Emerging Security Concept – Software Defined Perimeter
Hybrid cloud environments are dynamic and complex, further complicated by multiple end-users accessing multiple environments from multiple locations. Securing access to these environments is a considerable challenge, which is magnified by the gap between enterprises’ desire to manage security from an identity-centric perspective, and cloud platforms’ access models that are based on IP addresses, and not users.
As a result, security remains a significant concern, often impeding the adoption of cloud. Traditional security tools can’t bridge this gap, so security professionals, who are under tremendous pressure to enable business agility, end up granting users overly broad network access to their cloud environments. This increases the risk of security and compliance issues, especially with dynamically changing cloud environments – something that we’ve unfortunately seen repeatedly as a root enabler of recent data breaches.
Ultimately, enterprises are demanding cloud security controls and policies that are identity-centric, and define how information, systems, applications and infrastructure can be better protected when using a cloud environment.
When it comes to cloud security, what is the responsibility of the cloud provider versus the cloud user? One of the security principles we advocate and one that providers generally follow is a Shared Responsibility model – clearly denoting that enterprises are responsible for securing user access to the cloud. Unfortunately, cloud infrastructures’ network security approach often results in over-privileged, wide-open network access.
Read the entire article here, Emerging Security Concept – Software Defined Perimeter
via the fine folks at HP Enterprise.