DOCSLIB.ORG

Security Guidance for Critical Areas of Focus in Cloud Computing V3.0

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

SECURITY GUIDANCE FOR CRITICAL AREAS OF FOCUS IN CLOUD COMPUTING V3.0 SECURITY GUIDANCE FOR CRITICAL AREAS OF FOCUS IN CLOUD COMPUTING V3.0 INTRODUCTION The guidance provided herein is the third version of the Cloud Security Alliance document, “Security Guidance for Critical Areas of Focus in Cloud Computing,” which was originally released in April 2009. The permanent archive locations for these documents are: http://www.cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf (this document) http://www.cloudsecurityalliance.org/guidance/csaguide.v2.1.pdf (version 2 guidance) http://www.cloudsecurityalliance.org/guidance/csaguide.v1.0.pdf (version 1 guidance) In a departure from the second version of our guidance, each domain was assigned its own editor and peer reviewed by industry experts. The structure and numbering of the domains align with industry standards and best practices. We encourage the adoption of this guidance as a good operating practice in strategic management of cloud services. These white papers and their release schedule are located at: http://www.cloudsecurityalliance.org/guidance/ In another change from the second version, there are some updated domain names. We have these changes: Domain 3: Legal Issues: Contracts and Electronic Discovery and Domain 5: Information Management and Data Security. We now have added another domain, which is Domain 14: Security as a Service © 2011 Cloud Security Alliance. All rights reserved. You may download, store, display on your computer, view, print, and link to the Cloud Security Alliance Guidance at http://www.cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf subject to the following: (a) the Guidance may be used solely for your personal, informational, non-commercial use; (b) the Guidance may not be modified or altered in any way; (c) the Guidance may not be redistributed; and (d) the trademark, copyright or other notices may not be removed. You may quote portions of the Guidance as permitted by the Fair Use provisions of the United States Copyright Act, provided that you attribute the portions to the Cloud Security Alliance Guidance Version 3.0 (2011). ©2011 CLOUD SECURITY ALLIANCE | 1 SECURITY GUIDANCE FOR CRITICAL AREAS OF FOCUS IN CLOUD COMPUTING V3.0 TABLE OF CONTENTS Introduction ........................................................................................................................................................................... 1 Foreword ................................................................................................................................................................................ 3 Acknowledgments ................................................................................................................................................................. 4 Letter from the Editors .......................................................................................................................................................... 6 An Editorial Note on Risk ...................................................................................................................................................... 8 Section I. Cloud Architecture ............................................................................................................................................... 11 Domain 1: Cloud Computing Architectural Framework ....................................................................................................... 12 Section II. Governing in the Cloud ...................................................................................................................................... 29 Domain 2: Governance and Enterprise Risk Management .................................................................................................. 30 Domain 3: Legal Issues: Contracts and Electronic Discovery ............................................................................................... 35 Domain 4: Compliance and Audit Management .................................................................................................................. 45 Domain 5: Information Management and Data Security ..................................................................................................... 50 Domain 6: Interoperability and Portability .......................................................................................................................... 64 Section III. Operating in the Cloud ...................................................................................................................................... 73 Domain 7: Traditional Security, Business Continuity, and Disaster Recovery ..................................................................... 