SGN, the gas company that serves homes in the south of England and Scotland, has begun using next-generation access control from Vidder, based on the concept of a software-defined perimeter (SDP).

The software-defined perimeter will be part of a multi-layered approach to network security using a zero-trust model.

SGN is under pressure to reduce costs and pass cost savings up the supply chain. Initiatives to tackle costs include the roll-out of smart metering, and using robotics to inspect pipes.

The utility company is using Vidder PrecisionAccess to support its migration to the cloud.

“Our IT strategy is to go cloud first,” says SGN chief information security officer Mo Ahddoud. “We have an 18-month transformation period, during which about 80% of our application will be cloud-enabled.

“All our applications will be consumed through the cloud – so we won’t have an on-premise datacentre.”

From an end-user computing perspective, SGN runs desktops, laptops and tablets, and third-party companies also need network access.

Ahddoud says the company wants to simplify the way its users access the network, which could also be extended to cover third parties and non-corporate devices. “We want to prioritise access control,” he says. “We want to support mobility across business operations. We don’t care whether you connect through a coffee shop or home Wi-Fi. It’s all just an internet pipe.”

But SGN must still be able to monitor end-point devices and provide stringent access control, says Ahddoud.

In the past, businesses would have deployed network access control (NAC) to enable people to log into the corporate network from outside.

Read more about software-defined perimeters The Cloud Security Alliance software-defined perimeter initiative is meant to secure BYOD and the collective internet of things.

The Cloud Security Alliance’s software-defined perimeter protocol can help enterprises achieve dynamic air-gapped networks. Expert Ed Moyle discusses how SDP works and the benefits it can provide.

In a blog post, Vidder says NAC adoption was driven by the emergence of enterprise Wi-Fi a decade ago. “NAC products combined Active Directory authentication with posture checking to determine whether employees should get to access to the datacentre.”

NAC would have required SGN to invest in its network infrastructure, which Ahddoud says did not fit with the company’s cloud-first strategy.

Instead, it decided to look at implementing a software-defined perimeter, which essentially treats the network as untrusted and encrypts the connection. “We authenticate the users, who are then allowed to connect to the network,” says Ahddoud. “They are given restricted access to the applications they are allowed to use.”

For Ahddoud, accessing a traditional network perimeter is a bit like visiting a hotel. “You give the concierge your reservation number, then you can walk through the whole hotel,” he says. “Each of the rooms has a lock. In a software-defined perimeter, you only get access to your room and maybe access to the swimming pool and bar.”

The Vidder blog describes SDP functions as a gateway between the user and application resources. “The distributed design of SDP allows it to be deployed inside the enterprise and in public clouds,” it says. “SDP provisions connectivity in real time, thus ensuring access matches policy. And, most important, the SDP control channel can be combined with advanced malware detection software, tamper-proof RAM and micro-virtualisation technologies to ensure the endpoint is truly trusted.”