- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
Network World - Orlando -- The Cloud Security Alliance (CSA) is putting forward an innovative encryption-based security architecture for software-defined networks and cloud environments that draws some of its inspiration from high-security networks used by the U.S. Department of Defense and intelligence agencies.
Called the “Software Defined Perimeter,” the CSA’s architecture plan calls for use of VPN-style authentication and encryption that would enable a security process could strictly determine availability of services and applications in a cloud environment. At the CSA Congress this week, some of the technical authors of the proposed architecture known as “Software Defined Perimeter” spoke about why the CSA, whose mission is establishing best practices and standards for cloud security, is strongly backing the concept and what’s expected of it in the future.
The rise of cloud-based services has accelerated the disappearance of traditional network perimeters and new methods need to be adopted to protect data that’s shared with cloud data centers, corporate networks and mobile devices, they say.
“Part of this initiative is to come up with an easily adjustable way to adjust the perimeter,” said Bob Flores, former chief technology officer at the Central Intelligence Agency, a contributor to the “Software Defined Perimeter” architecture document. The idea that CA is proposing would change the way that people, applications and data flows can be authenticated by requiring an identification process first before network access is granted.
The “Software Defined Perimeter” makes use of technologies such as “mutual TLS” based on digital certificate exchange and an encryption for very strong identification, explained Junaid Islam, CTO at Vidder, who is also a contributor to the “Software Defined Perimeter” architecture document. Other co-authors include Alan Boehme, chief of enterprise architecture and emerging technologies, the Coca-Cola Company and Jeff Schweitzer, chief innovation architect at Verizon.
Vidder’s Islam said ideally the CSA’s ideas for strong cloud security, which draw directly from Department of Defense high-security networks, would be built into the modern Software-Defined Network products now emerging in the marketplace. The advantage of CSA’s plan is that it can achieve what’s called a “dark” network that’s hard to see on the Internet and thus much harder to attack.
“The DoD world is dark,” said Flores during his talk about the new architecture yesterday evening. “It’s extremely difficult to attack something you don’t actually know exists, if they don’t see the surface of the network.”