In Part 1 last week, I made the case that Forrester’s concept of Zero Trust has key limitations and that only through the use of SDPs can Zero Trust be truly effective.
Part 2 of 2
A software-defined perimeter (SDP) dynamically creates one-to-one connections between every authorized device, user and the data they access. It addresses the perimeter-less enterprise and is built on three core principles.
- SDPs are identity-centric. Users are authenticated BEFORE they can connect to a network.
- SDPs leverage a Zero-Trust approach so that anyone attempting to access a resource must “authenticate first.” All unauthorized resources are virtually invisible. This applies the principle of least privilege to the network and completely reduces the attack surface. By default, users are not allowed to connect to anything – the opposite of traditional corporate networks, where once a user is given an IP address, they typically have access to everything on the network. Instead, SDPs ensure that once proper access criteria are met, a dynamic one-to-one connection is generated from the user’s machine to the specific resource needed. Everything else is completely invisible.
- SDPs are architected for hybrid environments and are cloud-like. There is no centralized network chokepoint. It’s completely distributed and as scalable as the internet itself. An SDP is engineered to operate natively in cloud networks and are compatible with existing corporate networks, integrating and augmenting security tools and network devices, modernizing your existing investments.
An SDP is the only way to effectively accomplish Forrester’s concept of Zero Trust. It controls overprivileged remote or third-party user access, helps to securely migrate critical workloads to the cloud, and remove constraints on cloud DevOps.
So why is the industry promoting a Zero Trust model when the SDP goes beyond network-centric solutions to address every connection in the environment? Shouldn’t the definition of Zero Trust actually be the definition of the SDP?
Zero Trust is a good start, particularly if it educates the industry and validates the authenticate-first approach. But there must be recognition that to be truly secure, it needs to be connection-based approach than can only be achieved using the SDP and is much more than network connections. An SDP is THE most effective way to accomplish Zero Trust. It ensures that every connection from every authorized user or any device requesting resources has to be secure while at the same time, effectively hides your resources from the unauthorized users.
For Zero Trust to be legitimate and truly secure, it needs to be redefined around the approach and benefits of the software defined perimeter.