WHAT MAKES A SECURE CLOUD? Security Overview of Verizon Cloud



Similar documents
WHAT MAKES A SECURE CLOUD? Security Overview of Verizon Cloud

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

How To Protect Your Cloud From Attack

VMware vcloud Air Security TECHNICAL WHITE PAPER

Security Whitepaper. NetTec NSI Philosophy. Best Practices

Cloud Assurance: Ensuring Security and Compliance for your IT Environment

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

Addressing Cloud Computing Security Considerations

White Paper How Noah Mobile uses Microsoft Azure Core Services

Managed Security Services for Data

VMware vcloud Networking and Security Overview

Security Overview. BlackBerry Corporate Infrastructure

FormFire Application and IT Security. White Paper

How To Protect Your Network From Attack From A Network Security Threat

Building Energy Security Framework

GE Measurement & Control. Cyber Security for NEI 08-09

Netzwerkvirtualisierung? Aber mit Sicherheit!

Payment Card Industry Data Security Standard

Cisco Advanced Services for Network Security

Vulnerability Management

Cloud Security Trust Cisco to Protect Your Data

BMC s Security Strategy for ITSM in the SaaS Environment

Secure, Scalable and Reliable Cloud Analytics from FusionOps

Microsoft Azure. White Paper Security, Privacy, and Compliance in

VMware vcloud Air Networking Guide

How To Extend Security Policies To Public Clouds

Security Controls for the Autodesk 360 Managed Services

PCI DSS 3.0 Compliance

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment

Cisco Intercloud Fabric Security Features: Technical Overview

How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

Simone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud

SaaS Security for the Confirmit CustomerSat Software

How To Secure Your System From Cyber Attacks

THE BLUENOSE SECURITY FRAMEWORK

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Preemptive security solutions for healthcare

Tenzing Security Services and Best Practices

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Cloud IaaS: Security Considerations

PCI Requirements Coverage Summary Table

MSP Dashboard. Solution Guide

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Security Practices, Architecture and Technologies

How To Manage Security On A Networked Computer System

MIGRATIONWIZ SECURITY OVERVIEW

GoodData Corporation Security White Paper

Anypoint Platform Cloud Security and Compliance. Whitepaper

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

Total Cloud Protection

1 Introduction 2. 2 Document Disclaimer 2

FISMA / NIST REVISION 3 COMPLIANCE

Chapter 9 Firewalls and Intrusion Prevention Systems

Open Data Center Alliance Usage: Provider Assurance Rev. 1.1

VERIZON CLOUD SERVICES

CloudPassage Halo Technical Overview

PCI Requirements Coverage Summary Table

A Decision Maker s Guide to Securing an IT Infrastructure

Injazat s Managed Services Portfolio

How To Achieve Pca Compliance With Redhat Enterprise Linux

TONAQUINT DATA CENTER, INC. CLOUD SECURITY POLICY & PROCEDURES. Tonaquint Data Center, Inc Cloud Security Policy & Procedures 1

Security Overview Enterprise-Class Secure Mobile File Sharing

AWS Security. Security is Job Zero! CJ Moses Deputy Chief Information Security Officer. AWS Gov Cloud Summit II

Effective End-to-End Cloud Security

Safeguarding the cloud with IBM Dynamic Cloud Security

SDN and NFV in the WAN

Mirantis OpenStack Express: Security White Paper

SOFTWARE DEFINED NETWORKING

Trend Micro Cloud Security for Citrix CloudPlatform

Securing Virtual Applications and Servers

Cloud Security. Are you on the train or the tracks? ISSA CISO Executive Forum April 18, Brian Grayek CISSP, CCSK, ITILv3

Intro to NSX. Network Virtualization VMware Inc. All rights reserved.

SaaS Security for Confirmit Horizons

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

CloudPassage Halo Technical Overview

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

University of Pittsburgh Security Assessment Questionnaire (v1.5)

Alcatel-Lucent Services

Automating Cloud Security Control and Compliance Enforcement for PCI DSS 3.0

HIPAA Compliant Infrastructure Services. Real Security Outcomes. Delivered.

