software-defined perimeter (SDP)

Contributor(s): Sharon Shea
This definition is part of our Essential Guide: Your manual to the modern cloud computing network

Software-defined perimeter (SDP) is a security framework developed by the Cloud Security Alliance.

The framework is based on the Department of Defense's "need-to-know" model; all endpoints attempting to access a given infrastructure must be authenticated and authorized prior to entrance. Once authorization -- which takes place in the cloud -- is complete, trusted devices are given a unique, temporary cryptographic connection to the target infrastructure.  Until then, the infrastructure being protected by an SDP is "black."  This means that IP addresses for the target infrastructure are only revealed to authorized devices. 

The five layers of the SDP framework's security controls are:

SDPs lower the chances of successful network-based attacks such as denial-of-serviceattacks, man-in-the-middle attacks, server vulnerabilities and lateral movement attacks such as SQL injection or cross-site scripting. SDP does not have any new protocols, rather it incorporates standards from NIST and OASIS (including PKI, TLS, IPsec and SAML).



This was last updated in July 2014

Continue Reading About software-defined perimeter (SDP)

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.


File Extensions and File Formats

Powered by: