Identity and Access Management

 View Only

CSA publication: SDP Specification v2

  • 1.  CSA publication: SDP Specification v2

    Posted Mar 10, 2022 11:46:00 AM

    Cloud Security Alliance Issues Expanded Specification for the Software-Defined Perimeter (SDP)

    Growing adoption of Zero Trust principles and corresponding growth in deployments of SDP-based solutions called for enhanced set of guidelines


    SEATTLE – March 10, 2022 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today released Software-Defined Perimeter (SDP) Specification v2.0, an update to the original Software-Defined Perimeter (SDP) v1 (2014). The enhanced specification encompasses the architectural components, interactions, and basic security communications protocol for the Software-Defined Perimeter. It’s hoped that the publication of version 2 will encourage more enterprises to adopt a Zero Trust paradigm for securing their applications, networks, users, and data. 

    “While the original specification was sound and provided a solid architectural and conceptual foundation for securing connectivity, we felt it was time to elaborate and expand on several areas, including component onboarding and access workflows, deployment models, and securing non-person entities. More importantly, the information security industry has embraced the principles espoused in the SDP architecture in recent years, thanks in part to the shift toward cloud and the widespread adoption of Zero Trust, and we felt it was time to issue an updated and enhanced set of specifications,” said Jason Garbis, a lead author of the paper, co-chair of the SDP and Zero Trust Working Group, and Chief Product Officer at Appgate.

    Produced by CSA’s Software-Defined Perimeter and Zero Trust Working Group, the paper focuses on the control plane that enables secure connectivity within the security perimeter, and the data plane that enforces secure connectivity between initiating hosts (IH) and accepting hosts (AH), whether they’re servers, devices, or services. Specifically, it expands and enhances the following areas:

    ●      SDP and its relationship to Zero Trust 

    ●      SDP architecture and components

    ●      Onboarding and access workflows

    ●      Single Packet Authorization (SPA) message format, use of User Datagram Protocols (UDP), and alternatives

    ●      Initial discussions on IoT devices and access policies

    Download the free report:

    The Software-Defined Perimeter and Zero Trust Working Group was created to validate and protect the devices and connections on a network. Those interested in learning more about the group or participating in future research are invited to join.

    Shamun Mahmud
    Sr. Research Analyst
    Cloud Security Alliance