74 Domain 8: Data Center Operations ...................................................................................................................................... 89 Domain 9: Incident Response .............................................................................................................................................. 93 Domain 10: Application Security ........................................................................................................................................ 103 Domain 11: Encryption and Key Management .................................................................................................................. 129 Domain 12: Identity, Entitlement, and Access Management ............................................................................................ 136 Domain 13: Virtualization .................................................................................................................................................. 157 Domain 14: Security as a Service ....................................................................................................................................... 162 ©2011 CLOUD SECURITY ALLIANCE | 2 SECURITY GUIDANCE FOR CRITICAL AREAS OF FOCUS IN CLOUD COMPUTING V3.0 FOREWORD Welcome to the third version of the Cloud Security Alliance’s “Security Guidance for Critical Areas of Focus in Cloud Computing.” As cloud computing begins to mature, managing the opportunities and security challenges becomes crucial to business development. We humbly hope to provide you with both guidance and inspiration to support your business needs while managing new risks. The Cloud Security Alliance has delivered actionable, best practices based on previous versions of this guidance. As we continue to deliver tools to enable businesses to transition to cloud services while mitigating risk, this guidance will act as the compass for our future direction. In v3.0, you will find a collection of facts and opinions gathered from over seventy industry experts worldwide. We have compiled this information from a range of activities, including international chapters, partnerships, new research, and conference events geared towards furthering our mission. You can follow our activities at www.cloudsecurityalliance.org. The path to secure cloud computing is surely a long one, requiring the participation of a broad set of stakeholders on a global basis. However, we should happily recognize the progress we are seeing: new cloud security solutions are regularly appearing, enterprises are using our guidance to engage with cloud providers, and a healthy public dialogue over compliance and trust issues has erupted around the world. The most important victory we have achieved is that security professionals are vigorously engaged in securing the future, rather than simply protecting the present. Please stay engaged on this topic and continue to work with us to complete this important mission. Best Regards, Jerry Archer Dave Cullinane Nils Puhlmann Alan Boehme Paul Kurtz Jim Reavis The Cloud Security Alliance Board of Directors ©2011 CLOUD SECURITY ALLIANCE | 3 SECURITY GUIDANCE FOR CRITICAL AREAS OF FOCUS IN CLOUD COMPUTING V3.0 ACKNOWLEDGMENTS Domain Authors/Contributors Domain 1: Chris Hoff, Paul Simmonds Domain 2: Marlin Pohlman, Becky Swain, Laura Posey, Bhavesh Bhagat Domain 3: Francoise Gilbert, Pamela Jones Harbour, David Kessler, Sue Ross, Thomas Trappler Domain 4: Marlin Pohlman, Said Tabet Domain 5: Rich Mogull, Jesus Luna Domain 6: Aradhna Chetal, Balaji Ramamoorthy, Jim Peterson, Joe Wallace, Michele Drgon, Tushar Bhavsar Domain 7: Randolph Barr, Ram Kumar, Michael Machado, Marlin Pohlman Domain 8: Liam Lynch Domain 9: Michael Panico, Bernd Grobauer, Carlo Espiritu, Kathleen Moriarty, Lee Newcombe, Dominik Birk, Jeff Reed Domain 10: Aradhna Chetal, Balaji Ramamoorthy, John Kinsella, Josey V. George, Sundararajan N., Devesh Bhatt, Tushar Bhavsar Domain 11: Liam Lynch Domain 12: Paul Simmonds, Andrew Yeomans, Ian Dobson, John Arnold, Adrian Secombe, Peter Johnson, Shane Tully, Balaji Ramamorthy, Subra Kumaraswamy, Rajiv Mishra, Ulrich Lang, Jens Laundrup, Yvonne Wilson Domain 13: Dave Asprey, Richard Zhao, Kanchanna Ramasamy Balraj, Abhik Chaudhuri, Melvin M. Rodriguez Domain 14: Jens Laundrup, Marlin Pohlman, Kevin Fielder Peer Reviewers Valmiki Mukherjee, Bernd Jaeger, Ulrich Lang, Hassan Takabi, Pw Carey, Xavier Guerin, Troy D. Casey, James Beadel, Anton Chuvakin, Tushar Jain, M S Prasad, Damir Savanovic, Eiji Sasahara, Chad Woolf, Stefan Pettersson, M S Prasad, Nrupak Shah, Kimberley Laris, Henry St. Andre, Jim Peterson, Ariel Litvin, Tatsuya Kamimura, George Ferguson, Andrew Hay, Danielito Vizcayno, K.S. Abhiraj, Liam Lynch, Michael
Recommended publications
  • Command-Line Sound Editing Wednesday, December 7, 2016

