation Specification, the SDP working group is providing the industry with a validated and proven concept for cloud-based security models and has also announced an open call for participation for the development of version 2.0. According to Bob Flores, former CTO of the CIA and Chief Executive Officer of Applicology Incorporated and SDP Working Group Co-Chair, now is the time for interested experts to get involved. “Today’s release of SPD 1.0 will enable sufficient industry participation and feedback to allow CSA to release version 2.0 at the CSA Congress US taking place Sept 17-19 in San Jose, CA.”
“The new SDP specification, together with the results of the Hackathon, represent the tremendous progress and confidence we have in making this framework part of every organization’s security posture in the future,” said Jim Reavis, CEO of the CSA. “Now it is time for the industry to join us in the next phase of the SDP, version 2.0, to make the framework stronger and even more secure against outside attacks.”
CSA has several activities and new deliverables planned for SDP. This includes technical specifications, use cases, sample implementations and more hacking contests. Go here to learn more and volunteer.