Computer security is becoming endlessly complex, with more solutions moving to cloud-based infrastructure and proprietary software becoming “X-as-a-service” models. Combined with the rise of remote work and you have a system ripe for exploitation. That is why SDP has been introduced. But what is an SDP?
What is an SDP?
A Software-Defined Parameter (SDP) is a security protocol that replaces standard security approaches with a far less trusting, but far more secure, system.
History
It is based on the “need to know” model that the US Department of Defense introduced in 2007.
While this is a new protocol, it was pioneered by Google in 2009 in order to radically reduce the number of potential security threats to their enormous system. They invested in restructuring all of their internal systems and training employees over the course of a decade to fully integrate SDP.
While most companies don’t have the capital or resources to do the same, there are now SDP services available. They can help you transfer your system to make use of the new protocol.
How SDP Works
Imagine that most networks are castles surrounded by moats. When somebody wants to access the system, they speak to the guards at the moat and, if they are authorized, they are let in. However, once they are given access to the castle, they have access to all of the castle. This castle-and-moat approach to security is rapidly becoming outdated because it puts too much at risk.
Continuing with our metaphor, imagine that the guard at the moat is told that some people should just be let through without being challenged. In this case, maybe the CEO or anybody accessing the system from inside the building. Then it would be much easier for hackers to pretend to be authorized and slip through.
Using SDP, instead of a castle with a single guard, every service on your system has its own guard. Connections are made directly to the system and users are challenged in order to use every service. This means that even if somebody accesses one part of the system, they won’t be able to get elsewhere without once again authorizing.
There are three parts to it:
- SDP Controller – This evaluates incoming requests with outside services. Access is granted on a per-device, per-user, per-session basis.
- SDP Access Node – These sit between privileged resources and wider networks. These are the “guards” in SDP.
- SDP Client – This is the software that helps you actually make the connection between yourself and the service you want.
Moreover, it runs on a no-trust protocol. Everybody accesses the system as if they are a new user, regardless of their login credentials or location. This is to combat exploits that have become more prevalent since the intervention of remote work and cloud services.
Other Benefits of SDP
Another thing that makes SDP a useful protocol is that it can actually speed up your internal processing. This sounds counterintuitive because it specifically introduces more security, but it makes a lot of sense.
In castle-and-moat structures, all traffic goes through the same node. That poor guard has to check every single person that enters, which can slow down all traffic to the network. With SDP, every service has its own “guard.” Somebody trying to access accounting is talking directly to the Accounting system. They don’t have to wait for the person trying to access QA to authorize their account first.
SDP also gives you the ability to functionally create a subnet for every service. It would be incredibly difficult to set up and maintain so many subnets otherwise, but SDP simulates that kind of structure without the added hassle.
Is This the Future?
It’s hard to tell at this point whether SDP will take off. However, it holds a lot of promise for improved security that doesn’t adversely affect employees much. It is less convenient, but it is more secure and ultimately better suited to the modern corporate environment. SDP may or may not be the future, but it is certainly a solution for this moment.
Download PrivadoVPN
Protect your privacy with a world-class VPN. Sign up for premium access to PrivadoVPN and get unlimited monthly data, access to 300+ servers from around the world, and up to 10 simultaneous connections. Get a top-rated VPN that can secure your privacy at home, at work, or on the go.
Sign up for PrivadoVPN today!