    Command-Line Sound Editing Wednesday, December 7, 2016

    21m.380 Music and Technology Recording Techniques & Audio Production Workshop: Command-line sound editing Wednesday, December 7, 2016 1 Student presentation (pa1) • 2 Subject evaluation 3 Group picture 4 Why edit sound on the command line? Figure 1. Graphical representation of sound • We are used to editing sound graphically. • But for many operations, we do not actually need to see the waveform! 4.1 Potential applications • • • • • • • • • • • • • • • • 1 of 11 21m.380 · Workshop: Command-line sound editing · Wed, 12/7/2016 4.2 Advantages • No visual belief system (what you hear is what you hear) • Faster (no need to load guis or waveforms) • Efficient batch-processing (applying editing sequence to multiple files) • Self-documenting (simply save an editing sequence to a script) • Imaginative (might give you different ideas of what’s possible) • Way cooler (let’s face it) © 4.3 Software packages On Debian-based gnu/Linux systems (e.g., Ubuntu), install any of the below packages via apt, e.g., sudo apt-get install mplayer. Program .deb package Function mplayer mplayer Play any media file Table 1. Command-line programs for sndfile-info sndfile-programs playing, converting, and editing me- Metadata retrieval dia files sndfile-convert sndfile-programs Bit depth conversion sndfile-resample samplerate-programs Resampling lame lame Mp3 encoder flac flac Flac encoder oggenc vorbis-tools Ogg Vorbis encoder ffmpeg ffmpeg Media conversion tool mencoder mencoder Media conversion tool sox sox Sound editor ecasound ecasound Sound editor 4.4 Real-world
  • Sound-HOWTO.Pdf

    Sound-HOWTO.Pdf

    The Linux Sound HOWTO Jeff Tranter [email protected] v1.22, 16 July 2001 Revision History Revision 1.22 2001−07−16 Revised by: jjt Relicensed under the GFDL. Revision 1.21 2001−05−11 Revised by: jjt This document describes sound support for Linux. It lists the supported sound hardware, describes how to configure the kernel drivers, and answers frequently asked questions. The intent is to bring new users up to speed more quickly and reduce the amount of traffic in the Usenet news groups and mailing lists. The Linux Sound HOWTO Table of Contents 1. Introduction.....................................................................................................................................................1 1.1. Acknowledgments.............................................................................................................................1 1.2. New versions of this document.........................................................................................................1 1.3. Feedback...........................................................................................................................................2 1.4. Distribution Policy............................................................................................................................2 2. Sound Card Technology.................................................................................................................................3 3. Supported Hardware......................................................................................................................................4
  • EMEP/MSC-W Model Unofficial User's Guide

    EMEP/MSC-W Model Unofficial User's Guide

    EMEP/MSC-W Model Unofficial User’s Guide Release rv4_36 https://github.com/metno/emep-ctm Sep 09, 2021 Contents: 1 Welcome to EMEP 1 1.1 Licenses and Caveats...........................................1 1.2 Computer Information..........................................2 1.3 Getting Started..............................................2 1.4 Model code................................................3 2 Input files 5 2.1 NetCDF files...............................................7 2.2 ASCII files................................................ 12 3 Output files 17 3.1 Output parameters NetCDF files..................................... 18 3.2 Emission outputs............................................. 20 3.3 Add your own fields........................................... 20 3.4 ASCII outputs: sites and sondes..................................... 21 4 Setting the input parameters 23 4.1 config_emep.nml .......................................... 23 4.2 Base run................................................. 24 4.3 Source Receptor (SR) Runs....................................... 25 4.4 Separate hourly outputs......................................... 26 4.5 Using and combining gridded emissions................................. 26 4.6 Nesting.................................................. 27 4.7 config: Europe or Global?........................................ 31 4.8 New emission format........................................... 32 4.9 Masks................................................... 34 4.10 Other less used options.........................................
  • RFP Response to Region 10 ESC

    RFP Response to Region 10 ESC

    An NEC Solution for Region 10 ESC Building and School Security Products and Services RFP #EQ-111519-04 January 17, 2020 Submitted By: Submitted To: Lainey Gordon Ms. Sue Hayes Vertical Practice – State and Local Chief Financial Officer Government Region 10 ESC Enterprise Technology Services (ETS) 400 East Spring Valley Rd. NEC Corporation of America Richardson, TX 75081 Cell: 469-315-3258 Office: 214-262-3711 Email: [email protected] www.necam.com 1 DISCLAIMER NEC Corporation of America (“NEC”) appreciates the opportunity to provide our response to Education Service Center, Region 10 (“Region 10 ESC”) for Building and School Security Products and Services. While NEC realizes that, under certain circumstances, the information contained within our response may be subject to disclosure, NEC respectfully requests that all customer contact information and sales numbers provided herein be considered proprietary and confidential, and as such, not be released for public review. Please notify Lainey Gordon at 214-262-3711 promptly upon your organization’s intent to do otherwise. NEC requests the opportunity to negotiate the final terms and conditions of sale should NEC be selected as a vendor for this engagement. NEC Corporation of America 3929 W John Carpenter Freeway Irving, TX 75063 http://www.necam.com Copyright 2020 NEC is a registered trademark of NEC Corporation of America, Inc. 2 Table of Contents EXECUTIVE SUMMARY ...................................................................................................................................
  • THE EMERGING CLOUD ECOSYSTEM: Cyber Security Plus LI/RD

