Enterprises are rapidly embracing IaaS platforms, and many have made the strategic decision to quickly shift new development and production into these environments. While bringing many benefits, this change also brings with it many security, compliance, and business efficiency challenges – specifically around granting, controlling, and reporting on which users can access which systems and services across a network. Traditional security tools are unable to cope with the speed, scale, and complexity of this new, dynamic world, especially if organizations embrace dynamic release systems such as DevOps. As a result, security teams are unfortunately encountering familiar problems in their IaaS environments, including an inability to keep pace with a dynamic environment, users with over privileged network access, and an inability to easily perform compliance reporting. Cloud service providers are facing similar challenges with IaaS management access.
“Adopting a Software-Defined Perimeter approach can solve these problems, and enable secure, efficient, dynamic, and precise control of user access to IaaS environments,” said Kurt Glazemakers, Cryptzone CTO and technical lead for the SDP for IaaS initiative. “With this initiative, we hope to demonstrate how an SDP can better protect IaaS services for enterprise usage, and deliver uniform, seamless protection of on-premises and IaaS resources.”
“The SDP approach allows enterprises to embrace the dynamic nature of IaaS without compromising security or compliance,” said Luciano ‘J.R.’ Santos, Executive Vice President of Research for the CSA. “By understanding and leveraging an SDP model, organizations can then enable hybrid or multi-platform clouds by abstracting provider-specific configurations, and leveraging consistent policies, identity stores, and processes across their environments.”
Goals of the Initiative include:
- Documenting specific security, compliance, and architecture challenges that arise from enterprise adoption of IaaS
- Exploring how an SDP solution can solve these problems
- Providing architectural and deployment guidelines and best practices for secure IaaS, including the impact of DevOps initiatives
- Influencing the SDP specification to address IaaS-specific requirements
Planned deliverables include:
- Analysis and taxonomy of IaaS-specific security, network, identity, and compliance challenges
- Explanation of how an SDP architecture can address these challenges
- Deployment scenarios and use cases that examine aspects such as network configuration, identity management, authentication, and security groups
