The traditional perimeter-based approach to network security has failed to adequately protect organizations. A new approach is needed.


Traditional security tools like VPNs, so-called next-generation firewalls and NACs are labor-intensive to manage, don’t leverage user context to make access decisions, and can’t keep up with the pace of business. They are not fit for purpose in a perimeter-less world. As a result, organizations typically use them to control access in an all-or-nothing fashion. The implication? Authenticated users have overly-broad network access, increasing the attack surface area and enabling the types of wide-reaching breaches that we see far too often.

Perimeter based network security like VPNs and firewalls are not working

This is why, increasingly, forward-looking organizations are considering a new approach to network security. 

It’s time for an identity-centric, Zero Trust approach - and it’s called a Software-Defined Perimeter. A NAC, firewall and VPN alternative for secure access, it reduces over-privileged access and third party risk, secures DevOps without restrictions and secures access to critical workloads in public cloud. 

What is a Software-Defined Perimeter?

Based on work done within the U.S. Department of Defense, the Software-Defined Perimeter is a security framework designed to micro-segment network access. A Software-Defined Perimeter dynamically creates one-to-one network connections between the user and the resources they access.   

A Software-Defined Perimeter is built on three core pillars:

  1. Identity-centric – It’s designed around the user identity, not the IP address.
  2. Zero Trust – It leverages micro-segmentation to apply the principle of least privilege to the network. It completely reduces the attack surface.
  3. Built for the cloud – It is engineered to operate natively in cloud networks and delivers scalable security.

It ensures that all endpoints attempting to access a given infrastructure are authenticated and authorized prior to being able to access any resources on the network. All unauthorized network resources are made inaccessible. This not only applies the principle of least privilege to the network, it also reduces the attack surface area by hiding network resources from unauthorized or unauthenticated users.


Image that depicts what three different users can access via a software-defined perimeter architecture model.


The Zero Trust, Software-Defined Perimeter is becoming the de-facto standard for secure network access.  Industry analysts are touting this new approach based on its ability to increase your security, while at the same time easing the operational burdens associated with traditional network security and simplifying your environment.  

  • Gartner says that SDP enables organizations to provide people-centric, manageable, secure and agile access to networked systems. It is easier and less costly to deploy than firewalls, VPN concentrators and other bolt-in technologies.”
  • Forrester recommends implementing a broad range of Zero Trust threat prevention technologies.
  • The Cloud Security Alliance says that “The SDP security model has been shown to stop all forms of network attacks including DDoS, Man-in-the-Middle, Server Query (OWASP10) as well as Advanced Persistent Threat.” 

As enterprise organizations come to the realization that traditional network security is failing them, a Zero Trust, Software-Defined Perimeter solution is a network security alternative to secure hybrid environments. 

AppGate SDP – Identify-Centric, Micro-segmented Secure Access

AppGate SDP is a full-featured network security platform that delivers the industry’s most comprehensive Zero Trust solution. Regardless of how your hybrid environment changes, AppGate SDP ensures consistent, secure access across all workloads. 

Learn more about Cyxtera’s Software-Defined Perimeter solution, AppGate SDP.