The Cloud Security Alliance (CSA) is forming a new Software Defined Perimeter (SDP) for Infrastructure as a Service (IaaS) initiative. With the new program, the Alliance plans to demonstrate how an SDP can better protect IaaS services for enterprise usage, and deliver protection of on-premises and IaaS resources.
The alliance’s rationale is that through understanding and leveraging an SDP model, organizations can then enable hybrid or multi-platform clouds by abstracting provider-specific configurations, and leveraging consistent policies, identity stores, and processes across their environments.
Goals of the initiative include:
- Documenting specific security, compliance, and architecture challenges that arise from enterprise adoption of IaaS.
- Exploring how an SDP solution can solve these problems.
- Providing architectural and deployment guidelines and best practices for secure IaaS, including the impact of DevOps initiatives.
- Influencing the SDP specification to address IaaS-specific requirements.
Planned deliverables include:
- Analysis and taxonomy of IaaS-specific security, network, identity, and compliance challenges.
- Explanation of how an SDP architecture can address these challenges.
- Deployment scenarios and use cases that examine aspects such as network configuration, identity management, authentication, and security groups.
The alliance is seeking participation from enterprises, cloud providers, and technology vendors to collaborate on the initiative.