Those networks can be between any IP addressable entities – a detail that will become critical as the machine-to-machine (M2M) and Internet of Things (IoT) phenomena continues to develop. The rise of connected, smart devices – everything from refrigerators that email their owners to 4G-enabled shipping fleets – means an exponentially growing amount of web-facing endpoints and, therefore, a rapidly escalating amount of cyber-risk.
The SDP initiative recommends a framework of security controls that mitigates network-based attacks on internet-accessible applications and endpoints by eliminating connectivity to them until devices and users are authenticated and authorized.
That’s especially important as technology consumerization like bring your own device (BYOD) configurations and non-traditional cloud computing infrastructure is supplanting internal IT, and employee-owned devices become the primary devices of choice.
The SDP initiative is thus meant to mitigate security risks and enforce organizational policies across any combination of corporate-owned, public and consumer information technology.
“It is critical to the future of cloud technology that it is demonstrably more secure than legacy IT systems,” said Bob Flores, former CTO of the CIA and CEO of Applicology, in a statement. “SDP is an important component to allow both cloud providers and customers to use secure applications all the way from the back end to the consumer device, and we look forward to working with some of the world’s largest enterprises on its development.”
A collaboration between members of CSA’s Enterprise User Council, SDP is being designed to be complementary to software-defined networks (SDN), the popular network layer construct that decouples routing and architectural decisions from the underlying equipment to create virtual networks. SDP traverses several OSI layers to tie applications and users with trusted networks, using vetted security models.
The framework will be open to everyone, the CSA added.
“CSA is making this royalty-free research publicly available in order to catalyze the development of more secure clouds and BYOD deployments,” said Jim Reavis, executive director of the Cloud Security Alliance. “Some of the largest brands and companies have agreed to participate in this initiative, and will be disclosed in the course of this initiative.”
The SDP research working groups are now open for participation, collaboration and peer review. CSA is planning to have a whitepaper available in December, and an implementation case study of SDP will be presented at the CSA Summit at the RSA Conference, February 24, 2014, in San Francisco.