There is a solution emerging but going unnoticed


An article in FCW Mobile apps demand collides with security concerns addressed the growing security challenges related to increasing adoption of mobile devices in the government workplace. Increasingly, workers are using mobile devices to access new cloud-based applications containing sensitive data that are not adequately protected.

The article quoted various government officials who described the inflexible nature of today’s mobile security solutions and how they are constantly evaluating new threats that also distract from identifying possible preventative measures and solutions.

And the article accurately concluded that a majority of the problems are related to a growing number of software vulnerabilities.

It is the epitome of irony. By definition, the appeal of mobile computing is flexibility. However, the environment for mobile is increasing inflexible when it comes to the current security controls. The inherent nature of mobile creates a much more complex environment where security is increasingly difficult when you consider:

  1. Today’s mobile applications are user aware
  2. Today’s network and firewall gateways are network aware
  3. Today’s clients are device aware

A truly secure solution is extremely challenging for today’s network-centric security controls. It requires you integrate all three AND not expose any new or existing software vulnerabilities. And the cold hard reality is that software vulnerabilities are not going away anytime soon.

So the question become how do you operate flexibly and securely given that vulnerabilities and complexity will continue to exist?  And it is frustrating when there is a proven solution has arrived that is going largely unnoticed.

The Software Defined Perimeter (SDP) is a fundamentally different, “authenticate-first” approach that secures every connection to a predetermined service, application or critical infrastructure. The primary effect of the SDP is that it allows good packets and connections while dropping bad packets and preventing bad connections.

The SDP, or “Black Cloud,’ shrouds the application (or IT environment) to all but authorized users and devices and it automates the analysis of applications and assets to identify critical points of failure. SDP combines and integrates on-device authentication, identity-based access, and dynamically provisioned connectivity to hide critical applications from hackers. In addition, SDP can be used in government applications, such as enabling secure access to FedRAMP-certified cloud networks, as well as enterprise applications such as enabling secure mobile phone access to public clouds.

It is a fundamentally different approach that will require having a client on every device – something not everyone is willing to accept yet. But devices are central to any IT environment. Only by putting a client on the device can you authenticate users in way that ensures that the service is completely shut off to everyone except those authenticated and authorized.

The current paradigm has to change. Instead of spending resources on simply identifying threats, and in spite of increasing vulnerabilities, there is a way to have a flexible and secure solution by using SDP to reduce as much of the attack surface as possible.

For those interested in learning more about using SDP to protect critical applications and infrastructure check out this white paper.

Also feel free to check out the industry’s first open source reference implementation of SDP developed by Waverley Labs. The reference architecture and repository can be accessed and downloaded here.