Cloud Security Alliance, a not-for-profit organization that promotes the use of best practices for providing security assurance within Cloud Computing, has officially kicked off the Software Defined Perimeter (SDP) Hackathon at CSA Congress 2014 in San Jose. What’s interesting about this challenge is using SDP for cross cloud security.
For those who are not familiar with the SDP, it is a new security concept being standardized by the Cloud Security Alliance (CSA). The SDP combines time proven security concepts (such as need-to-know access) with new technologies (like Mutual TLS with DHE) into an integrated package. This new approach to security defeats network-based attacks, even by insiders, by dynamically creating perimeter networks anywhere in the world—including in a cloud, on the DMZ, and in the data center.
The SDP is designed for a wide range of applications, from protecting Internet-facing web sites to enabling secure hybrid cloud networking. Typical use cases include: securing business & partner portals, multiple business group collaboration, cloud migration, contractor and BYOD access.
CSA challenges hackers worldwide to attempt the capture of the target information on the protected server. Key SDP components, as well as a number of hacking tools, are given to the challengers. And there are no rules.
Here’s the schematic from the CSA SDP Hackathon website:
Junaid Islam, co-chair of the SDP Working Group and CTO of Vidder, has said “the SDP hackathon intends to demonstrate to enterprises that they can distribute applications across multiple public clouds knowing they will be protected.”
What do you think? Is cross cloud security real or just a fantasy?