With SDP, the Switchboard is Making a Comeback
Who would have thought that a modern technology—a software-defined perimeter—would harken back to the days of the switchboard?
Back in 1876, Alexander Graham Bell was awarded the first U.S. patent for the creation of the telephone. The next step was figuring out how to connect callers to other callers at scale. In 1882, the world’s first multiple switchboard was created. It would serve as a highway for quick, private connectivity.
The idea was to be able to connect any particular group of lines with any other line within the switchboard. This meant that every operator had to be within reach of each line and that only the operator knew the phone number of the other party. Callers would inform the operator with whom they would like to speak, and the operator would then ring the correct party and establish a private connection between them, if appropriate. The telephone operators were tasked to keep up with the changing volume of calls, so they needed the right equipment to be able to answer calls 24 hours a day and meet the customer demands of service. They would also record the call, including the length and destination of the call so that they could accurately bill the caller.
Fast forward to today. If you post your phone number on LinkedIn, recruiters will be able to call you, but so will anyone else on the internet. Unfortunately, this is the same way that incumbent security methods treat applications, which means they can introduce risk or unauthorized access.
Consider this. The purpose of an inbound VPN gateway is to secure the network via appliances that allow remote users to connect to the network. This requires the IP address of a VPN concentrator to be exposed as it sits at the edge of the network listening for inbound calls in order for the remote user to connect. But, similar to the LinkedIn example above, your information is also exposed to the Internet.
A modern set of technologies has been developed to enable connectivity to private apps without ever exposing them to the internet—instead, it makes them dark. Guess you could call it a highway for quick, private connectivity to internal apps. It’s called the software-defined perimeter (SDP), and it works somewhat similarly to those switchboards of the past.
Here’s how an SDP works:
- An employee or third-party user wants to connect to a private application, creating an outbound call to a broker.
- The broker processes the request and checks if the user has proper authorization (often based on IDP and SAML attributes).
- If the user is authorized to access the app, the broker calls out to the connector sitting closest to the app—the connector front-ends the apps—and the connector sends an outbound connection to the broker.
- The broker then stitches together the two outbound connections in the cloud, enabling private connectivity between the authorized user and specific app.
Striking similarities, right? Even down to the ability to record detailed activity logs in real time and, in the case of SDP, auto-stream them to a SIEM provider for further analysis.
When it comes to security, SDP provides four key benefits:
- Application access does not require access to the network or the use of a VPN.
- Apps are invisible to unauthorized users and are never exposed to the internet.
- Application segmentation, without the need for network segmentation, connects specific users to specific apps and limits lateral movement.
- The internet becomes the new secure network via end-to-end encrypted TLS tunnels.
Since this connectivity is delivered over a hosted cloud service, the ability to scale based on user volume is simple. This means there’s no need to buy more appliances and add to the inbound VPN gateway stack. And why would you? After all, most users aren’t even connected to the network.
Who would have thought that a concept developed in 1882 could still be relevant in a world where apps are moving to cloud and remote users are connecting with personally owned devices on unprotected networks? But it is, and SDP proves it.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Christopher Hines is head of product marketing for Zscaler Private Access and Zscaler App