SANS Top 20 Critical Controls for Effective Cyber Defense

Unlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre

Securing the Service Desk in the Cloud

Vendor Questionnaire

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Securing the Intelligent Network

Virtualization Impact on Compliance and Audit

How To Buy Nitro Security

Cloud and Data Center Security

SOLUTIONS. Secure Infrastructure as a Service for Production Workloads

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Leveraging SDN and NFV in the WAN

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

Transcription:

White Paper WHAT MAKES A SECURE CLOUD? Security Overview of Verizon Cloud Designed with security in mind, Verizon Cloud uses a layered security approach that helps protect your sensitive data as you expand globally. In a recent report by Harvard Business Review Analytic Services, respondents from large and midsize global enterprises said that security is not a reason to avoid moving workloads to the cloud 1. The majority said they believed that cloud does not negatively impact security (65 percent) and, in some cases, cloud actually improves security (36 percent). While it is true that enterprise cloud security is no longer a barrier to cloud adoption, that doesn t mean enterprises should ignore cloud security solutions when considering infrastructure and service providers. Regardless of the fact that perceptions of enterprise cloud security are changing, keeping data secure in the cloud will continue to be paramount for businesses. Verizon Cloud was designed with security in mind, with a layered security approach that helps protect your sensitive data as you expand globally. From perimeter logical controls all the way up the security stack, Verizon Cloud provides a secure environment for the most sensitive workloads. WHAT IS A SECURE CLOUD? Our perspective on what makes a cloud secure is grounded in three fundamental themes: Strong logical and physical controls that provide a secure base on which to build Governance and controls that create standardized, repeatable processes that streamline operations, help make the cloud stable and reliable, and maintain strong security for data and apps Value-added security services that allow enterprises to expand their security posture Our strategy employs a multi-pronged approach and focus for running a secure cloud in a secure infrastructure essentially a three-level threat perimeter beyond the physical infrastructure (i.e., data centers that are very secure). Threat 2 Perimeter Eavesdropper Drops In Internet Private Line Web Applications Database Web Portal API Threat 1 Auth-Hacker, Stolen Credentials, Cross-Site Attack Threat 3 Operations Rogue Operator ISOLATION VERIZON CLOUD INFRASTRUCTURE Threat 1: The first threat is from the outside network against the web portal and API perimeter, where we protect against threats such as stolen access credentials. Threat 2: The second threat stems from externally caused service disruption. We protect the perimeter of the network itself at the logical network layer and the network infrastructure through our network firewalls and intrusion detection system (IDS). We also offer distributed denial of service (DDoS) attack services, where, for an additional charge, we can detect and mitigate distributed attacks against your cloud infrastructure and workloads. Threat 3: The third threat is internal where many threats occur. This is when someone on the inside attempts to steal data at the management layer, bypassing numerous controls. By adhering to a least-privilege model with escalating privileges on a per-need basis that time out, expire, and are revoked for any given system operation, with no access possible via public Internet, we make it harder to bypass controls. 1. www.verizonenterprise.com/resources/reports/rp_hbr-business-agility-in-the-cloud_en_xg.pdf

