Move over VPN, SDP has arrived

Move over VPN, SDP has arrived
(Image credit: TheDigitalArtist / Pixabay)
About the author

Kurt Glazemakers is the CTO Secure Access at Cyxtera.

In the beginning, the internet was a comparatively simple system intended for the quick and easy distribution of data amongst a small group of researchers. Today, it impacts and defines every aspect of our lives. 

Humans, devices, and advanced technologies like AI are sharing data at volumes and speeds unimaginable at its inception. Not to mention that the Internet wasn’t conceived with security in mind, so security measures have evolved over time to solve problems as they were discovered. This challenging climate requires us to evolve our security programs to survive.

VPNs have had their day

Virtual Private Networks (VPNs) were introduced more than 20 years ago to enable safe, remote access to the Internet through a point-to-point, secure connection. They achieved this by creating a ‘tunnel’ which could only be entered by suitably encrypted data. While VPNs were fit for this purpose decades ago, they cannot offer protection against today’s complex environment of 5G and IoT, as well as sophisticated attacks like NotPetya

The scale of today’s security breaches can seriously derail a business. As such, companies cannot afford to hold onto legacy security solutions that don’t provide full coverage. Instead, a new way forward is essential, one that improves security and provides enterprises with superior network access control. Enter the Software Defined Perimeter (SDP).

SDP – a new solution for a new era

The power of the SDP is that it is designed to address the way we use the Internet and the technologies it enables. It does away with the encrypted tunnel and replaces it with dynamic, one-to-one, micro-segmented network connections between users and the resources they have authority to access. This provides security that supports the way businesses need to operate today.

SDP supports a  Zero Trust model, which means that each time a user – be they human, IoT device, or AI programme – attempts to access a resource they will have to be authenticated and authorised, using multiple checks, before gaining network access. All other resources that users haven’t been authorised to access will remain invisible to them. This is in stark contrast to traditional VPNs where once someone has access to one part of the network they can see and gain access to everything, regardless of whether it’s relevant to them.

To simplify things, picture a hotel. In a VPN solution any user allowed through the main doors will be able to access any and all rooms. In contrast, in a SDP solution, a single room will be visible and multiple keys required to unlock that one door. 

Enhanced network access rules

SDPs don’t just deliver improved security, they also simplify network access rules. This is critical as many businesses struggle to keep track of their network access rules and who created them, or have more rules than their limit allows. This creates significant network management problems and security gaps, increasing cyber vulnerability. 

SDP can automatically generate rules for short term access and then delete them when they’re no longer needed. This reduces the number of rules needed, while restricting network access control – both of which increase control and visibility over the network. Furthermore, a full list of rules can be produced within a matter of minutes, simplifying network administration and in particular the auditing process.

Don’t fall behind

The Internet and the technologies that rely upon it have brought a vast range of opportunities to businesses, but also profound new risks. The uses and misuses of the Internet are becoming ever more complex, and this isn’t going to change. 

VPNs temporarily filled the security gap, in the absence of a more sophisticated solution. However, they’re insufficient in the modern climate. Only SDP can provide enterprises with a secure network access solution which also simplifies network administration and improves ease of use. Move over VPN, SDP has arrived.


Kurt Glazemakers is the CTO Secure Access at Cyxtera.

Kurt Glazemakers

Kurt Glazemakers is the SVP Engineering at AppGate. Kurt is responsible for defining the strategy, development and roadmap of the next generation of AppGate's flagship Software-Defined Perimeter solution. Glazemakers was the independent technical expert within the Medina Capital investment team that exercised due diligence prior to the acquisition of Cryptzone in April 2014. Glazemakers is renowned for his extensive knowledge of software development, especially in the Software-Defined network and storage area. Prior to joining AppGate, he served as CTO of CloudFounders, a developer of advanced private cloud technologies for IT as a service (ITaaS) solutions.

He also served as Terremark’s CTO Europe (now part of Verizon), where he was responsible for the development of Enterprise Cloud. Throughout his career, Glazemakers has focused on the development of innovative solutions that increase the availability, security and scalability of mission-critical infrastructures.