Subscribed 2015: Architecture, Security, Scalability

May 27, 2015Download as PPTX, PDF3 likes2,212 views

In an era of stolen credit card information, polymorphic malware and website downtime, security and scalability are of the utmost importance. Come join Zuora's Technical Operations & Security team to hear about the measures we've taken to ensure your business can scale with us and your customer data is protected.

Architecture, Security and
Scalability in the Cloud
Andrey Kolesnikov
VP, TechOps
Pritesh Parekh
Chief Security Officer

Agenda
Industry Trends
Compliance Strategy
Securing SaaS
Product Security
Look Inside the platform
Scale and Resiliency
Ops Approach

Industry Data Security
Breaches
Courtesy: www.informationisbeautiful.net

Courtesy: Symantec 2015 Internet Security Threat Report
Industry Data Security
Breaches 2014

Subscribed 2015: Architecture, Security, Scalability

Courtesy: Symantec 2015 Internet Security Threat Report
Industry Data Security
Breaches 2014
• Top 3 entry point used for hacking
• Weak Authentication (Employee or Third Party Vendors)
• Malware infected using Phishing
• Application or Server Weakness
• Top motives are CC data and PII with email address
• Average Cost per data breach is $3.5 million or $145 per compromised record (does
not include loss of reputation)
• Hackers targeting CFOs to gain monetary advantage on market moving information

Industry Leading
Compliance Strategy
• Required for all service providers storing or processing credit cards
• PCI DSS Level 1 since 2008
• 200+ Security Controls required
• Supports Customer SOX compliance
• SSAE 16 SOC 1 Type II since 2009
• SOC 2 Type II based on Trust Services Principles
• HHS HIPAA audit program as a Business Associate
• Compliance with Security, Privacy and Breach Notification requirements
• Provides a method for U.S. companies to transfer personal data from the
EU to US
• Protection of consumer personal data

Enterprise-grade Data Security
• TLS Encryption
• Network Firewall and Web Application Firewall
• Host Intrusion Detection Systems
• Sensitive Data Encryption using FIPS certified
Hardware Encryption
• Multiple layers of authentication
• Continuous Application Pen Testing
• Daily Network Scans & Third Party Security
testing
• Centralized Logging and Real-time Alerting
• Secure SSAE16 Compliant Data Centers
Load Balancers Load Balancers
Log ServersDB Servers
Firewall
IDS
Firewall
IDS
Zuora UI Customer Apps APIs
TLS
Storage
Encryption
ApplianceApp Servers
Enterprise-grade Data Security

Strong authentication features support
enterprise ecosystem integration
• Strong Security
Policies
• 2-factor
Authentication
• Single Sign-on
support
• IP-address
filtering

Granular data access features supports SOX
compliance requirements
65 distinct permissions for standard and admin user roles

Data Access Control
WORLDWIDE
NORTH
AMERICA
US CANADA
EUROPE
ITALY FRANCE

• Greater Control with the hierarchy
based data access feature
• Access can be granted on a need-
to-know basis (department, geo-
location, product etc.)
Data Access Control

Private Cloud
Commercial Software
Quarterly Releases
SQL
VMs
MTBF
DIY
Stack Trends
Public Cloud
OSS
Continuous Delivery
NoSQL
Containers
MTTR
SaaS
SaaS v1.0 SaaS v2.Current
SLIDE HEADER

Across Zuora
Platform
Transactions a month Rows of data
synchronized and
exported
Average Monthly Volume Snapshot:
Average platform
compute utilization
1.3B 22B 40%

3
Team Pillars
Customer,
Technology,
Business
50/50
Developer/Sy
sEng Ratio
2
Public Cloud
Regions
2
Operation
Centers
900+
Nodes
2
Geo Distributed
datacenters
Look Inside

Tiers
Ephemeral
Persistent
Infrastructure
Fault Domains
Vertical
Horizontal
Scale
Horizontal
Vertical
Partition
Approach to Infrastructure

Embed Ops into Dev
Durability > Availability
API > Scripts
Metrics, Metrics, Metrics
Ops Approach

