Software Defined Perimeter for Infrastructure as a Service
软件定义边界(SDP)工作组
2014年4月
GOALS
Awareness and adoption of the Software-Defined Perimeter architecture (SDP) is rapidly growing, and its effectiveness is being proven across numerous enterprises and use cases. We believe that the time is right to publicly promote the use of SDP to protect Cloud-based resources, given the rate at which organizations are strategically embracing Infrastructure as a Service (IaaS), and the compelling need to secure access to these resources. This document is intended to explore and explain how a Software-Defined Perimeter (SDP) architecture can improve security, compliance, and operational efficiency when applied to Infrastructure-as-a-Service environments. Readers will obtain a clear sense of the security challenges facing Enterprise users of IaaS (given the Shared Responsibility model), understand the problems that arise from combining native IaaS access controls with traditional network security tools, and learn about how a Software-Defined ...
GOALS
5
APPROACH AND SCOPE
6
EXECUTIVE SUMMARY
6
SDP and the CSA Treacherous 12.
7
INTRODUCTION: IAAS SECURITY OVERVIEW
10
TECHNICAL FOUNDATION
11
An IaaS Reference Architecture
11
Why is IaaS Security Different?
12
Location Is Just Another Attribute
12
The Only Constant is Change
12
The IP Address Conundrum
12
Security Requirements and Traditional Security Tools
13
Jump Boxes: Look Before You Lea
15
Why SDP and not VPNs?
16
Virtual Desktop Infrastructure (VDI)
17
How a Software-Defined Perimeter Solves These Problems
17
What is the Software-Defined Perimeter?
18
更多下载查看