    THE EMERGING CLOUD ECOSYSTEM: Cyber Security Plus LI/RD

    Day 2, Thursday, 2012 Jan 19, 09.00 hrs SESSION 4: Security in the Cloud THE EMERGING CLOUD ECOSYSTEM: cyber security plus LI/RD Tony Rutkowski, Yaana Technologies 7th ETSI Security Workshop, 18‐19 Jan 2011 © ETSI 2012. All rights reserved Outline Security as a Business opportunity: A winning driver to ensure technology success and increase confidence and trust amongst end‐users ! CtCurrent Clou d dldevelopment s Cyber security and LI/RD developments Business opportunities 2 ETSI/Security Workshop (7) S4 The Basics: a new cloud‐based global communications infrastructure is emerging Global network architectures are profoundly, rapidly changing • PSTNs/mobile networks are disappearing • Internet is disappearing • Powerful end user devices for virtual services are becoming ubiquitous • End user behavior is nomadic • Huge data centers optimized for virtual services combined with local access bandwidth are emerging worldwide as the new infrastructure These changes are real, compelling, and emerging rapidly Bringing about a holistic “cloud” ecosystem is occupying idindustry in almost every venue around the world 3 ETSI/Security Workshop (7) S4 The Basics: a new cloud‐virtualized global communications architecture Virtualized Line or air Access, IdM & transport Intercloud Other cloud virtualization services, devices interfaces cloud virtualization services services especially for application support Access, IdM & transport General services Intercloud General Access, IdM & transport services General Intercloud Access, IdM & transport services
  • Data Protection and Collaboration in Cloud Storage

    Data Protection and Collaboration in Cloud Storage

    Technical Report 1210 Charting a Security Landscape in the Clouds: Data Protection and Collaboration in Cloud Storage G. Itkis B.H. Kaiser J.E. Coll W.W. Smith R.K. Cunningham 7 July 2016 Lincoln Laboratory MASSACHUSETTS INSTITUTE OF TECHNOLOGY LEXINGTON, MASSACHUSETTS This material is based on work supported by the Department of Homeland Security under Air Force Contract No. FA8721-05-C-0002 and/or FA8702-15-D-0001. Approved for public release: distribution unlimited. This report is the result of studies performed at Lincoln Laboratory, a federally funded research and development center operated by Massachusetts Institute of Technology. This material is based on work supported by the Department of Homeland Security under Air Force Contract No. FA8721-05- C-0002 and/or FA8702-15-D-0001. Any opinions, findings and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of Department of Homeland Security. © 2016 MASSACHUSETTS INSTITUTE OF TECHNOLOGY Delivered to the U.S. Government with Unlimited Rights, as defined in DFARS Part 252.227-7013 or 7014 (Feb 2014). Notwithstanding any copyright notice, U.S. Government rights in this work are defined by DFARS 252.227-7013 or DFARS 252.227-7014 as detailed above. Use of this work other than as specifically authorized by the U.S. Government may violate any copyrights that exist in this work. Massachusetts Institute of Technology Lincoln Laboratory Charting a Security Landscape in the Clouds: Data Protection and Collaboration in Cloud Storage G. Itkis B. Kaiser J. Coll W. Smith R.
  • Sox Examples