Our strategy employs a multi-pronged approach and focus for running a secure cloud in a secure infrastructure essentially a three-level threat perimeter beyond the physical infrastructure. LAYERED SECURITY We recognize your need for secure products and services and believe that our security portfolio, combined with enterprise-class cloud computing, offers strong protection for your network, data, and applications. Verizon Cloud uses a layered security model to help protect even the most sensitive workloads. Our industry leadership, experience, understanding, and stringent security controls allow us to provide a portfolio of products and services that benefit all of our customers by helping limit risk and improve business operations. Base Security Physical and Personnel Logical Security Verizon Cloud Framework and Design Value-Added Security Expertise, Capabilities, and Services Governance, Risk, and Compliance Design, Implementation, and Operation All deployments are located in purpose-built, cloud-enabled facilities built to support SSAE 16/SAS 70 Type II specifications. BASE SECURITY FEATURES Resilient cloud security starts at the base level. All deployments are located in purpose-built, cloud-enabled data centers using redundant power and cooling systems that help preserve operations. Advanced cloud-computing security control systems include interior and exterior video monitoring, access control systems, and 24x7 monitoring by an on-site guard and our Network Operations Center (NOC). Our facilities use some of the highest-level physical security features available to deploy the Verizon Cloud. Each data center has the following security controls: Built to support SSAE 16/SAS 70 Type II specifications. Electronic security-access control system and biometric readers. Multiple alarm points integrated with a CCTV system, with pan/tilt/zoom cameras located throughout the data center and the perimeter of the property. The digital video recorders are capable of storing multiple events and 90 days worth of video. Video images from before, during, and after an event are stored on redundant digital video recorders for analysis of the alarm event or possible intrusion. During an alarm event or an attempt at unauthorized access, the system directs the camera to that location. 24x7 monitoring of all essential systems, including humidity, temperature, water, fuel sensors, and all related environmental systems. Protected 24x7 by on-site guard services personnel. Inbound shipment security processes: No packages are accepted unless prior notification has been provided. Base security for Verizon Cloud also involves a strong emphasis on access control, background checks, and continuous training. Access control. Access control policies are defined, documented, and managed so that only authorized personnel have access to critical business applications and systems, based on position and job requirements. Policies take into account classification, business requirements, relevant legal considerations, and any contractual obligations regarding the protection of access to data or services. We use the principle of least privilege, in which a user is granted the minimum level of access to perform actions necessary for the job function. Privileged access to network, system, or application functions in production systems is controlled and restricted to the operationally feasible number of employees required and is allocated on a need to know or event by event basis. Each user is assigned a unique ID for accountability of actions. Authorization review and aging processes alert administrators of status changes so that access rights may be immediately retired or revoked when an employee no longer requires access or is no longer employed by Verizon. 2 VERIZON ENTERPRISE SOLUTIONS

Background checks. We are committed to hiring employees who meet the requirements and qualifications for the position for which they are applying. In support of this commitment, we have an employment background-investigations process to verify the information provided by applicants who are extended a conditional offer of employment (where otherwise not prohibited by law). The background investigation includes the following components, unless prohibited by law: criminal history, employment history, educational verification, Social Security number trace (U.S. only), international search (where applicable), Prohibited Parties/Office of Foreign Assets Control (OFAC), Sex Offender Registry, driver s license status, and driving record are checked when candidates are required to drive a company or personal vehicle in the regular performance of their duties. Training. All employees receive initial security-awareness training for both physical and information security. This training is regularly reinforced. Security policies are communicated through new-hire orientations; the employee handbook (which includes an annual security responsibility awareness certification), monthly security awareness articles, and security awareness tips posted to the corporate web. Security policies are available internally from Verizon s corporate intranet. Finally, managers are responsible for confirming that all employees understand their obligations to protect the information of Verizon and its employees, customers, and other third parties. LOGICAL SECURITY FEATURES In addition to the physical security offered at our facilities, we operate a second logical layer of defenses through virtualization tools and a complete suite of security services that are delivered, managed, and maintained by our 24x7 NOC and Security Operations Centers (SOC). In our ongoing efforts to maintain the confidentiality, integrity, and availability of networks, resources, and data for both the infrastructure and a customer s cloud environment, Verizon Cloud uses a significant number of internal tools for the protection of the infrastructure-as-a-service (IaaS) management backplane for compute, network, storage, and management. Compute layer. We implement security controls at the compute layer in several ways, including: Strong security at the hypervisor layer: Internally, Verizon Cloud infrastructure uses a minimal baseline build for the hypervisor and all components. Strong security at the operating system (OS) layer: Externally, customer virtual machines leverage pre-engineered OS templates that follow CIS Level 1 benchmarks with applicable patches and stripped-down components. These templates are updated on a regular basis upon patch release, evaluation, and testing. The ability to specify locations for compute and storage: With Verizon Cloud, you can select the location (or locations) where data will reside. Once selected, that is where your data remains. Strong administrator authentication: The Verizon Cloud Console is accessed via an SSL secure web connection and all information passed through this portal is encrypted in transit with password or optional two-factor authentication. Strong back-end authentication: Our engineers maintain our infrastructure back end using either perimeter-based or host-based two-factor authentication. Advanced password policies: To enforce complex passwords and avoid password reuse. We implement security controls at the compute layer through strong security at the hypervisor, operating system, and administrator authentication levels. In addition, you can specify locations where data will reside for compute and storage. We secure the network layer in a variety of areas, including core virtualization network controls, network data segmentation, firewall capabilities, intrusion detection, and DDoS detection and mitigation. Network layer. We secure the network layer in a variety of areas, including core virtualization network controls, network data segmentation, firewall capabilities, intrusion detection, and DDoS detection and mitigation. We implement security controls at the core virtualization network layer by: - Hardening management networks according to industry best practices and experience - Cautiously monitoring network activities - Expanding network segmentation into the hypervisor Data is segmented on the network by either: - In Public Cloud and Reserved Performance Virtual Private Cloud (VPC), using a proprietary embedded Layer 2 technology at the firmware layer and MAC-in-MAC encapsulation. In this approach, we leverage Software-Defined Networking (SDN), where programmed Network Processing Units (NPUs) with named endpoints within the compute fabric allow Verizon Cloud to act as a distributed switch, able to segregate traffic at the hardware level and provide the CLOUD SECURITY 3

