Pulse Secure extends Zero Trust capabilities adding SDP integration to VPN

Pulse Secure believes that the less familiar Software Defined Perimeter architecture market has reached a critical point in market acceptance.

Secure access solutions provider Pulse Secure has enhanced the Zero Trust capabilities in their Secure Access Platform through the integration of Software Defined Perimeter [SDP] architecture. The company sees differentiation in offering a flexible path to SDP by having it work alongside the platform’s existing VPN technology. They also see themselves as distinct in the market as being able to offer SPD capabilities as a product, rather than just a service, and one with hybrid capabilities that works both on-prem and in the cloud.

“Some companies offer SDP as a cloud-only service, but running that is very different from having a product,” said Bryan Embrey, Senior Product Marketing Manager at Pulse Secure.” Pulse Secure is the first vendor to offer it as a hybrid product for both the data centre and the cloud.”

SDP has been around for over a decade, so isn’t a new technology, but it has been slow to gain market acceptance. It has primarily been offered by startups who have had minimal presence in the market. It is – ultimately – a next-generation complement for VPNs.

“The issue has been that VPN has always been ‘good enough,’ and at Pulse Secure we have done a good job of enhancing it with always-on capabilities to enforce policies around encryption and data protection,” Embrey said. “In addition, while VPNs are well understood, software-defined perimeters are not something that has necessarily been well understood, along with other software-defined concepts. The industry has been getting its arms around them. But in the same way that containers were bleeding edge four years ago and are now becoming common, we see the same kind of acceptance developing around SDP, as the market educates itself. That being said, many customers have a lot of investments in VPNs, which they aren’t looking to discard.”

Embrey said that ultimately SDP will replace VPNs for cloud access within a hybrid context because it’s simply an easier technology to work with.

“Everything that you can do with VPN, you can do with SDP for cloud access,” he said. “VPN just takes more effort. The configuration and dissemination of policies is more complex in VPN. In SDP, it is architectured in. SDP also provides additional scalability and flexibility over VPN. No one wants to spend time configuring a client on their end device, or spend time on their back end from an admin perspective dealing with a lot of complex security policies.”

Several factors combined to make this a good time for Pulse Secure to add SDP to its existing Zero Trust capabilities around VPN.

“Zero Trust just means requiring verification before trust, and that is something that we have done anyway since our inception with our VPN products,” Embrey noted. “But the momentum for SDP is growing. There is ample evidence to show that traditional perimeters are breaking down. SDP is also getting more of a foothold in cloud access, and will get more momentum through last week’s Symantec acquisition of Luminate. With cloud security behind it, it is gaining market traction.”

The Pulse Secure Access Suite is now more ready to add the new technology than in the past as well.

“We have enabled capabilities in a traditional mode for virtualized environments in AWS and Azure, with similar plans for Google, and are now leveraging those,” Embrey indicated. “Now that we have these, it’s much easier to move forward into a more software-defined world that leverages these virtualized capabilities.”

Embrey said that SDP makes Zero Trust more effective for personal device access.

“It takes the Zero Trust model and extends it through centralized policies and centralized control of data planes and deep authentication,” he stated. “It allows you to be much more granular who can access applications and how, and with devices that are not corporate-owned.”

Early use cases where SDP shines include network segmentation and application isolation, particularly where there are shared databases on-prem and in the cloud.

“Our model makes this compelling because it brings on-prem and multi-cloud security together,” Embrey stated. “It is also good for segmenting specific networks, such as keeping retail operations separate from patient health care. Into the future, SDP has a significant use case in terms of DevOps to orchestrate security around containers, where they are often set up and torn down very quickly.” The latter could be done today, but market acceptance of that use case isn’t there yet, Embrey noted.

“SDP is also effective at protecting Internet of Things deployments, which are rarely architected with security in mind,” he added. “Enabling those to be secured is critical.”

VPN is likely to remain dominant in certain, common environments for a considerable time.

“It makes sense in a traditional enterprise environment where workforce is less mobile, and branch office access is less of an issue,” Embrey said. “There are a great deal of those organizations out there.”

Pulse SDP will be sold as a licensed add on within Advanced and Enterprise Editions of the Pulse Access Suites, with an SDP Controller, SDP Client and SDP Gateway all enabled within the Pulse Secure software, hardware and cloud solutions.

“Doing it this way requires only a simple license and update to enable it, and the really cool part is that it will allow the SDP to run concurrently with VPN as well, in dual mode capability,” Embrey stated. “That’s important because customers want to implement this in a step-by-step approach. They don’t want to rip and replace everything. The other cool part is that this will let you spin up new virtualized gateways very quickly if you need to react quickly.”

For Pulse Secure channel partners, Embrey said the big significance is the way SDP will allow them to re-engage with their customers for further discussions about security.

“SDP is significant for virtually everyone because the software-defined perimeter is the way that things will be going forward,” he indicated.  “This is an opportunity to reengage, have conversations about security, and chat about SDP advantages down the road. It should also make it easier to sell a suite, and expand that into a managed services environment.”

Pulse SDP will be available in Advanced and Enterprise Editions of the Pulse Access Suites in April.