In a recent article from CSO Online, analyst Jon Oltsik wrote that many security professionals are unclear about the true meaning of software defined perimeter because of its confusing nomenclature.
According to Oltsik, the term “software-defined perimeter” often fools business leaders into thinking of security applications such as virtual firewalls. SDP, however, involves a new way of thinking about access controls.
This lack of name recognition is unfortunate – SDP is a game changing technology, and its widespread adoption greatly benefit enterprises who are struggling daily to secure their organization’s sensitive data. What should we do about this?
It’s Time to Rebrand the Software-Defined Perimeter
Once again, there are no firewalls involved in SDP. The ordinary use-case is a user accessing a business application from the cloud using an endpoint (although SDP can be applied anywhere). The user must first authenticate with an SDP controller using a number of factors – from device attributes to biometrics – and are then connected directly with their application through an encrypted channel. Importantly, access to the application doesn’t confer access to any other network segments
According to Gartner, SDP is one of the top security technologies in existence. Effectively, attackers outside your network can’t see what applications you’re running, or where you put your data center. Deprived of their ability to perform reconnaissance, attacks ranging from DDoS attacks to advanced threats suddenly become ineffective. As of the end of 2017, however, SDP is only used by by 10% of enterprises.
Oltsik posits that the somewhat bland name of the software defined perimeter positions it as merely one security solution among many, as opposed to what it truly is – something pathbreaking. His suggestion is instead to refer to the platform as “Ubiquitous Secure Access Services (USAS).” USAS, after all, connects any user or device to any application or service, does so in a secure manner that prevents hacker reconnaissance, makes reasonable access policies easier to enforce, and operates as a network service.
There’s More than One Person Trying to Rebrand SDP
Few ideas form in a vacuum, and a number of other companies and individuals are attempting to rebrand SDP to make it more immediately self-explanatory.
- A number of companies have attempted to rebrand SDP as Zero Trust. Zero Trust is not a new term – it was coined by Forrester Research in 2010 to describe a network that would authenticate every connection attempt, both within and without its perimeter. A software-defined perimeter can rely on the zero-trust model, but the two aren’t necessarily the same.
- Meanwhile, another researcher at Forrester has decided to further rebrand Zero Trust itself, arguing that what’s needed now is Next Generation Access. This standard would include multi-factor authentication, single sign-on, machine learning, strong APIs, and more.
Again, there are multiple pre-existing SDP products that fulfil some or all of the stipulations defined by USAS, Zero Trust, Next Generation Access, and more. It’s not inevitable that a single different name is going to take over the collection of features currently known as software-defined perimeter. What’s more likely to happen is something like this:
In other words, be prepared for a large number of vendors to promote a large number of catchy standards which are all still basically SDP.
What’s in a Name?
No matter what the software defined perimeter is actually called, the best proof point is for prospective customers to actually use it. Grab a free trial of our Software-Defined Access Suite today, and learn why this technology represents the future of security.