GRIDGRIDSummary
GRID
• Compliance Certifications – PCI, SOC1, SOC2 and HIPPA
• Data Security – Web Application Firewall, Host Based
Intrusion Detection System and Continuous Security
Testing
• Product Security – 2FA, SSO, Data Access Controls and
Strong Security Policies
• Infrastructure – Public/Private Cloud, OSS
• Architecture – Right size/approach for the problem
• Operators – Mix of Developers and Systems Engineers

Market experts and leading analyst firms predict that we’ll see the number of smart connected things grow from ~2B today to over 50B within the coming decade. The introduction of these new smart, connected things enable functional variability to shift from the physical design to the digital smarts that are being embedded in the “thing”. This explosion of smart, connected things provides both their creators and users (consumers and enterprises) with endless opportunities to continually monetize features, options, usage and data over the lifetime of the “thing’s” operation. Come to this session and see how PTC and Zuora are helping businesses capitalize on these important new revenue streams through a live demo.

Building IoT Solutions 101Kellton Tech Solutions Ltd

Save to in invest: in challenging economic times, Managed services is the way...Mahmoud Dasser

Data-driven marketing - expert panelCloudera, Inc.

This document summarizes a panel discussion on data-driven marketing. The panelists were from various companies and included Wim Stoop, Jason Foster, Nick Muir, and Michael Whitelegge. They discussed how customer 360 views can help understand customers by combining data from various sources. Traditional approaches kept customer data in silos and had limitations. New approaches use enterprise data hubs to ingest both structured and unstructured data in real-time. Case studies from RBS and M&S showed how customer insights helped improve marketing campaigns and the customer experience. The panel then discussed how customer 360 is now a requirement, ideal first projects, the impact of GDPR regulations, and the importance of culture change for success.

Manufacturing with Internet of ThingsConnected Futures

This document discusses how manufacturing companies can leverage the Internet of Things (IoT) through digital transformation. It explains that technology now allows unprecedented capabilities like mobile engagement and cloud delivery. Manufacturers can derive business benefits like reducing defects by 49% and downtime by 48% through IoT solutions. The document outlines key capabilities needed for digital transformation, such as collecting/capturing data, analyzing/distributing insights, and enabling fast execution. It recommends starting the transformation by prioritizing use cases with clear business impacts and developing a phased approach balancing people, processes and technology. Examples from Cisco supply chain demonstrate benefits like improved productivity through IoT applications.

Ensure a Successful SAP Hybris Implementation – Part 2: Architecture and Buil...Kellton Tech Solutions Ltd

This document provides information about an upcoming webinar series on SAP Hybris architecture. It discusses the topics and agenda for Part II of the series on Architecture & Building Blocks, which will cover SAP Hybris architecture models, synchronous and asynchronous integration with SAP systems, and the architecture building blocks. The presentation is by Ravi Pal from Kellton Tech and will provide an overview of SAP Hybris architecture and its key components.

CIS 2015 How to Maximize the Business Value of Identity and Preference Manage...CloudIDSummit

[Webinar] - How to Future-proof Your ERP Applications with Intelligent Automa...JK Tech

Many of the present-day enterprise solutions are built on single or multiple ERP platforms having complex architecture, heavy customisations, and third-party integrations. Intelligent Automation (IA) can breathe new life into your legacy applications and ERP systems, with leading-edge automation and AI, delivered quickly and cost-effectively, without the need to rip-and-replace. During this 45-minute event, we had showcased how Intelligent Automation and ERP, together, can accelerate your digital transformation initiatives. KEY TAKEAWAYS: • Key ERP business processes use cases that drive significant gains in cost savings, productivity improvements, and process accuracy. • Hear from our customer speaker, Adam Forde – Group CIO of Spectris plc and Malvern Panalytical Ltd., about the intelligent automation journey helping his business deliver value beyond measure, accelerated by the Covid economy. • See JK Technosoft’s Test Automation Framework (tAF®) which results in up to 33% productivity gains vis-à-vis traditional test automation methods and can be used across multiple ERP systems including Progress, QAD, and SAP. If automating 2x more processes, at 1/5 of the cost, with the ability to scale 3x faster piques your interest, then reserve your spot today.

Fabrizio Biscotti Gartner - SMAU Milano 2017SMAU

SD-WAN iFLX-BrochureTata Tele Business Services

Webinar - IoT - Business Transformation LaunchpadJK Tech

25 6-2013 - abecon inspiratiedag - breinwave bi solutionsPeter de Haas

The API EconomyCatalyst Investors

SaaS adoption has proliferated across nearly every industry vertical and business function to the point where it is now nearly ubiquitous throughout the economy. This has created multiple market opportunities for businesses utilizing an “API-first” strategy, whereby they offer new products or services via API that complement existing SaaS applications or they use API technology to break down data silos and connect what would otherwise be disparate data sets. A handful of first-movers have capitalized on a subset of these opportunities in both products & services (e.g., Twilio in voice & text, Stripe in payments) and data aggregation (e.g., MuleSoft for enterprises, Plaid for FinTech / financial institutions). We believe this dynamic is still in its early days and that there will be many future opportunities for growth investors with strong SaaS experience to partner with these businesses. To capitalize on this trend, Catalyst is exploring businesses participating in the “API Economy”, which we define as companies doing any of the following: 1. Pursuing an “API-first” product or go-to-market strategy (e.g., Twilio, Stripe, Algolia, MapBox) 2. Utilizing APIs to connect data silos (e.g., MuleSoft, Plaid, Zapier, Segment, Redox, Trulioo) 3. Enabling the development and maintenance of APIs (e.g., Apigee, Kong, SmartBear) At Catalyst, we employ a proactive, research-based approach to investing, targeting sectors experiencing outstanding growth. If you are an owner, operator, or investor of a growth stage company participating in the API Economy, we would like to hear from you. Please send inquiries and business plans to [email protected].

IBM Systems of InteractionIBM Sverige

The document discusses how business transactions have moved beyond enterprises as devices become increasingly connected. It notes that over 1 trillion devices will be connected to the internet by 2013. This connectivity is generating massive amounts of data and changing how customers interact with companies. The document advocates for integrating systems of engagement and record to enable new interactions and insights. It presents IBM's systems of interaction portfolio as a way to rapidly connect systems, extract insights from real-time data, and innovate through an open integration platform.

[Webinar] – Social Distancing Radar: Smart AI Solution to Restart Your BusinessJK Tech

The COVID-19 pandemic has unleashed chaos across the globe and as most of the organizations plan to reopen their office premises and start business operations, they would require a system that can monitor the user's movements and identify overcrowded places within the premises. Social Distancing Radar (SDR) aims to help organizations reboot their business operations using a monitoring system that guarantees a safe and protected environment through an easy plug and play system that can extract data from sources like CCTV camera feeds to continuously monitor users movements, the number of people present at places like conference rooms, common areas like canteen, office cubicles, contact tracing, etc. and raise the alarm if needed. In this webinar, we will discuss how our Social Distancing Radar, an AI-based solution, acts as an intelligent monitoring system and empowers your business to re-start the operations and provides a safe and secure environment to your workforce. KEY TAKEAWAYS: - How should a business plan their jump-start through the Artificial Intelligence revolution? - What is JKT’s Social Distancing Radar solution? - What value add SDR will bring to your business? - How can any organization make use of the Social Distancing Radar to integrate with the existing surveillance system for a safe and secure workplace? - How IT Admin and Security Teams can take advantage of the user-friendly analytical dashboard of Social Distancing Radar? - How can any organization install Social Distancing Radar with minimum investment and customization in the existing infrastructure?

Going digital in a hurryMATRIXX Software

Tivi - Tunnistautuminen - 2020Pete Nieminen

Cloud Computing: Delivering Public, Private and Hybrid Cloud SolutionsCygnet Infotech

Making iot deliver business value v4Kellton Tech Solutions Ltd

The document provides information about an IoT implementation strategy presentation. It begins with an agenda that covers topics like IoT introductions, pilot statistics, revenue opportunities, implementation pitfalls, strategies, architectural considerations of build vs buy, choosing platforms, and a case study. It then discusses each topic in further detail with statistics, frameworks, scorecards, and an example case study of a successful IoT implementation for an access control company.

Best Practices for Managing and Sharing Data in a Connected WorldDataWorks Summit

As the world becomes more connected, traditional industry boundaries are becoming more intrinsically linked as well. In the automotive industry, for example, connected vehicles are morphing into increasingly connected communities encompassing cities, homes, workplaces, insurance companies, commerce and beyond. However, as the “art of the possible” is being pondered, pioneers are quickly discovering that connected community value is intrinsically related to the value of the data within the community. At the same time, this raises important data management questions. For example, how will data be shared and used within the community? How can security and governance be ensured? And, how can data management practices be audited over time to ensure compliance with established standards? In this session, learn how new technologies such as blockchain and open source data management solutions can be used to provide end-to-end data governance processes (i.e. data access, permissions and audit), essential for creating trust among community stakeholders.

Twitter and ibm form strategic relationshipPietro Leo

IBM and Twitter announced a global partnership to integrate Twitter data with IBM's analytics platforms and services. This will allow businesses to transform how they make decisions using real-time insights from Twitter. The collaboration focuses on three areas: integrating Twitter data with IBM cloud analytics services; developing new data-driven capabilities for enterprises; and providing specialized consulting services. The goal is to help businesses better understand customers, identify trends, optimize operations, and improve every decision using insights from Twitter data.

Blockchain on AWS for BusinessesJK Tech

The benefits of Blockchain network have been well established. Clarity is needed in identifying the use cases that can be effectively resolved by Blockchain. Business Benefits of Using Blockchain: • Reduction in KYC costs. • Efficient and quicker settlements. • Lower risk of fraud and theft. • Automation of tasks. • Better pricing. In this document, our experts share experiences covering major topics along with showcasing an industrial application of a Blockchain network deployed on AWS to instill transparency in retail supply chain network. Key Takeaways: • How to evaluate the trade-offs involved in a Blockchain network design? • How to choose the right platform? • Deployment of Hyperledger on AWS and AWS managed Blockchain. • Demonstration of Blockchain network for improving transparency in the retail network. Visit our website link: https://jktech.com/insight/webinar/blockchain-on-aws-for-businesses/ Follow us on: Linkedin: https://www.linkedin.com/company/jk-technosoft/ Facebook: https://www.facebook.com/JKTechnosoftServices/ Twitter: https://twitter.com/JKTechnosoft

[Webinar] - Intelligent Automation: Enabling Bots with BrainJK Tech

Customer experience and productivity of employees has always been the key priority to any organization. We always think about how to get rid of repetitive and redundant tasks in our day to day life. The main reason for this thought process is to automate repetitive tasks and enable employees to focus on more important tasks that can add value to the organization. While Robotic Process Automation (RPA) has been always the solution here; but it had its own limitation of being able to automate the processes where human intervention was not present. This is where the need for intelligent and hyper-automation comes in which is capable of not only mimicking human tasks but can also learn and make decisions. Intelligent Automation = Robotic Process Automation + Artificial Intelligence Intelligent Automation (IA) empowers Robotic Process Automation (RPA) with Artificial Intelligence (AI) capabilities for end-to-end automation that covers the phases of process identification, automation, optimization and orchestration of a business process involved in creating a robot teamed up with humans. In this webinar, we had come live together with UiPath – named a leader in Robotic Process Automation by Gartner – to help you and your organization leverage the best from both the worlds. We will discuss how Intelligent Automation can be embraced by organizations and how it can be used to enhance the efficiency of various processes along with various hyper-automation related features that UiPath has come up with. KEY TAKEAWAYS - Current trend of Automation. - What is Intelligent Automation? - Why Intelligent Automation? - Benefits of Intelligent Automation over RPA. - How Intelligent Automation helps organizations accelerate digital transformation and prepare better for future unprecedented times? - How to embrace the Intelligent Automation journey?

Enterprise Service Management: Taking a Paradign Shift in the Digital EraJK Tech

IoT with Progress – Let’s SimplifyJK Tech

- By 2020, there will be over 20 billion devices connected to the Internet of Things. Manufacturing and retail industries are expected to see the largest gains from IoT. - Different industries like automotive, healthcare, manufacturing, retail, supply chain, and insurance can benefit from IoT solutions like fleet management, remote patient monitoring, smart sensors, and usage-based insurance. - When developing an IoT strategy, companies need to consider challenges like integration, change management, and selecting the right IoT tools and middleware platforms to handle connectivity, security, and scalability.

PTC Corporate Overview 2018PTC

This document describes a global software company that designs, manufactures, operates and services connected physical things through an industrial innovation platform. It has $1B+ in annual revenue and a global network of 400K+ developers and 1K+ partners. The company's strategy is shaped by the convergence of the physical and digital worlds. It provides solutions across various industries including smart manufacturing, IoT, asset maintenance, smart cities and more through its cloud-based industrial innovation platform.

Establishing sustainable GDPR complianceCloudera, Inc.

Daniel Grabski | Microsofts cybersecurity storyMicrosoft Österreich

The document discusses Microsoft's approach to security and how the threat landscape is evolving. It emphasizes building an integrated security experience that combines data from across Microsoft products and services with machine learning to better detect and respond to threats. It also outlines Microsoft's strategy to make attacks more costly for threat actors by disrupting their economic models and technical playbooks through rapid response capabilities and a defense in depth approach across identity, devices, infrastructure and applications.

Cloud SecurityAWS User Group Bengaluru

The document discusses cloud security and compliance. It defines cloud computing and outlines the essential characteristics and service models. It then discusses key considerations for cloud security including identity and access management, security threats and countermeasures, application security, operations and maintenance, and compliance. Chief information officer concerns around security, availability, performance and cost are also addressed.

Cloud SecurityAWS User Group Bengaluru

More Related Content

What's hot (19)

Fabrizio Biscotti Gartner - SMAU Milano 2017SMAU

SD-WAN iFLX-BrochureTata Tele Business Services

Webinar - IoT - Business Transformation LaunchpadJK Tech

25 6-2013 - abecon inspiratiedag - breinwave bi solutionsPeter de Haas

The API EconomyCatalyst Investors

IBM Systems of InteractionIBM Sverige

[Webinar] – Social Distancing Radar: Smart AI Solution to Restart Your BusinessJK Tech

Going digital in a hurryMATRIXX Software

Tivi - Tunnistautuminen - 2020Pete Nieminen

Cloud Computing: Delivering Public, Private and Hybrid Cloud SolutionsCygnet Infotech

Making iot deliver business value v4Kellton Tech Solutions Ltd

Best Practices for Managing and Sharing Data in a Connected WorldDataWorks Summit

Twitter and ibm form strategic relationshipPietro Leo

Blockchain on AWS for BusinessesJK Tech

[Webinar] - Intelligent Automation: Enabling Bots with BrainJK Tech

Enterprise Service Management: Taking a Paradign Shift in the Digital EraJK Tech

IoT with Progress – Let’s SimplifyJK Tech

PTC Corporate Overview 2018PTC

Establishing sustainable GDPR complianceCloudera, Inc.

Fabrizio Biscotti Gartner - SMAU Milano 2017SMAU

SD-WAN iFLX-BrochureTata Tele Business Services

Webinar - IoT - Business Transformation LaunchpadJK Tech

25 6-2013 - abecon inspiratiedag - breinwave bi solutionsPeter de Haas

The API EconomyCatalyst Investors

IBM Systems of InteractionIBM Sverige

[Webinar] – Social Distancing Radar: Smart AI Solution to Restart Your BusinessJK Tech

Going digital in a hurryMATRIXX Software

Tivi - Tunnistautuminen - 2020Pete Nieminen

Cloud Computing: Delivering Public, Private and Hybrid Cloud SolutionsCygnet Infotech

Making iot deliver business value v4Kellton Tech Solutions Ltd

Best Practices for Managing and Sharing Data in a Connected WorldDataWorks Summit

Twitter and ibm form strategic relationshipPietro Leo

Blockchain on AWS for BusinessesJK Tech

[Webinar] - Intelligent Automation: Enabling Bots with BrainJK Tech

Enterprise Service Management: Taking a Paradign Shift in the Digital EraJK Tech

IoT with Progress – Let’s SimplifyJK Tech

PTC Corporate Overview 2018PTC

Establishing sustainable GDPR complianceCloudera, Inc.