    Sox Examples

    Signal Analysis Young Won Lim 2/17/18 Copyright (c) 2016 – 2018 Young W. Lim. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License". Please send corrections (or suggestions) to [email protected]. This document was produced by using LibreOffice. Young Won Lim 2/17/18 Based on Signal Processing with Free Software : Practical Experiments F. Auger Audio Signal Young Won Lim Analysis (1A) 3 2/17/18 Sox Examples Audio Signal Young Won Lim Analysis (1A) 4 2/17/18 soxi soxi s1.mp3 soxi s1.mp3 > s1_info.txt Input File Channels Sample Rate Precision Duration File Siz Bit Rate Sample Encoding Audio Signal Young Won Lim Analysis (1A) 5 2/17/18 Generating signals using sox sox -n s1.mp3 synth 3.5 sine 440 sox -n s2.wav synth 90000s sine 660:1000 sox -n s3.mp3 synth 1:20 triangle 440 sox -n s4.mp3 synth 1:20 trapezium 440 sox -V4 -n s5.mp3 synth 6 square 440 0 0 40 sox -n s6.mp3 synth 5 noise Audio Signal Young Won Lim Analysis (1A) 6 2/17/18 stat Sox s1.mp3 -n stat Sox s1.mp3 -n stat > s1_info_stat.txt Samples read Length (seconds) Scaled by Maximum amplitude Minimum amplitude Midline amplitude Mean norm Mean amplitude RMS amplitude Maximum delta Minimum delta Mean delta RMS delta Rough frequency Volume adjustment Audio Signal Young Won
  • Ph.D. Thesis Security Policies for Cloud Computing Dimitra A. Georgiou

    Ph.D. Thesis Security Policies for Cloud Computing Dimitra A. Georgiou

    UNIVERSITΥ OF PIRAEUS ΠΑΝΕΠΙΣΤΗΜΙΟ ΠΕΙΡΑΙΩΣ School of Information and Communication Technologies Department of Digital Systems Systems Security Laboratory Ph.D. Thesis Security Policies for Cloud Computing A dissertation submitted for the degree of Doctor of Philosophy in Computer Science By Dimitra A. Georgiou PIRAEUS 2017 Advisory Committee Costas Lambrinoudakis, Professor (Supervisor) University of Piraeus -------------------------------------------------------------------------------- Sokratis Katsikas, Professor University of Piraeus -------------------------------------------------------------------------------- Christos Xenakis, Associate Professor University of Piraeus -------------------------------------------------------------------------------- UNIVERSITY OF PIRAEUS 2017 2 Examination Committee Costas Lambrinoudakis, Professor University of Piraeus -------------------------------------------------------------------------------- Sokratis Katsikas, Professor University of Piraeus -------------------------------------------------------------------------------- Christos Xenakis, Associate Professor University of Piraeus -------------------------------------------------------------------------------- Stefanos Gritzalis, Professor University of the Aegean (Member) -------------------------------------------------------------------------------- Spyros Kokolakis, Associate Professor University of the Aegean (Member) -------------------------------------------------------------------------------- Aggeliki Tsohou, Assistant Professor
  • Name Synopsis Description Options

    Name Synopsis Description Options

    SoXI(1) Sound eXchange SoXI(1) NAME SoXI − Sound eXchange Information, display sound file metadata SYNOPSIS soxi [−V[level]] [−T][−t|−r|−c|−s|−d|−D|−b|−B|−p|−e|−a] infile1 ... DESCRIPTION Displays information from the header of a givenaudio file or files. Supported audio file types are listed and described in soxformat(7). Note however, that soxi is intended for use only with audio files with a self- describing header. By default, as much information as is available is shown. An option may be giventoselect just a single piece of information (perhaps for use in a script or batch-file). OPTIONS −V Set verbosity.See sox(1) for details. −T Used with multiple files; changes the behaviour of −s, −d and −D to display the total across all givenfiles. Note that when used with −s with files with different sampling rates, this is of ques- tionable value. −t Showdetected file-type. −r Showsample-rate. −c Shownumber of channels. −s Shownumber of samples (0 if unavailable). −d Showduration in hours, minutes and seconds (0 if unavailable). Equivalent to number of samples divided by the sample-rate. −D Showduration in seconds (0 if unavailable). −b Shownumber of bits per sample (0 if not applicable). −B Showthe bitrate averaged overthe whole file (0 if unavailable). −p Showestimated sample precision in bits. −e Showthe name of the audio encoding. −a Showfile comments (annotations) if available. BUGS Please report anybugs found in this version of SoX to the mailing list ([email protected]). SEE ALSO sox(1), soxformat(7), libsox(3) The SoX web site at http://sox.sourceforge.net LICENSE Copyright 2008−2013 by Chris Bagwell and SoX Contributors.
  • Magic Quadrant for Secure Web Gateways

