Special Coverage Series

Network Computing

Special Coverage Series


Cloud Security Alliance Launches Secure Network Effort

Software-Defined Perimeter project aims to develop a framework that provides secure connectivity from any device to cloud applications.

Concern about the security of cloud environments has impacted the adoption of cloud services since their inception. But an initiative recently launched by the Cloud Security Alliance (CSA) may help protect cloud infrastructure by developing more secure networks.

Dubbed the Software-Defined Perimeter (SDP), the initiative is a collaborative effort between security vendors and members of the CSA's Enterprise User Council. The vision is to develop a framework of security controls that takes some of the pain out of network security.

More Insights

Webcasts

More >>

White Papers

More >>

Reports

More >>

According to the CSA, the Software-Defined Perimeter leverages known security concepts such as federation, Secure Assertion Markup Language (SAML), Transport Layer Security (TLS), and geo-location in a bid to control and manage connectivity from any device to the cloud infrastructure.

"It takes a lot of time and energy to set up a secure network," said Junaid Islam, founder and chief technology officer of security vendor Vidder, and one of the initiative's participants. The long list of steps -- including setting up a PKI infrastructure to do device certs, which are then needed for mutual TLS, a federated identity system, and Web application firewalls -- overwhelms people, he said.

In the Software-Defined Perimeter, connectivity is based on a "need-to-know model in which device posture and identity is verified" before a user is granted access to application infrastructure, according to the CSA. As a result, the application infrastructure has no visible DNS information or IP address, mitigating many common networks.

"If you think about secure networking, there's really three parts to it," Islam told Network Computing. "One is authenticating the device and the user -- for example, figuring out if you using the same iPad. The second part is verifying your identity and role, like who are you and what you are allowed to access. And then the third part is setting up a VPN in real-time to specifically the asset you are supposed to access and nothing else. This is very different than what you have today."

Today, a site on the Internet has a DNS name that is visible to everybody -- legitimate users as well as hackers. "In this kind of solution we're talking about, there's no visible DNS at all. There [are] no open ports.," he said. "You can't ping or traceroute the application servers. Everything is completely black."

The end result is basically a hidden server on the public Internet, he added.

[Read how to secure the many components of an SDN in "Securing The Software-Defined Network."]

According to the CSA, SDP will be designed to be complimentary to software-defined networks (SDN) and traverse numerous OSI layers to tie applications and users with trusted networks through security models. During the next few months, the CSA plans to release a whitepaper on the SDP, as well as offer a prototype demonstration and a case study.

"What we're trying to do here by establishing this framework it to make it easier for companies to take advantage of well-defined security standards that have been codified in software," said Bob Flores, CEO of the IT consultancy Applicology Incorporated, which also is working on the SDP initiative.

"This will be out in the public domain. So they [enterprises] can take advantage of this stuff to make sure their stuff is secure. Cloud providers can take advantage of this framework as well to create a more secure environment for their customers," he said.



Related Reading



Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
 

Editor's Choice

Research: 2014 State of Server Technology

Research: 2014 State of Server Technology

Buying power and influence are rapidly shifting to service providers. Where does that leave enterprise IT? Not at the cutting edge, thatís for sure: Only 19% are increasing both the number and capability of servers, budgets are level or down for 60% and just 12% are using new micro technology.
Get full survey results now! »

Vendor Turf Wars

Vendor Turf Wars

The enterprise tech market used to be an orderly place, where vendors had clearly defined markets. No more. Driven both by increasing complexity and Wall Street demands for growth, big vendors are duking it out for primacy -- and refusing to work together for IT's benefit. Must we now pick a side, or is neutrality an option?
Get the Digital Issue »

WEBCAST: Software Defined Networking (SDN) First Steps

WEBCAST: Software Defined Networking (SDN) First Steps


Software defined networking encompasses several emerging technologies that bring programmable interfaces to data center networks and promise to make networks more observable and automated, as well as better suited to the specific needs of large virtualized data centers. Attend this webcast to learn the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging.
Register Today »

Related Content

From Our Sponsor

How Data Center Infrastructure Management Software Improves Planning and Cuts Operational Cost

How Data Center Infrastructure Management Software Improves Planning and Cuts Operational Cost

Business executives are challenging their IT staffs to convert data centers from cost centers into producers of business value. Data centers can make a significant impact to the bottom line by enabling the business to respond more quickly to market demands. This paper demonstrates, through a series of examples, how data center infrastructure management software tools can simplify operational processes, cut costs, and speed up information delivery.

Impact of Hot and Cold Aisle Containment on Data Center Temperature and Efficiency

Impact of Hot and Cold Aisle Containment on Data Center Temperature and Efficiency

Both hot-air and cold-air containment can improve the predictability and efficiency of traditional data center cooling systems. While both approaches minimize the mixing of hot and cold air, there are practical differences in implementation and operation that have significant consequences on work environment conditions, PUE, and economizer mode hours. The choice of hot-aisle containment over cold-aisle containment can save 43% in annual cooling system energy cost, corresponding to a 15% reduction in annualized PUE. This paper examines both methodologies and highlights the reasons why hot-aisle containment emerges as the preferred best practice for new data centers.

Monitoring Physical Threats in the Data Center

Monitoring Physical Threats in the Data Center

Traditional methodologies for monitoring the data center environment are no longer sufficient. With technologies such as blade servers driving up cooling demands and regulations such as Sarbanes-Oxley driving up data security requirements, the physical environment in the data center must be watched more closely. While well understood protocols exist for monitoring physical devices such as UPS systems, computer room air conditioners, and fire suppression systems, there is a class of distributed monitoring points that is often ignored. This paper describes this class of threats, suggests approaches to deploying monitoring devices, and provides best practices in leveraging the collected data to reduce downtime.

Cooling Strategies for Ultra-High Density Racks and Blade Servers

Cooling Strategies for Ultra-High Density Racks and Blade Servers

Rack power of 10 kW per rack or more can result from the deployment of high density information technology equipment such as blade servers. This creates difficult cooling challenges in a data center environment where the industry average rack power consumption is under 2 kW. Five strategies for deploying ultra-high power racks are described, covering practical solutions for both new and existing data centers.

Power and Cooling Capacity Management for Data Centers

Power and Cooling Capacity Management for Data Centers

High density IT equipment stresses the power density capability of modern data centers. Installation and unmanaged proliferation of this equipment can lead to unexpected problems with power and cooling infrastructure including overheating, overloads, and loss of redundancy. The ability to measure and predict power and cooling capability at the rack enclosure level is required to ensure predictable performance and optimize use of the physical infrastructure resource. This paper describes the principles for achieving power and cooling capacity management.