Similar to Subscribed 2015: Architecture, Security, Scalability (20)

Daniel Grabski | Microsofts cybersecurity storyMicrosoft Österreich

Cloud SecurityAWS User Group Bengaluru

Cloud Security for Startups - From A to E(xit)Shahar Geiger Maor

Cisco Connect 2018 Thailand - Secure data center building a secure zero trust...NetworkCollaborators

1) Tetration provides a secure data center solution using its analytics platform to gain visibility and insights into network traffic, workloads, and applications across hybrid cloud environments. 2) It uses sensors to capture network conversations and behaviors across hosts, applications, and workloads to generate metadata that is analyzed using machine learning to provide insights, detect threats, and enforce microsegmentation policies. 3) Tetration's workload protection capabilities include understanding application relationships and behaviors, simulating policy changes, consistently enforcing policies across clouds, and providing forensic capabilities for threat hunting and security investigations.

microsoft-cybersecurity-reference-architectures (1).pptxGenericName6

This document provides an overview of Microsoft's Cybersecurity Reference Architectures (MCRA). It begins with an introduction to MCRA and related topics like Zero Trust. It then discusses implementation considerations for architects, technical managers, CIOs, and CISOs. The document outlines various security roles and provides guidance on security strategy, programs, and initiatives. It also lists several Microsoft and third-party resources for security documentation, benchmarks, frameworks, and more. Finally, it discusses key principles for a Zero Trust approach and how Microsoft products can help implement Zero Trust architectures across networks, applications, endpoints, identities, data, and infrastructure.

ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...PlatformSecurityManagement

BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017Micro Focus

Regulatory requirements such as GDPR are platform agnostic – and who can predict what further challenges lie ahead? It certainly will not become any easier. Security for the mainframe is likely to remain a live issue. If you have a mainframe then this affects you. Fortunately, the help is out there. Attend this session to discover how Micro Focus can secure your mainframe environment today and into the future.

Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Decisions

On April 15, 2015, Scalar hosted our Security Roadshow in Toronto where we'll be focused on defence in three key areas - endpoint, application, and network. Led by our team of experts, these quick-fire, interactive sessions will arm you with the knowledge you need to improve your cyber security posture in some of the most common areas of vulnerability. Defend the Endpoint with Bromium Bromium is a new security protection tool for the host that relies on task-based virtualization. In this demo we'll look at how Bromium runs and protects the endpoint. We'll invite 0days from the audience and bring our own to show how the system really works. Much like how each virtual server is contained in a hypervisor, with Bromium each individual task on a host is contained in its own task-based virtual container. If you’ve ever looked at the Windows Task Manager, or the output of a Unix ‘ps’ process list, imagine if each group of processes, that makes up the task, was contained in its own hypervisor. That can be 40-50 tasks or more, each isolated in its own little hypervisor with no real access to the host. Why is task virtualization helpful? By keeping each task in its own hypervisor, Bromium gives you a bottoms-up view of each individual task’s behaviour – without impacting system performance. If each process is contained in its own hypervisor, it’s easy to see when a process begins spawning other activities or creating any unusual traffic. Basically, it can very easily identify anything shifty. This is the most granular level of inspection you can get at a host level – Bromium is there at the very beginning when the virus begins to execute. Defend the Application with WhiteHat In this session we will look at a newer approach to application security and penetration testing, which combines persistent and automated testing processes to continuously monitor applications for vulnerabilities, as well as deep inspection of the business logic by trained specialists. This approach exceeds newer PCI 3 requirements and provides ongoing assurance that web application vulnerabilities are quickly detected and tracked to remediation. We'll walk through the WhiteHat Security client management portal and discuss the WhiteHat methodology that can now be used, by you, to leverage the 150+ application specialists at WhiteHat to build a continuous application assessment process for your company's active web applications and software development teams. Defend the Network with LogRhythm As the security landscape changes, Security Information and Event Management (SIEM) tools that detect and investigate security breaches and threats have become increasingly complex to implement, integrate, and support. Inefficient solutions leave organizations slow to defend against and respond to complex attacks. LogRhythm’s Security Intelligence Platform has removed the complexity from SIEM, while leveraging real-time threat intelligence with behavioural an

Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & ComplianceMSAdvAnalytics

Eric Golpe. Security, privacy, and compliance concerns can be significant hurdles to cloud adoption. Azure can help customers move to the cloud with confidence by providing a trusted foundation, demonstrating compliance with security standards, and making strong commitments to safeguard the privacy of customer data. This presentation will educate you in the fundamentals of Azure security as they pertain to the Cortana Analytics Suite, including capabilities in place for threat defense, network security, access control, and data protection as well as data privacy and compliance. Go to https://channel9.msdn.com/ to find the recording of this session.

