skip to main content

Ovum view


Symantec has placed itself squarely in the market for software-defined perimeter (SDP) technology, a more versatile alternative to virtual private networks (VPNs) for remote access, with its acquisition of SDP startup Luminate Security. This raises the profile of SDP, which until now has been offered mainly by smaller vendors.

The acquisition raises the profile of software-defined perimeter tech

VPNs date from an era when remote users logged onto corporate networks to access applications hosted in their employer's data center. This scenario favored a hub-and-spoke architecture, in which VPN clients on endpoints communicated with a concentrator in the data center, which bridged the traffic to and from the required applications.

However, that model was stressed by the advent of cloud computing. Remote users' traffic to and from the cloud-based applications now had to "trombone" through the corporate data center and back out – a process that added latency and degraded the end-user experience, not to mention impacting productivity.

SDP technology arose to address this shortcoming. It works by interposing a controller, itself often cloud-based, to perform user and device authentication prior to allowing access to the requested cloud-based assets, which are located behind an SDP gateway that the controller instructs to enable the access. It is often seen as an example of the "zero trust" model, whereby users are granted access only to the specific application they requested, rather than the "access all areas" approach of VPN.

SDP has been gathering steam in recent years. The Cloud Security Alliance has a working group on the subject, and vendors already offering it include Cyxtera (via its acquisition of Cryptzone), Perimeter 81, Vidder, and Meta Networks. A larger player entering the fray in 2017 was Zscaler, with its Zscaler Private Access (ZPA) product. Pulse Secure, with its security assets spun off from Juniper in 2014, has also just launched an offering, but Symantec is clearly of a different order of magnitude.


Further reading

On the Radar: Pulse Secure delivers zero trust secure access, INT003-000324 (February 2019)

On the Radar: Zscaler Private Access provides application-specific access to remote users, IT0022-001075 (September 2017)

On the Radar: Vidder adds endpoint trust assessment to PrecisionAccess, IT0022-001010 (June 2017)

On the Radar: Vidder uses software-defined perimeter to control access to corporate assets, IT0022-000782 (September 2016)

On the Radar: Cryptzone AppGate XDP delivers "segment of one" access to enterprise applications, IT0022-000663 (April 2016)


Rik Turner, Principal Analyst, Infrastructure Solutions

[email protected]