Verizon Cloud Marketplace delivers certified, leading applications in Big Data, software development, and security helping you deploy applications quickly with low risk. virtual isolation required to meet security and performance requirements. In addition, our Layer2 approach enables us to provide you the ultimate in flexibility for networking topology and administration, enabling you to run any network modifying functionality (routers, firewalls, WAF devices, accelerators, etc.) as virtualized assets, plumbed using your IP schemes and isolated from other traffic in the cloud. The ability to dynamically allocate secure and manageable network infrastructure is a differentiator in the cloud marketplace. - In Elastic Resource and Resource Pool VPC, using industry standard network segmentation techniques at the hypervisor and network layers. We have added firewall capabilities within the platform to help you protect your networks by either one of the below or a hybrid approach: - Using integrated firewalling capabilities - Using firewall solutions obtained through the Verizon Cloud Marketplace We ve implemented an IDS at the critical management systems of the base platform layer at all Verizon Cloud locations, and have also implemented DDoS detection and mitigation mechanisms at all Verizon Cloud locations, which provide insight into attacks occurring on the core infrastructure and the ability to mitigate them. Always looking to improve our security posture, we have plans to offer these same services throughout 2015 as part of our layered security services vision. Storage layer. We believe segmentation needs to occur at all layers and have, for this reason, securely segmented the storage layer by either: Leveraging industry-standard storage area network (SAN) segmentation techniques so that SAN resources are logically separated and don t have visibility to other client instances. Zoning provides access control in a SAN topology. It defines which host bus adapters (HBAs) can connect to which SAN device service processors. When a SAN is configured using zoning, the devices outside a zone are not detectable to the devices inside the zone. In addition, SAN traffic within each zone is isolated from the other zones. Within a complex SAN environment, SAN switches provide zoning, which defines and configures the necessary security and access rights for the entire SAN. Logical unit number (LUN) masking is commonly used for permission management. It is also referred to as selective storage presentation, access control, and partitioning, depending on the vendor. It is performed at the storage processor or server level. It makes a LUN invisible when a target is scanned. The administrator configures the disk array so each server or group of servers can detect only certain LUNs. Leveraging hypervisor level segmentation techniques through both Citrix XenServer and VMware so that data isolation is performed at the OS layer and no two client operating systems are shared. Using proprietary embedded technology at the firmware layer. On our Public Cloud and Reserved Performance VPC, we have unified both networking and storage by using a Layer 2 storage protocol to encapsulate storage flows between virtualized storage devices and the virtualized computing endpoints over our virtualized networks. This allows Verizon Cloud to switch storage traffic over our distributed network plane, leveraging secure and isolated packet-switching algorithms that allow us to address security and data availability requirements. This approach allows us to take advantage of another feature in our physical infrastructure: traffic shaping. This is the same technique and approach the big iron router and switch vendors use to provide network reserved performance. In a world where any loss is unacceptable, this unified Layer 2 protocol approach allows us to provide the deterministic and reserved performance that our enterprise customers demand. Verizon Cloud Storage supports encryption of data at rest and in flight using a symmetric AES 256-bit cipher. SSL provides the additional security demanded by our customers. You can encrypt your data before sending it to Verizon Cloud Storage and retain your keys for added confidence that only you can view the data. Even if pre-encrypted, Verizon Cloud Storage will encrypt all data and we will secure the keys used by our encryption. Verizon Cloud Compute does not encrypt storage automatically; however, to protect or encrypt sensitive information, you can: - Use OS-level encryption software, including PGP, BitLocker, Vormetic, and others. - Use database encryption at the application layer through Microsoft SQL Server and Oracle. - In addition, the Verizon Cloud Marketplace will offer future access to encryption solutions in an effort to ease the adoption of encryption in the cloud. 4 VERIZON ENTERPRISE SOLUTIONS

