Cisco was in the news recently when it announced the purchase of IAM company Duo Security for $2.3 billion. The move fortified Cisco’s ability to provide IAM and other security features to customers at a time when cloud and mobile computing have all but erased the network perimeter. Cisco customers are now accessing SaaS and cloud-based applications that never touch internal networks and Cisco recognizes that “identity and data are the ‘new’ security perimeters.”

And while Cisco will continue to sell lots of firewalls, IPS/IDSs, and gateway appliances, Duo Security will help Cisco further extend its already broad cybersecurity footprint. In particular, Cisco is acknowledging the need to capitalize on multi-factor authentication (MFA) expansion and make the push into software defined perimeters (SDPs). They recognize SDP as the answer for connecting remote users and a multitude of devices to cloud- and SaaS-based applications through point-to-point trusted and encrypted network tunnels that never touch the corporate network.

SDPs are an obvious VPN replacement, a market segment that Cisco owns and must defend, and Duo’s IAM will enable this for Cisco. With its version of zero-trust connectivity from endpoints to cloud-based assets, Cisco has the potential to offer one of the most comprehensive SaaS and on-premises SDPs to upsell its customer base while competing with the likes of Cyxtera, Google, and Zscaler as SDP takes off.

But there is one important advancement still missing — interoperability between SDPs in cloud and IoT environments.  For Cisco, and all big providers interested in providing SDP as a service to their customers, new APIs that enable secure communications between multiple gateways and controllers are required. It’s not possible yet but the SDP specification 2.0 is underway at the Cloud Security Alliance.

Waverley Labs is a pioneer in SDPs and worked closely with the Cloud Security Alliance’s SDP Working Group that developed the SDP version 1.0 specification for use in protecting a variety of applications.

In 2017, Waverley developed and published the industry’s first reference implementation of an open source SDP based on the CSA specification.  It essentially represented the first reference implementation engineered to reduce risk and secure critical cloud-based applications and IoT infrastructures.

Taking SDP to the next level

When finalized, organizations will use interoperability specs defined in SDP Specification 2.0 based upon Waverley Labs’ reference implementation to define the APIs that allow for interoperability between SDP components in cloud and IoT environments.  It will open a myriad of options for cloud consumers and services to provide SDP as a service to customers with options for secure communications leveraging multi-vendor gateways and controllers.

Large providers like Cisco will be able to leverage gateways from different vendors that can securely communicate with controllers from other companies. It will be enabled by Waverley’s open source reference implementation to define the APIs that allow interoperability, e.g. if you have a gateway from Vidder you can use CISCO’s controller (making them interoperable).

And while we can never expect to be completely safe in a hyper-connected world, by taking this zero-visibility, authenticate first, need-to-know connectivity approach to cyber security, SDPs will change the paradigm and go a long way towards making our systems more secure while keeping users productive.

The new open source reference architecture and repository are now available and can be accessed and downloaded here.