SEATTLE–(BUSINESS WIRE)–The Cloud Security Alliance (CSA), the world’s leading organization dedicated to setting standards, certifications and best practices to help ensure a secure cloud computing environment, has released a new white paper, SDP and DNS Integration: Improved Zero Trust Policy Enforcement. Written by the Software Defined Perimeter (SDP) and Zero Trust Working Groupthe paper explores how enterprise DDI systems – which collectively refer to three basic network services, namely Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), and Management Internet Protocol Addresses (IPAM) – can augment and integrate with SDP to improve the security, resiliency and responsiveness of organizations.
DNS maps human-readable domain names (for example, cloudsecurityalliance.org) to numeric Internet Protocol (IP) addresses. Setting and enforcing policies at the DNS layer doesn’t require a lot of computation and has the added benefit of scaling up to millions. However, the ubiquity of the DNS and the fact that it is widely open, connectionless, and unencrypted make it a commonly exploited way to infiltrate networks with malware and exfiltrate data. Additional mechanisms are needed for an accurate policy framework and implementation to leverage the DDI database. DDI services can provide businesses with visibility and control, and when combined with SDP can deliver dramatically improved security and help organizations advance their Zero Trust security journeys.
“The integration of the three core systems that make up DDI helps provide control, automation and security for today’s modern, highly distributed networks. Linking traditionally separate systems for a more holistic application is a hallmark of the Zero Trust security approach, and DDI has the unique advantage of connecting who is on the network, where they are going and, more importantly, where they have summer. Information security will always be multi-layered, and Zero Trust via SDP is an approach that benefits from integration with many other parts of an enterprise security infrastructure,” said Shamun Mahmud, Senior Research Analyst, Cloud Security Alliance.
The document explains how, by integrating an SDP architecture with DNS, a strategy that results in improved security, organizations can leverage DNS as a Zero Trust network policy enforcement point alongside network enforcement points. SDP policy and leverage valuable DNS data for faster SDP threat response. Two use cases where enterprise-managed DDI integrates with SDP to improve security, contextual awareness, and responsiveness are included as examples.
To download SDP and DNS Integration: Improved Zero Trust Policy Enforcement today.
the Software Defined Perimeter and Zero Trust Working Group was created to validate and protect devices and connections on a network. Those interested in learning more about the group or participating in future research are invited to join.
About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA leverages the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to deliver safety-specific research, education, training, certification, events and products from the cloud. CSA’s activities, knowledge and extensive network benefit the entire cloud-affected community, from vendors and customers to governments, entrepreneurs and the insurance industry – and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For more information, visit www.cloudsecurityalliance.organd follow us on Twitter @cloudsa.