We maintain a formal media sanitation and disposal policy that was designed to address DoD 550.22M. We also employ additional sanitization mechanisms for classified or sensitive information that applies to all media. Management layer. For Identity and Access Management, the Verizon Cloud Console uses two-factor authentication for login purposes. Verizon Cloud s role-based access control (RBAC) capabilities will evolve over time. Public Cloud and Reserved Performance VPC deployments support basic RBAC through user roles. Elastic Resource VPC and Resource Pool VPC deployment models support RBAC controls and are defined and implemented for business operations at the organization, environment, and the security group levels. Verizon Cloud will support the SAML 2.0 framework upon future feature release, and we plan to offer these same services throughout 2015 as part of our layered security services vision. Because enterprises will require tailored and layered security solutions that address specific needs, we provide you with access to key security features and services. We have secured the Verizon Cloud platform with the controls necessary to protect the base platform and management infrastructure. All relevant information and events are captured into a Security Information and Event Manager (SIEM), and correlation can occur between numerous events so that we can take appropriate action when an issue is detected. Depending on the nature of the incident, isolation to a specific tenant can occur. Log integrity is enforced via the use of the SIEM. By moving the logs off of the individual host and onto a highly secured, centralized SIEM, logs are protected from being modified. In addition to the base platform security, you can and should acquire layered security services specifically for your solution, to provide visibility into security information and events, as well as to provide the ability to isolate attacks to a specific component of the solution. VALUE-ADDED SECURITY Because enterprises will require tailored and layered security solutions that address specific needs, in addition to base and logical security controls, we provide you with access to key security features and services that help protect your workloads, including: Verizon Cloud Firewall and VPN capabilities that allow you to control access to your data and applications at both the virtual machine (VM) and application-tier levels by defining network and firewall settings. Verizon Cloud lets you manage how VMs connect to the Internet. The firewall management feature gives you the ability to modify and create firewall rule sets as needed for your cloud spaces. Firewall rules control the flow of data between networks and devices in a cloud space. You create firewall rules to permit or deny access, from an IP address or a network source, to an IP address or network destination, a protocol, and source and destination ports. You can also send firewall logs to a syslog server configured within your cloud environment, or externally if required. Depending on the chosen deployment model and compute option, Verizon Cloud lets you use integrated software-firewalling capabilities, dedicated highly available hardware firewalls, and Verizon Cloud Marketplace ISV firewall solutions. In Public Cloud and Reserved Performance VPC, software-based firewalls are automatically provided for each VM connected to a public IP. You can create up to 15 firewall rules for any VM attached to a public IP address, then manage a firewall via the user interface and add basic firewall rules. The following elements define a firewall rule: - Protocol (the IP protocol of the packet, e.g., TCP, UDP, ICMP, or any 1-byte value) - Source IP host/network - Destination IP host/network - Destination TCP/UDP port list - Action (accept, discard, or reject) In Elastic Resource and Resource Pool VPC, both software and dedicated hardware firewalls are available with common rules generated when you create services. From there, you can manage your firewall rules though the Verizon Cloud Console. You can also view and change the location to which you send your firewall logs (for example, to a centralized syslog server). CLOUD SECURITY 5

