provides them with the opportunity to
secure critical resources and stop the
attacks in their tracks.
Whereas a traditional enterprise
network creates an internal network
separated from the outside world
by a fixed perimeter consisting of a
series of firewall functions that block
external users from coming in but
allow internal users to get out, SDP
is a scalable Software-as-a-Service
(SaaS) solution, which provides pre-
authenticated, context-aware, secure
access to enterprise applications within
a perimeter that is constantly changing.
In simple language, the network and
apps are like an exclusive private club
where everyone wants to go.
This network perimeter security solution
serves as the bouncer, controlling who
can get in and what they can do once
they’re inside. It checks user IDs and
devices at the network ‘door’ then
‘escorts’ them inside for another level of
approval/verification before they can join
the ‘party’ to use apps and resources.
How does it work?
Software defined perimeter provides
a secure, encrypted connection
between users’ devices and apps on
a ‘need-to-know’ basis, allowing only
authenticated and approved users to
access network resources.
They can be deployed anywhere – on
the Internet, in the cloud, at a hosting
centre, on the private corporate
network or across some or all of these
locations. The approval process follows
these steps:
• Apps get selected: Users select the
software defined perimeter app on
their devices
• Device and location validated: The
74
software defined perimeter controller
validates the users’ devices,
certificates and locations
• Paths are set and app access
validated: The controller then
creates a path and confirms user
access to enterprise apps
• Tunnels are made and resources
connected: Application gateways
build tunnels into the network and
connect users to resources
• Users given app access: Approved
users can now access the apps
they need
SDP in real-life
It is easy to imagine where this ever-
changing perimeter could be used in
everyday life. Imagine a financial intuition
under a cyberattack.
Instead of customers being frozen out of
their bank accounts and panic ensuing,
when the SDP is activated customers will
have direct access to their accounts via
the bank’s apps. The apps themselves
being ring-fenced by a SDP, as it provides
continual safe access and non-disrupted
Issue 04
|
www.intelligentciso.com