Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Cloud Security Alliance offers ultra-high cloud security plan

Encryption-basedarchitecture proposed for SDN

Article comments

Orlando -- The Cloud Security Alliance (CSA) is putting forward an innovative encryption-based security architecture for software-defined networks and cloud environments that draws some of its inspiration from high-security networks used by the U.S. Department of Defense and intelligence agencies.

Called the "Software Defined Perimeter," the CSA's architecture plan calls for use of VPN-style authentication and encryption that would enable a security process could strictly determine availability of services and applications in a cloud environment. At the CSA Congress this week, some of the technical authors of the proposed architecture known as "Software Defined Perimeter" spoke about why the CSA, whose mission is establishing best practices and standards for cloud security, is strongly backing the concept and what's expected of it in the future.

The rise of cloud-based services has accelerated the disappearance of traditional network perimeters and new methods need to be adopted to protect data that's shared with cloud data centers, corporate networks and mobile devices, they say.

"Part of this initiative is to come up with an easily adjustable way to adjust the perimeter," said Bob Flores, former chief technology officer at the Central Intelligence Agency, a contributor to the "Software Defined Perimeter" architecture document. The idea that CA is proposing would change the way that people, applications and data flows can be authenticated by requiring an identification process first before network access is granted.

The "Software Defined Perimeter" makes use of technologies such as "mutual TLS" based on digital certificate exchange and an encryption for very strong identification, explained Jamaid Islam, CTO at Vidder, who is also a contributor to the "Software Defined Perimeter" architecture document. Other co-authors include Alan Boehme, chief of enterprise architecture and emerging technologies, the Coca-Cola Company and Jeff Schweitzer, chief innovation architect at Verizon.

Vidder's Islam said ideally the CSA's ideas for strong cloud security, which draw directly from Department of Defense high-security networks, would be built into the modern Software-Defined Network products now emerging in the marketplace. The advantage of CSA's plan is that it can achieve what's called a "dark" network that's hard to see on the Internet and thus much harder to attack.

"The DoD world is dark," said Flores during his talk about the new architecture yesterday evening. "It's extremely difficult to attack something you don't actually know exists, if they don't see the surface of the network."

The CSA's concept does rely on key management structures being in place, acknowledges Vidder's Islam. He said it's possible that cloud service providers could play a role there, plus more and more of them are starting to make various Hardware Security Modules (HSM) available to their customers as services. But enterprise customers could maintain their own key-management processes in-house as well. Islam said his company has built this style of high-security network for private-sector companies, though he wouldn't identify them.

As with all new ideas put forward to be adopted on a large scale, there's the question of how far the high-tech industry and their customers will go in actually adopting it.

Flores said there is one large company now making use in production of exactly what the CSA is proposing with "Software Defined Perimeter," and at the upcoming RSA Conference next year there will be news about industry support and more. CSA plans to make available "Software Defined Perimeter" software as open source for the public to adopt as well.

"We believe this could be a game changer," said Flores. "The right thing to do is to put this into the open-source community so cloud computing becomes one of those things you don't have to think about."   

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: emessmer@nww.com

Read more about wide area network in Network World's Wide Area Network section.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *