6. 5 Major Questions
1. Where is my Data?
2. How they are Accessed?
3. How do I protect my computing power?
4. How do I protect my service and performance?
5. Do I have visibility on my traffic (inbound/outbound)?
10. 3 Operating Models
1. Proxy Mode
○ Screen/Proxy your traffic through my cloud
2. Install Mode
○ Install/Import my VM/Instance/Agent in your environment and let
me manage it
3. API Mode
○ Let me access your cloud/application APIs
14. Pros and Cons
● Pros
○ Limit access to certain
resources
○ You have more control on
the traffic...
● Cons
○ More complexity on
permissions and supported
systems
○ Open non-standard ports
○ Don’t forget! .. They are in
your network!
16. Pros and Cons
● Pros
○ Work independently from
your production resources
○ More demand on CSP APIs
● Cons
○ More complexity on
permissions and supported
systems
○
17. Facts
● Security is Not the ultimate goal in your business
○ You don’t have unlimited or get what and when you need budget
○ Prioritize your security investments
● Not all CSPs can satisfy your requirements
○ You may need more than 1 Security CSPs to fulfill your requirements
● SLA and QoS are not the same
○ Be specific and do a thorough POC.
○ Ask those who used the service..
18. Selection Guide
● How you collect, process and store my data and findings?
○ Logs, reports, controls...
● Do you act as MITM? ….
○ Managing encryption, Performance impact and latency…
● Can I control your service?
○ Managed, I can put my policies and change my rules...
● How do you connect to me?
○ VPN, SFTP, APIs, …
● Is it end2end automated?
○ No human interaction, needs human verification, 3rd party involved...
19. Selection Guide (cont.)
● How do you license me?
○ Daily Traffic, Tenant based, Per server, Per user, Yearly...etc
○ Traffic and hosting
● What is the success criteria for your solution?
○ Cost effective, Immediate remediation, Performance friendly….
● What do independent security and technology research firms say?
○ Check Gartner, Forrester and other global research firms for pros and cons
21. Architecture Approach
● Define Problem
● Define Stakeholders
● List all your Requirements
● Decompose your requirements to Business, Data, Apps and Tech
● Define your Architecture Building Blocks ABBs
● Define your Solution Building Blocks SBBs
● Search/Develop SBBs APPROPRIATE to your ABBs
● Build your Action Plan
● Implement and Govern
● Operate and manage Monitor