SDP stands for the software-defined perimeter. SDP is a new set of specifications for next generation access control promoted by the Cloud Security Alliance (CSA). The SDP core concept is pre- authentication of connection requests and pre-authorization of access approval. Conceptually, SDP creates protected networked devices that are “black”, or undiscoverable, to unknown users, providing visibility and access only on a need-to-know basis. The new architecture significantly reduces the attack surface by first isolating target assets (often servers) from all users and devices —including both potential attackers and legitimate users. Then, secure connectivity is made available to only users who are members of the virtual community of interest, running on trusted devices. This trusted connectivity is achieved via a 3-step process. What is SDP? SDP Components The SDP architecture consists of three components: the SDP Controller, SDP Gateway, and SDP Client. SDP Controllers communicate over a secure control channel to both SDP clients and SDP Gateways. The Controllers act as the connection and policy manager of the system. Clients cannot connect directly to Gateways or applications protected by the SDP (protected apps). Instead, the clients must be verified by a Controller in regards to device, user, and software trust. Upon successful verification, Controllers dynamically provision mutually trusted and encrypted connections between clients and gateways. 1. Device Authentication & Authorization 2. User Authentication & Authorization 3. Dynamically Provisioned Connections Gartner: Predicts 2016: Security Solutions, Ruggero Contu, Deborah Kish, Petty Carpenter, et. al, December 2015. The Gartner Cool Vendor logo is a trademark and service mark of Gartner, Inc. and/or affiliates, and is used herein with permission. All rights reserved. The Controller verifies the authenticity and trust of the device desiring to connect to the protected application. The Controller requests user authentication and authorization verification from the enterprise identity management system and matches that to device ownership. The Controller dynamically provisions an encrypted connection to allow application data to pass between the client and the server. “SDP technology enables organizations to provide people-centric, manageable, ubiquitous, secure and agile access to networked systems, services and applications. It does this by solving a core design flaw in the unsecure manner in which TCP/IP was developed.” Gartner SDP Value SDP defeats the attacks that are the foundational tools used by cyber attackers.