What’s the difference between software Defined Perimeter and Zero Trust?

The software-defined perimeter is an approach to protect internal resources from external connectivity where the protection controls are programmable through a central policy engine or software-based management framework. For example, how you control the entire perimeter access through a single policy based central engine and that central management engine takes care of deploying different configurations to different control sets that protect the entire perimeter. Typical solutions that are required to protect the perimeter are firewalls, intrusion prevention, web inspect, advanced threat protection, DDOS protection, DLP, VPN / Encryption and many more depending on what is available for access from the outside world.

While “Zero Trust” is the framework basis which controls are designed and managed for the entire IT infrastructure which includes your network, datacenter, application, data, people, system and devices. In this framework the principle is to not TRUST anyone and verify the access and context every time before allowing the access to services, applications or data. This requires controls to be placed at strategic points in the architecture so that these verifications can be done easily without hassling the users too much. Also, these controls are to be selected in such a way that they are unified and integrated irrespective of the infrastructure, services or data they are protecting and where they are implemented whether on premise or in cloud or in SaaS.

Also, the important aspect is to operate a single common policy across the organization on different types of infrastructure, services and data which requires a central Provisioning and Orchestration tool which helps to manage the entire “Zero Trust” environment centrally and Software Defined.