What is a Software Defined Perimeter?

Image of padlock against circuit board/cybersecurity background
(Image credit: Future)

Not so long ago, in order to secure their sensitive data and other IT assets, businesses would strive to develop a network security architecture that would cut off their internal network from the outside world.  To achieve this, they would often use a firewall to block outsiders while allowing insiders to come in and out of the network.

However, this strategy had one fatal flaw, and that is the assumption that all cyber threats are lurking from the outside while everyone that is allowed access to the network can be trusted. This becomes even more true with the rise of cloud computing and the explosion of remote work, meaning that more and more of the company's workers and resources are coming in from outside of the traditional perimeter.

Since both of these changes are here to stay in the year to come, a new approach toward the security of cloud solutions was destined to turn up and it’s called software-defined perimeter (SDP).

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022
TechRadar needs yo...

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Perimeter 81 is one of TechRadar's choices for the best SWG providers

Perimeter 81 is one of TechRadar's choices for the best SWG providers

Protect your employees and network from web-based attacks with a Secure Web Gateway. Filter out malicious threats. Monitor all employee activity. Streamline compliance. Secure your entire workforce, whether on-prem or remote with Perimeter 81. Deploy in minutes. Start now.

 So, what is a software-defined perimeter? 

An SDP is a method of concealing all infrastructure that’s connected to the network (such as servers, operating systems, and wireless protocols) and making it unseeable to outside users. Whether the infrastructure is hosted on-premises or in the cloud, an SDP can be deployed and make it safe. Since an SDP is a piece of software, its deployment process is simpler than with hardware solutions. Also, more apps can be utilized. 

SDP’s deny-all approach allows access to the network only through somewhat complex, mutual authentication of authorized users and devices that are trying to connect. To everyone else, network-connected resources remain outright invisible.

It comes as no surprise that due to its approach to cybersecurity SDP is sometimes referred to as a "black cloud".

What is zero-trust security and what’s its connection to SDP? 

As its name implies, a zero-trust security model assumes that no person, device, and network should be trusted by default. So, before any of them are allowed access to the network they have to pass through rigorous identity verification and prove their so-called trustworthiness.

At the same time, a zero-trust model always gives a chance to all those who want to access the network by asking them a couple of questions that should solve a mystery of their identity. Being identity-centric, a zero-trust security approach always addresses the user's identity in place of the user's IP address.

So, how’s this connected to SDP? An SDP smooths the way for all sorts of companies to implement a zero-trust security model to their private networks and make sure that their apps are secured wherever they are. Not a single device, not even the managing director’s laptop, can’t be connected with their own company’s resources if it isn’t approved as an authorized device.

What does an SDP do? 

For a person, device, or network to be categorized as authorized, they have to pass a multi-stage process we’ll cover right now.

1. Austere user authentication

As it goes with identity-centric access management solutions, SDP securely authenticates its users before granting them access to pretty much anything within the network. While SDP can be easily combined with single sign-on (SSO) solutions, the authentication can involve an uncomplicated combination of a username and a sturdy password or something a bit smarter on security such as multi-factor authentication (MFA) and a hardware token combination. 

Paired with MFA, or other advanced authentication solutions, SDP has the suitable software for revealing the real identity of wannabe network users. This strengthens the company’s security by minimizing its vulnerability to data breaches due to poor credential security (for instance, weak passwords).

2. Device verification

The following step is device verification and it includes checking if the user's device is running on patched up and up-to-date software, inspecting if there are any malware infections, seeing if the hard drive is encrypted, and similar security checkups. This will limit access to a company’s sensitive data and resources to those devices that are compliant with the company’s security policies.

3. Administrator’s approval

After users and devices are authenticated, an administrator gives them the approval to pass through the SDP gateway, which is the actual step of the way where access is allowed or refused.

4. The network connection is secured

As soon as this is achieved, an SDP gateway will open its gates and allow users to go through. On one hand, SDP secures the network connection with user devices, while on the other it ensures a secure network connection with services users have been allowed access to. However, this connection isn’t shared with any other user or server for that matter.

5. User is allowed access

At long last, the user is allowed access to once concealed network data and resources. Now they can continue to use their device as per usual while operating within an encrypted network to which they and the services they’re using belong to.

Applications of SDPs 

While there is a wide array of uses for SDPs, many companies today are opting for them as an alternative to VPNs. These two are often compared, but SDPs and VPNs are considerably different in terms of security, ease of use, and speed performance.

For instance, while VPNs allow all connected users to access the whole network, SDPs don't share network connections, which shows they’re somewhat stronger when it comes to security. Also, VPNs authorize access to the network based on the user's IP address, while SDPs allow access based on identity.

In addition to this, an SDP is often utilized as a part of a multi-cloud security solution, in combination with third-party services to reduce the security risk, or as a way to accelerate and ensure a successful post-merger integration (M&A).

Set up an SDP straight away

With their specific security framework created for micro-segmentation network access, SDPs are a suitable choice for safeguarding any sort of business from potential cyber threats and for bulletproofing their security solutions. What’s more, SPDs might even be able to throw traditional VPNs off their thrones by putting forward stronger security, a umser-friendlier approach, and superior speed performance.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.