by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : June 2015
GCN JUNE 2015 • GCN.COM 31 such a commonplace term once this gets implemented, and that’s going to be the default way that people oper- ate,” Reavis said. “It’s going to be a big shift for IT and will deliver big cost sav- ings to agencies over time.” CREATING COMMUNITIES The technology CSA and its partners are using is not new. It’s based on pro- tocols developed by the Defense De- partment and the National Security Agency, and it uses standard security tools such as public-key infrastruc- ture, layered security, IPsec and Secu- rity Assertion Markup Language, along with well-understood concepts such as geolocation and federation to enable connections. Until now, however, most SDP imple- mentations have been highly custom- ized solutions, available only to the organizations (such as Coca-Cola) that developed them. The goal of CSA’s proj- ect is to move the SDP model to a more general audience. Accordingly, the open-source version being developed by Waverley Labs seeks to bring people together to talk about how to imple- ment SDP, what standard protocols could be used, what sequence of events should be followed, how to write JSON files to allow interaction with applica- tions and so on. “Our goal is to create a community that is really struggling to protect their applications and help them either hide them or move them to the cloud,” Koil- pillai said. “None of the problems we are trying to tackle with this are sim- ple; otherwise, they would have been solved by now.” Waverley Labs will do a phased re- lease of the SDP for different security layers over the next 18 to 24 months. The project will help agencies see how an actual implementation works, she said, which is vital for this kind of thing because “you actually have to take that and prove it; otherwise, people won’t believe you.” • Multilayered security The Cloud Security Alliance’s software-defined perimeter has five layers of security controls that together make it difficult for attackers to gain access. Those layers are: • Single packet authorization, which rejects all traffic from unauthorized devices. • Mutual Transport Layer Security, which provides two-way cryptographic authentications. • Device validation, which proves that the private key is held by the proper device and that the device is running trusted software and being used by the appropriate user. • Dynamic firewalls, which individually enable communication with each device. • Application binding, which only allows authorized applications to communicate via encrypted TLS tunnels and blocks all other applications from using those tunnels. APPS SDP GATEWAYS mTLS control channel with single packet authorization mTLS data channel with single packet authorization Source: Cloud Security Alliance’s “SDP Hackathon Whitepaper,” April 2014 SDP CONTROLLER Device authentication User authentication & authorization Dynamic provisioning 0615gcn_030-031.indd 31 6/1/15 10:15 AM