Our Managed Security Services helps you proactively identify vulnerabilities and prioritize threats in the cloud and on-premises. Multiple options exist for secure connectivity to VMs. Verizon Cloud provides SSL VPN or LAN-to-LAN (L2L) connectivity into the cloud through integrated VPN capabilities. You can also select a third-party solution from the Verizon Cloud Marketplace. Depending on the type of cloud deployment, built-in or Marketplace solutions will be available. Public Cloud and Reserved Performance VPC: - SSH directly to the server over the Internet. - Remote Desktop Protocol (RDP) directly to the server over the Internet (limited key size). - Use the integrated Cloud Console VM options that leverage SSL to connect to the VM console directly. - Deploy a pfsense template and configure your pfsense to build an L2L VPN tunnel, and then route your VMs toward the pfsense template. - Through Verizon Cloud Marketplace, use Marketplace vendors to deploy L2L or SSL VPN solutions, and then route your VMs toward the Marketplace appliance. Elastic Resource and Resource Pool VPC - SSH directly to the server over the Internet. - RDP directly to the server over the Internet (limited key size). - Use the integrated Cloud Console VM options that leverage SSL to connect to the VM console directly. - Deploy a pfsense template and configure your pfsense to build an L2L VPN tunnel, and then route your VMs toward the pfsense template. - Utility SSL VPN. - Dedicated and utility VPN L2L. Preconfigured security solutions through Verizon Cloud Marketplace ISVs. In addition to the layered security services we offer, you can elect to leverage the Verizon Cloud Marketplace. The Marketplace delivers certified, leading applications in Big Data, software development, and also security helping you deploy applications quickly with low risk. Juniper Networks Firefly is a virtual security appliance that provides security and networking services at the perimeter in virtualized private or public cloud environments. It runs as a virtual machine on a standard x86 server and delivers similar security and networking features available on branch SRX Series devices. F5 Big IP is an application-delivery services platform that enables traffic management and service offloading to acceleration and security while delivering agility, helping make your applications faster, secure, and highly available (scheduled to become available in 2015). pfsense is an open-source network firewall based on the FreeBSD operating system. Additional security-related solutions are slated for 2015 release. Managed Security Services. Maintaining a strong security posture presents its own set of challenges. Our Managed Security Services helps you proactively identify vulnerabilities and prioritize threats in the cloud and on premises, and helps you to refine information technology security policies and processes that help increase visibility, enhance cloud computing security, and reduce risk. In addition to viruses, worms, and other cyber threats, the introduction of new technologies and systems continually challenges the ability of even the largest enterprises to maintain the confidentiality, integrity, and availability of applications, devices, and other network resources. Risk can present itself in operational challenges, vulnerabilities, and continuously evolving cyber threats. In order to reduce your risk exposure, you need a methodology and a security platform that allows you to anticipate problems, take corrective action, and show practical results. Addressing security risk management as a business process, rather than just blocking threats and fixing vulnerabilities, creates greater value in terms of technology efficiency, resource allocation, and security compliance. 6 VERIZON ENTERPRISE SOLUTIONS

