CSAがソフトウェア定義の境界(SDP)を使用してゼロトラストを実装する方法に関する報告書を公開していますね。。。
こんにちは、丸山満彦です。
CSAがソフトウェア定義の境界(SDP)を使用してゼロトラストを実装する方法に関する報告書を公開していますね。。。
● Cloud Security Alliance
・2020.05.27 (Press) Cloud Security Alliance’s Latest Research Examines Symbiotic Relationship Between Software Defined Perimeter (SDP) and Zero Trust
・2020.05.27 Software-Defined Perimeter (SDP) and Zero Trust
A Zero Trust implementation using Software-Defined Perimeter enables organizations to defend new variations of old attack methods that are constantly surfacing in existing network and infrastructure perimeter-centric networking models. Implementing SDP improves the security posture of businesses facing the challenge of continuously adapting to expanding attack surfaces that are increasingly more complex. This paper will show how SDP can be used to implement ZTNs and why SDP is applied to network connectivity, meaning it is agnostic of the underlying IP-based infrastructure and hones in on securing all connections using said infrastructure - it is the best architecture for achieving Zero Trust.
・[PDF]
Table of Contents
Acknowledgments
Introduction
Goals
Audience
Zero Trust Networking (ZTN) and SDP
Why Zero Trust
What Zero Trust Addresses
Implementing a Zero Trust Strategy
Benefits of a SDP Zero Trust Solution
Security Benefits
Business Benefits
SDP Zero Trust Strategic Approach and Proof of Concept
Technology Components and Infrastructure
Technology Risks and Issues
Assumptions
Technology Analysis
Required Resources
Key Industry Developments
Delivery Activities
Situation Analysis
Timeframes and Stakeholder Engagement
References
Introduction
Software Defined Perimeter (SDP) is a network security architecture that is implemented to provide security at Layers 1-7 of the OSI network stack. An SDP implementation hides assets and uses a single packet to establish trust via a separate control and data plane prior to allowing connections to hidden assets. A Zero Trust implementation using Software Defined Perimeter (SDP) enables organizations to defend new variations of old attack methods that are constantly surfacing in existing network and infrastructure perimeter-centric networking models. Implementing SDP improves the security posture of businesses that face the challenge of continuously adapting to expanding attack surfaces that are increasingly more complex.
Originally, Zero Trust Network (ZTN) concepts were developed by the US Department of Defense (DoD) in the early 2000s while defining Global Information Grid (GIG) Network Operations (NetOps) Black Core routing and addressing architecture, part of the DoD’s Netcentric Service Strategy. Over time, this concept evolved within the DoD intelligence and security communities into the current ZTN/SDP framework and test lab1 . Around the same time, Forrester, a market research company that provides advice on technology began promoting ZTN as a worthwhile consideration for enterprise security teams. Today, Zero Trust has grown widely in adoption, as well as scope.
In the report entitled "Zero-Trust-eXtended-ZTX-Ecosystem," Forrester analysts observe that the changing nature of the network perimeter means that the historical context of Zero Trust architecture is transforming rapidly from "segmenting and securing the network across locations and hosting models." Forrester asserts that the current model, which supports the need to challenge and eliminate the inherent trust assumptions in current security strategies, suggests that a variety of new adaptive software-based approaches should also be considered. However, it does not identify a new direction for the "extended ecosystem framework."2
Essentially, Zero Trust is a network security concept centered on the belief that organizations should not automatically trust anything inside or outside traditional perimeters and aims to defend enterprise assets. Implementing Zero Trust requires the verification of anything and everything that tries to connect to assets before granting access and the continued evaluation of sessions during the entire duration of the connection. This is illustrated in Figure 1 where the National Institute of Standards and Technology (NIST) describes using ‘trust boundaries.’
« 読書感想文 「新型コロナウイルス対プライバシー-コンタクトトレーシングと法」 by 高橋郁夫先生、有本真由先生、 黒川真理子先生 | Main | NIST IoT機器製造者向けセキュリティの実践資料 NISTIR 8259 Foundational Cybersecurity Activities for IoT Device Manufacturers, NISTIR 8259A IoT Device Cybersecurity Capability Core Baseline »
Comments