Design a flexible, stronger access policy playbook around user and device authentication with a Software-Defined Perimeter. Whether your critical corporate resources are in the cloud or local servers, SDP enables IT to easily build a wall around the entire network.
SDP deploys multiple cutting-edge security tools and is easily implemented, even and especially for modern organizations with complex cloud networks, many remote users, and varying access requirements.
Multiple layers of authentication come before access, including user and device verification.
Give each user his or her own encrypted connection and relevant, limited access to the network.
Easy, central management of granular access policies across users and groups.
Software-Defined Perimeters are hardware and cloud agnostic, fitting any network.
SDP network architecture has three important components: the SDP Client, the SDP Controller, and the gateway PoP.
The client verifies identities using an Identity Provider, such as Okta, Google, or Azure. It routes whitelisted applications to authorized remote connections, ensuring that the certificate-based mutual TLS VPN only connects to authorized services. Network traffic is encrypted and tunneled between the user’s device and the corresponding gateway.
The controller establishes trust between the SDP Client and backend security controls by authenticating users and devices. By evaluating the controller, Issuing Certificate Authority and Identity Provider, the user and network entitlements are verified, and the SDP Controller configures the gateway in real time to provision a mutual TLS connection.
The gateway grants access to previously private resources, allowing employees to have a private and uncongested connection. This termination point for the mutual TLS connection from the Client verifies the identity of the requesting device, authorizes the user, and grants access to the requested network.
Before a user gains access to the network, ensure that their identity and device are checked. Third-party identity providers and Single Sign-On make authenticating users easy while device posture check rules and other endpoint tools verify their devices are safe.
Security tools like VPNs might offer encrypted access to the network, but they cannot provide access to only certain network resources for individual users or groups. Perimeter 81’s SDP provides built-in micro-segmentation utility so that your most sensitive resources aren’t exposed.
IT has one central dashboard where they can create custom access policies based on user, device, location, and other granular attributes. This saves the need to deploy multiple solutions in order to achieve sophisticated policy management.
Perimeter 81 enables organizations to take advantage of the full SDP model, with integration across any on-premises or cloud infrastructure. Instant deployment of encrypted gateways across the world offers low latency for remote workers and their devices.
While perimeter-based network security tools are effective at defending against the most basic attacks, these tools fail to fully protect data where it changes hands in the modern era. They’re also expensive. SDP provides customized and restricted access to individual users – something that hardware could never do.
A Software-Defined Perimeter enables encrypted traffic tunnels which create one-to-one network connections between users and resources, and allows IT to enforce the tunnels’ use before access occurs. Also enforceable are 2FA, Single Sign-On, and other security tools that together reduce the organization’s attack surface.
With a Software-Defined Perimeter architecture and comprehensive management platform, gateways can be automatically deployed in any location, enabling simplified, secure and low-latency connections to resources. Workers anywhere on the globe will be able to access resources quickly and safely, no matter where they are.
“The best feature so far has been the ability to deploy gateways, we were able to roll out a gateway relatively close to our employees in just a few minutes. Having the ability to roll out an entire office with access to internal resources in just minutes is the best thing I can ask for.”
Transitioning critical resources to the cloud, allowing employees access from off-premises, and encouraging BYOD presents security challenges that only SDP is flexible enough to address – from inside and outside the network.