Cloud Security Alliance (CSA) Specification Enables Users to Reduce Risk and Prevent Attacks on Critical Applications and Infrastructure
WASHINGTON – September 12, 2016 — Waverley Labs, a pioneer in software defined perimeters (SDP) and digital risk management solutions, today announced the industry’s first reference implementation of an open source Software Defined Perimeter (SDP) specification for reducing risk and securing critical cloud-based applications and infrastructures. The new open source reference architecture and repository are now available and can be accessed and downloaded here.
In 2013, Cloud Security Alliance (CSA), a non-profit organization that promotes security best practices for the cloud, launched the Software Defined Perimeter Initiative, a project designed to develop an architecture for creating highly secure and trusted end-to-end networks between any IP addressable entities, allowing for systems that are highly resilient to network attacks.
In September 2015, the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) awarded a contract to Waverley Labs to create new tools to defend against large and sophisticated Distributed Denial of Service (DDoS) attacks. The DHS initiative titled “An Open Source Project for a Software-Defined Perimeter to Defend Cloud Apps from DDoS” was awarded through Broad Agency Announcement HSHQDC-14-R- B00017 and is part of the DHS S&T Cyber Security Division’s Distributed Denial of Service Defense (DDoSD) program.
Waverley Labs worked closely with the CSA Software Defined Perimeter Working Group that developed the SDP specification adopted by the Cloud Security Alliance and its members. It is core to a new security and risk management paradigm that establishes an undetectable application infrastructure. The primary effect of the SDP is that it transforms the application infrastructure into an effectively invisible or “black cloud” environment that shows no domain name system (DNS) information or IP addresses.
SDPs are emerging as a key component in a new security paradigm for reducing and eliminating risk and incorporate industry input and lessons learned from successful commercial implementations of SDP by leading enterprises such as Coca-Cola, Mazda, and Google.
“We are thrilled to see the availability of this Open Source SDP based upon the Cloud Security Alliance Software Defined Perimeter specification. SDP is an important step forward in creating the next generation of trusted and agile computer networks,” said Jim Reavis, Chief Executive Officer for the Cloud Security Alliance. ”We look forward to SDPs becoming an important architecture for securing the Internet of Things and creating highly trusted virtual private clouds by creating secure, on-demand networks between any IP-addressable entities.”
SDP is based on a strong security model that only allows TCP connections from pre-authorized users and their devices. Moreover, SDP issues user level access at the port/protocol level (after user authentication using a one-time use token) to ensure connections cannot be re-tasked or hijacked or authentication credentials used by unauthorized users. Agencies are looking to SDPs as new approach to securing cloud and critical infrastructure applications as it allows them to customize a SDP implementation to their unique agency requirements – this includes all aspects of security from certificates, cyphers, identity systems, monitoring, management etc. Federal agencies can then “wrap” their apps with an SDP service to ensure both security as well as secure workflow.
The unique SDP specification and associated “security layers” is evolutionary in that it builds upon three proven controls such as the “need to know” access model used by US government agencies, device verification using SPA (Single Packet Authorization) and Mutual Transport Layer Security promoted by NIST. The Software Defined Perimeter is also revolutionary in that it extends the protection to the boundary that is changing with the growing use of mobile devices and the Internet of Things (IoT). More importantly, the SDP security model has been tested and proven to stop all forms of network attacks including credential theft, denial of service, and server exploitation that have plagued organizations for decades and continue to with increasing intensity.
“Government Agencies are looking to use SDPs to reduce risk by securing critical applications and physical infrastructure,” said Juanita Koilpillai, Founder and Chief Executive Officer of Waverley Labs. “The open source SDP enables organizations interested in migrating to FedRAMP certified clouds and/or customizing an SDP implementation for unique agency requirements for their most critical applications and infrastructure.”
About Waverley Labs
Waverley Labs is a leading a leading provider of digital risk management software and services that helps large organizations reduce their exposure to digital risk. Its products and services range from the industry’s first open source software defined perimeters (SDPs) for large federal agencies, to the assessment, quantification, and mitigation of digital risk from the business perspective. Waverley Labs’ automated analysis and visualization capabilities provide business leaders, risk officers and CISOs with an at-a-glance view of business risks prioritized according to business impact and recommended risk mitigations. Waverley Labs works closely with NIST and the Cloud Security Alliance to provide thought leadership in digital risk management. For more information visit http:/www.waverleylabs.com.