Zero Trust is a strategy. Software Defined Perimeter based on mTLS makes it a true solution


Earlier this month there was another high visibility hack that involved  malicious hijacking of more than 8,800 internet traffic routes from 200+ networks, and included the world’s largest cloud and CDN providers including Google, Amazon, Cloudflare and many more.

Border Gateway Protocol (BGP) hijackings have plagued internet backbone providers since the mid-90s. Attempts to bolster the BGP protocol’s security have been ongoing for years but progress has been slow and BGP hijacks continue to happen on a regular basis. And while the Rostelecom hack did not cause major disruption or loss of revenue, it put a fine point on reality.

The big cloud platforms will continue to get hacked regardless if it is BGP, DDoS, SQL injections, Malware, or [insert any successful network hack tactic here].

Business owners still need to protect their critical applications and are losing sleep trying to figure out how they are going to function in a world where they cannot trust their network from the deficiencies of the bigger, unsecure cloud infrastructures they depend on. The current TLS network security construct is no longer capable of securing today’s dynamic critical applications and infrastructure. It can’t be trusted and is “Zero Trust” personified.

As a result, they are starting to look at emerging “deny all” solutions such as Software Defined Perimeters (SDP) based on mutually encrypted mTLS connections proven to protect applications and infrastructure. On an mTLS connection, the server originating a message and the server receiving it exchange certificates from a mutually trusted CA. The certificates prove the identity of each server to the other.

mTLS is a cornerstone of SDP having two-way mutually encrypted connections and is the key to preventing BGP, DDoS, malware  and virtually any unauthorized network access.

Recently there has been much talk about Zero Trust as a strategy but Zero Trust  requires secure dynamic network access to make it a proven solution.  SDPs ensure that once proper access criteria are met, a dynamic one-to-one secure connection is generated from the user’s machine to the specific resource needed. Everything else – including unauthorized connections from that user’s machine – are completely denied making the Zero Trust strategy a truly secure solution.

To learn more, check out this webinar Utilizing a Zero Trust Model to Defend IoT Driven DDoS Cyber Attacks where the CSA endorses the implementation of its own SDP as the most advanced architecture for a Zero Trust strategy. Also, check out this Zero Trust use case utilizing SDP.