CSA Presentation - Software Defined Perimeter
9
© Cloud Security Alliance, 2016 Software Defined Perimeter Junaid Islam Co Chair
-
Upload
vishwas-manral -
Category
Technology
-
view
324 -
download
1
Transcript of CSA Presentation - Software Defined Perimeter
© Cloud Security Alliance, 2016
Software Defined Perimeter
Junaid IslamCo Chair
© Cloud Security Alliance, 2016
Agenda•Architecture•Achievements•Action Plan
© Cloud Security Alliance, 2014.
Security Challenge
Connect to Application
Denial of Service
Provide Credentials
Credential TheftServer Exploitation
MultifactorToken
Connection HijackingAPT/Lateral Movement
© Cloud Security Alliance, 2014.
Security Challenge
Connect to Application
Provide Credentials
MultifactorToken
© Cloud Security Alliance, 2014.
SDP Security Model
Connect to Application
Provide Credentials
MultifactorToken
© Cloud Security Alliance, 2014.
SDP Security Architecture
479729cec9a2187c914df2b3078e320f
1. Dev
ice
Auth2
SDP Controller
SDPGateways
2. User Authentication & AuthorizationEnterprise identity: separation of trustSAML IdP integrated with LDAP groups
0. One time on-boardingClient root of trustDigital artifacts & thin client
3. Dynamically Provisioned ConnectionsApplications isolated and protectedUsability: portal page of applications
3. Dynamic
Connection2. Use
r
Auth2
3. Dynamic Connection
Hosting& IaaS
DMZ &Data Center
SDP
ClientCryptoClientCryptoGatewa
yIP’s1. Device Authentication & Authorization
SPA: anti DDoS, defeats SSL attacksmTLS & fingerprint: anti credential theft
SAMLIdP
IssuingCA
© Cloud Security Alliance, 2014.
Achievements (last 2 years)
• Version 1 specification
• 3 SDP Hackathons (4th in progress)
• Gartner endorsement as “next big thing”
• 4 Workgroups• Enterprise• FISMA Moderate• Auto/IoT• DDoS
© Cloud Security Alliance, 2014.
Action Plan
• 2 new workgroups• IaaS• IoT
• Version 2 specification• Content challenge
• Increased outreach • The future is looks good!
??? ?© Cloud Security Alliance, 2016
