Containers alone are not the answer


InfoWorld recently published an article by the renowned cloud expert David Linthicum. In the article Linthicum noted how the Covid pandemic and remote workforce is fueling cloud adoption and then clear described two cloud architecture problems that are still unresolved.

Edge devices and multicloud security continue to hinder advancement of effective and secure multicloud environments. Linticum described how these problems are creating development environments where cloud security architects are forced to use whatever cloud-native security is available for each cloud brand, making it more complex and more difficult to operate by the security operations team.

The cloud era is marked by the rapid adoption of containers from Docker, of software to deploy and manage containers like Kubernetes and Red Hat’s OpenShift. Securing multi-cloud applications while enabling CI/CD at scale is posing new challenges.

Modern applications are a collection of microservices and moving these applications to production is introducing new attack surfaces. Zero Trust, an increasingly popular buzz word, suggests a new model for securing modern applications running in multi-cloud environments. Traditional network perimeters are disappearing and so is the model that suggests we trust everything inside the perimeter. torted so relying on the model that grants access and then authorizes users isn’t effective. Zero Trust as a model addresses the multi cloud challenge that Linticum discusses.

While Waverley Labs is in 100% agreement with Linthicum, we believe that Software Defined Perimeter, SDP, solves for the multi-cloud security and potentially the edge computing dilemma.

Waverley Labs is a pioneer in the development of Software Defined Perimeters (SDP). We continue to work closely with the Cloud Security Alliance (CSA) to develop the SDP version 1.0 and 2.0 specifications. Organizations are starting to use interoperability specs defined in SDP Specification 2.0 based upon Waverley Labs’ reference architecture to define the APIs that allow for interoperability between SDP components in cloud and IoT environments. It is opening a myriad of options for cloud consumers and services to provide SDP as a service to customers with options for secure communications leveraging multi-vendor gateways and controllers.

Our deployment of SDP to support a Zero Trust strategy is documented in new CSA research that I co-authored. Titled Software Defined Perimeter (SDP) and Zero Trust the paper evaluates the use of SDP and illustrates how a Zero Trust implementation using SDP enables organizations to defend new variations of old attack methods that are constantly surfacing in perimeter-centric networking models.

Waverley Labs also developed a proprietary gateway that differentiates it from other SDP offerings and is proving to be the key to developing a true Zero Trust solution.

Recognized by Gartner and Forrester, Waverley’s SDP Zero Trust deployment can deny risky transactions based on a single packet analysis revealing a lack of positive identification.  When applied to network connectivity, SDP is agnostic of the underlying IP-based infrastructure, allowing it to hone in on securing all connections making it the best architecture for achieving Zero Trust security for mission critical applications in cloud and multi-cloud environments.

As organizations continue to deploy containers and use software-defined networks, there are still questions around how to authenticate devices and authorize users to a specific application BEFORE granting access to the network.  Software Defined Perimeter solves this by hiding an application from the internet and enabling authorization before access.  Deny all, authenticate first.  This is what Waverley Labs’ SDP and proprietary gateway enables – and at scale.

For more information on SDP, check out this white paper from Waverley Labs or email to implement SDP.

We hope Mr. Linthicum sees this blog and we would love to discuss and demonstrate Waverley Labs’ SDP for Zero Trust at his convenience.