Software Defined Perimeter Framework
What is SDP?
A Software Defined Perimeters (SDP) is a framework based on a need-to-know model that controls access to resources based on identity. The device posture and identity are verified before access to application infrastructure is granted.
Which should I use - SDP vs VPN?
There has been a major shift in the workplace with a large percentage of employees working remotely outside of the traditional office environment. With this trend comes an increasing concern regarding security, access, and scalability of providing today’s global distributed workforce with secure remote access. The traditional methods of access, security, scale, and control via Virtual Private Networks (VPNs) are no longer sufficient to meet the demand and security needs of the enterprise. Companies are moving towards leveraging SDP technology to allow them to scale, secure, and enable the operational reach and access required for today’s remote workers.
What is the use case for an SDP Network?
Zero Trust describes a security approach that requires authentication and authorization before granting access to a network. One of the primary ways to achieve Zero Trust is by implementing SDP to complement or even replace traditional perimeter-based Virtual Private Networks (VPNs). Unisys Stealth® creates an SDP and delivers Zero Trust security through identity-based micro-segmentation.
How can SDP secure my network?
Visualize your enterprise’s network as a house and the virtual private network as a door. You can get in the door if you have a key or you can jimmy the lock and break in. Once you’re in, you have no further barriers to navigate, so you are “home-free” to steal anything you desire.
Once the VPN is compromised, the attack can propagate laterally and at a great pace from server to server within the data center, with no security controls in place to stop the spread. VPNs therefore represent a single point of security risk for the network. But the expanding network means doors – and attack vectors –have grown exponentially. It is next to impossible to ensure that all the doors are locked, or to verify whether everyone coming through those doors has a right to do so.
SDPs, in contrast, can be visualized as a house with no doors. The exterior is a solid brick wall. With no door, a hacker has to hammer away at a brick to remove it. But, because the network is protected by micro-segmentation, the most a hacker can get is ... a brick. Nothing more. Access to the entire house is never possible. Why? Because there is no “inside” to this house: micro-segmentation has converted an “open floor plan” house into a solid cube of discrete bricks.