Cloud Security

Cloud Security Alliance Issues Expanded Specification for SDP

Growing adoption of Zero Trust principles and corresponding growth in deployments of SDP-based solutions called for enhanced set of guidelines

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today released Software-Defined Perimeter (SDP) Specification v2.0, an update to the original Software-Defined Perimeter (SDP) v1 (2014). The enhanced specification encompasses the architectural components, interactions, and basic security communications protocol for the Software-Defined Perimeter. It’s hoped that the publication of version 2 will encourage more enterprises to adopt a Zero Trust paradigm for securing their applications, networks, users, and data.

“While the original specification was sound and provided a solid architectural and conceptual foundation for securing connectivity, it was largely silent on several areas, including SDP access authorization policies, onboarding, and securing non-person entities. Given that the information security industry has embraced the principles espoused in the SDP architecture in recent years, thanks in part to the shift toward cloud and the ever-heightened threat landscape, we felt it was time to issue an updated and enhanced set of specifications,” said Shamun Mahmud, CSA senior research analyst.

Produced by CSA’s Software-Defined Perimeter and Zero Trust Working Group, the paper focuses on the control plane that enables secure connectivity within the security perimeter, and the data plane that enforces secure connectivity between initiating hosts (IH) and accepting hosts (AH), whether they’re servers, devices, or services. Specifically, it expands and enhances the following areas:

  • SDP and its relationship to Zero Trust
  • SDP architecture and components
  • Onboarding and access workflows
  • Single Packet Authorization (SPA) message format, use of User Datagram Protocols (UDP), and alternatives
  • Initial discussions on IoT devices and access policies

The paper also includes additional documentation published since 2014, namely the SDP Glossary and the SDP Architecture Guide, and provides enhanced sequence diagrams and explanations of connections and messages in the following SDP sub-protocols: AH to Controller, IH to Controller, and IH to AH.

Download the free report.

The Software-Defined Perimeter and Zero Trust Working Group was created to validate and protect the devices and connections on a network. Those interested in learning more about the group or participating in future research are invited to join.

For more such updates and perspectives around Digital Innovation, IoT, Data Infrastructure, AI & Cybersecurity, go to

Related posts

Phil Venables to Keynote Cloud Security Alliance’s SECtemberSM

Business Wire

Ermetic Named Tomorrow’s Top Growth Company by Qumra Capital

Business Wire

Eureka Receives $8M from YL Ventures to Drive Cloud Data Growth

Business Wire