Security architecture best practices for saas applicationskanimozhin

This document discusses security best practices for Software as a Service (SaaS) applications. It recommends adopting a holistic governance framework to manage operational risks, using standards like COBIT 5. Key aspects covered include tenant data isolation, role-based access control, preventing common web attacks, and implementing robust security auditing of events, transactions, and user actions. The goal is to establish trust with customers by providing protection of information, access controls, data security, and audit capabilities.

Cybersecurity for Board.pptxSandeepAgrawal98

This document discusses data security and prevention of cyber attacks. It outlines 5 tiers of security measures including firewalls, antivirus software, intrusion detection, and data encryption. Tier 1 focuses on firewalls and email security. Tier 2 uses virtual private networks and isolated networks. Tier 4 protects servers and desktops with antivirus, patch management, and access control. Tier 5 restricts internet access. Recent recommendations include implementing multi-factor authentication, making the company forensic ready, and keeping logs for 180 days. An implementation plan is outlined.

Security Architecture Best Practices for SaaS ApplicationsTechcello

Cybersecurity update 12Jim Kaplan CIA CFE

Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues. In part 12 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including: Where are we now and Where are we going? Current Cyberrisks • Data Breach and Cloud Misconfigurations • Insecure Application User Interface (API) • The growing impact of AI and ML • Malware Attack • Single factor passwords • Insider Threat • Shadow IT Systems • Crime, espionage and sabotage by rogue nation-states • IoT • CCPA and GDPR • Cyber attacks on utilities and public infrastructure • Shift in attack vectors

talk6securingcloudamarprusty-191030091632.pptxTrongMinhHoang1

Make sure you exercise due diligence when selecting a cloud service provider. Make sure the cloud environment supports the regulatory requirements of your industry and data. Conduct data classification to understand the sensitivity of your data before moving to the cloud. Clearly define who owns the data and how it will be “returned” to you and the timing in the event you cancel your agreement. Understand if you are leveraging the cloud in IaaS, PaaS, SaaS or other model.

SD-WAN - comSpark 2019Advanced Technology Consulting (ATC)

Embracing secure, scalable BYOD with Sencha and CentrifySumana Mehta

Scalable enterprise mobility solutions: How to give your employees tools they need without sacrificing user experience and security. Consumerization of IT and BYOD are here – and it’s a GOOD thing. Today's dynamic workplaces and hyper-competitive markets drive demand for more mobile productivity solutions. Nearly 70% of enterprise employees report making better decisions, being more productive and happier if they are allowed to use mobile devices and cloud-based tools. Yet, IT organizations often resist these trends because of cost and risk associated with multi-platform, multi-device ecosystem having access to corporate data and resources. In this webinar, product experts from Sencha and Centrify will help your organization embrace BYOD and SaaS in a cost-effective, scalable way. Sencha Space is an advanced platform for securely deploying mobile apps and delivering a consistent, elegant, mobile user experience to end-users. Users can launch any mobile web app, or HTML5 app in a secure, managed environment. Combining Space with secure, Active Directory- or Cloud-Based Identity and Access Management (IAM) from Centrify gives IT visibility and control over mobile platforms and SaaS / in-house apps while improving user experience and reducing security risk.

Week 09_Cyber security u.pdfdhanywahyudi17

Database Security Threats - MariaDB Security Best PracticesMariaDB plc

The document discusses security best practices and features for MariaDB and MaxScale databases. It describes threats like SQL injection, denial of service attacks, and excessive trust. It recommends defenses like limiting network access, restricting user privileges, and enabling encryption, auditing, and firewall features. It also explains how MaxScale provides selective data masking, database firewall filtering, and other protections to prevent unauthorized access and secure sensitive data.

Azure security and ComplianceKarina Matos

- Azure provides a unified platform for modern business with compute, data, storage, networking and application services across global Azure regions and a consistent hybrid cloud. - Azure focuses on security and privacy with an emphasis on detection, response, and protection across infrastructure, platforms and applications. - Security is a shared responsibility between Microsoft and customers, with Microsoft providing security controls and capabilities to help protect customer data and applications.