    Magic Quadrant for Secure Web Gateways

    15/11/2019 Gartner Reprint Licensed for Distribution Magic Quadrant for Secure Web Gateways Published 11 November 2019 - ID G00380121 - 35 min read By Analysts Lawrence Orans, John Watts, Peter Firstbrook Rapid growth of cloud-based secure web gateway services has become a disruptive force in the market. SWG vendors are adding cloud access security broker, remote browser isolation, firewall and other advanced features to enhance the security of their platforms. Market Definition/Description The rapid adoption of SaaS applications such as Microsoft Office 365, Salesforce and others is driving enterprises to adopt cloud-based secure web gateway (SWG) services. Enterprises are rearchitecting their WANs so that web traffic from remote offices flows directly to the internet (via local internet breakout connections), instead of backhauling it over expensive MPLS links to a centralized data center. As part of this rearchitecture, enterprises are utilizing cloud-based security stacks, so that web traffic from remote offices first flows through a cloud security service (mostly SWG services) before it reaches its final internet destination. A secondary driver for the adoption of these cloud services is the need to protect mobile laptops when they are off the corporate network. We continue to see interest from enterprises seeking to integrate cloud access security broker (CASB) and SWG functionality. SWG vendors are responding to this trend, by either acquiring CASB technology or partnering with CASB providers (mainly Microsoft and its Cloud App Security service) to deliver more tightly integrated CASB and SWG solutions. CASB vendor Netskope is also addressing this trend, as it continues the development of its SWG solution introduced in 2018.
  • Informatica Economică Vol

    Informatica Economică Vol

    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by Directory of Open Access Journals 96 Informatica Economică vol. 17, no. 2/2013 Syncing Mobile Applications with Cloud Storage Services Paul POCATILU, Cătălin BOJA, Cristian CIUREA Department of Economic Informatics and Cybernetics The Bucharest University of Economic Studies [email protected], [email protected], [email protected] Cloud data storage is an option available almost on any mobile platform. Nowadays, there are multiple solutions for syncing data in mobile applications. The aim of the paper is to analyze mobile application developers’ possibilities for syncing content using major free cloud storage providers. The paper describes the cloud computing in mobile context and highlights cloud providers APIs. Experimental results are analyzed in order to identify the best cloud storage solution for syncing mobile applications, depending on the operating system on which they are implemented. Keywords: Cloud Computing, Mobile Application, Data Synchronization, Application Programming Interface, REST, OAuth Introduction Apple provides by default a 5 GB free 1 We are living in the era of agile and storage plan for every iOS user. always-available data storage [1], where it is very important to have instant and permanently access to the data, personal and private, with which we are operating at work or at home. The development of mobile technologies and the spectacular growth of mobile devices users created this opportunity to quickly read our emails, to view our documents from shared folders, to access all the data saved in the cloud directly from the personal smart-phone or tablet.
  • Security As a Service & Microsoft

    Security As a Service & Microsoft

    Security as a Service & Microsoft 365 Nils Ullmann June 2020 This model worked well in the old world Internal networks were built and optimized to connect users to apps in the data center Perimeter security appliances to protect the network Outbound Inbound Gateway Gateway FW / IPS Global LB Workforce Customers URL Filter DDoS Antivirus Ext. FW/IPS Workforce DLP Customers RAS (VPN) APJ SSL EU Internal FW DC Sandbox DC Internal LB DNS Trusted Network NA DC Securing your cloud transformation This model worked well in the old world Internal networks were built and optimized to connect users to apps in the data center Perimeter security appliances to protect the network User Outbound Inbound Board My internet is faster at home!Gateway Gateway How secure are we? FW / IPS Global LB Workforce Customers URL Filter DDoS Antivirus Ext. FW/IPS Workforce DLP Customers RAS (VPN) APJ SSL EU Internal FW DC DC CEO Sandbox Internet Security Assessment Internal LB DNS Why does it take so long! Trusted Network External Attack Surface Assessment NA DC Securing your cloud transformation An opportunity for IT to empower the business The cloud is the new data center Application Facilitates collaboration Transformation New business models Simplifies IT Data Center to Cloud Trusted Network NA DC EU DC Securing your cloud transformation The Problem: Microsoft 365 5 ©2020 Zscaler, Inc. All rights reserved. This model worked well in the old world Internal networks were built and optimized to connect users to apps in the data center Perimeter security appliances to protect the network Outbound Inbound Gateway Gateway FW / IPS Global LB Workforce Customers URL Filter DDoS Antivirus Ext.