Our security management approach goes far beyond first-generation threat and vulnerability strategies to address the underlying risks in managing security challenges, including: Introduction of new vulnerabilities and attack methodologies Changing business requirements Management of multiple platforms Increased information-security compliance requirements Lack of security expertise and infrastructure We provide a full portfolio of Managed Security Services and can work with you to refine security policies and processes to identify vulnerabilities proactively and prioritize threats to your enterprise helping provide better visibility, enhanced security, and reduced risk. Our proprietary technology platform, which supports all our Managed Security Service offerings, collects, processes, and monitors billions of events each year. Our Managed Security Services helps enterprises: Mitigate the impact of security breaches information and revenue loss and business disruption. Implement strong policies and controls, which help address security requirements. Maintain customer trust and shareholder confidence. Our proprietary technology platform, which supports all our Managed Security Service offerings, collects, processes, and monitors billions of events each year. This helps our security analysts provide corrective action recommendations and mitigate threats. Through our Security and Compliance Dashboard, you can view your security posture and the effectiveness of your security devices at various levels from the big-picture view all the way down to the details of an individual security incident. Looking to measure and quantify security risks, address information-security compliance requirements, or conduct third-party due diligence? Our security management and PCI online compliance programs, along with our Professional Services engagements, are designed to meet these common needs, and are delivered by certified and leading experts. Our managed data and managed application security services, and our application scanning service, were designed to help you logically and comprehensively protect your applications, guard against data loss, and control who accesses what information across your enterprise. We also deliver managed network security, vulnerability management, and identity management services to help foster business continuity, monitor and manage security data, and support secure mobile communications. Secure Cloud Interconnect. We provide high-performance secure connectivity to your workloads through Secure Cloud Interconnect, allowing you to take advantage of application flexibility, business agility, and cost control of the cloud while maintaining high security and privacy standards. The solution uses the high-performing connections of our Private IP network to securely link your workloads to your existing locations, your partners, and even a select ecosystem of cloud service providers. The reliability, speed, and diversity of the network provide an end-to-end environment for cloud-based applications. Secure Cloud Interconnect, combined with other network services, offers a complete and integrated solution. Cloud via Verizon Private IP Enterprise Customers User Devices and Networks Private IP Network Infrastructure, Platform, Storage Providers Business Process Cloud Providers CLOUD SECURITY 7

Secure Cloud Interconnect uses the high-performing connections of our Private IP network to securely link your workloads to your existing locations, to your partners, and even to a select ecosystem of cloud service providers. The solution enables Private IP customers to connect to existing IT, partners, and cloud providers with security, performance, and diversity. It is a global network of resilient, secure gateways on Private IP connected to cloud service providers (CSPs) in high-density data centers. The feature allows for you to select from a growing list of cloud providers and directly integrate without additional engineering, equipment, circuits, or complexity. It provides you with Private IP s high-quality, low-latency, service level agreement (SLA)-backed performance that enables migrating applications from private data centers to the cloud. It also helps you manage total cost of ownership by providing high capacity, large-scale cloud interconnections that require no engineering, commitment, or capital investment on your part. You can easily and quickly begin using private cloud services while maintaining your security posture and performance. Pricing is simple and flexible; you pay for what is needed and benefit from volume discounts. Finally, Secure Cloud Interconnect provides a streamlined method to connect your Private IP networks to Verizon Cloud without the requirement of having to install brand new local loops supporting dedicated Private IP ports into the cloud data center. Our solution eliminates that need by enabling you to add a virtual port to your Private IP VPN quickly. GOVERNANCE, RISK, AND COMPLIANCE We re dedicated to providing Verizon Cloud customers with a secure environment for the most sensitive workloads. Security requirements are always increasing and are a concern in every area of business. To facilitate the ongoing and continuous management of our cloud products, we dedicate an entire team of governance, risk, and compliance (GRC) experts to support your unique requirements. We can help you address your business standards and security compliance requirements by implementing strong security controls to protect the cloud platform, adhering to life-cycle and change-management practices, and offering assessments through Professional Services engagements to help address GRC concerns. Verizon Cloud Elastic Resource and Resource Pool VPC options meet the following standards (at select data centers): SSAE 16 SOC 1 SSAE 16 SOC 2 PCI DSS ISO 270001:2005 HIPAA enabled Reserved Performance VPC assessments for PCI DSS and SSAE 16 are in the process. Strong life-cycle and change-management controls allow rapid innovation in conjunction with strong controls that help maintain uptime and reduce risk. Life-cycle management: We use agile development techniques to release features, enhancements, and bug fixes for Verizon Cloud. This development technique promotes rapid and flexible development cycles that have predefined start and stop dates, allowing us to release new features on a more frequent basis and quickly adapt to any necessary business changes. Each Verizon Cloud development cycle contains the current list of priorities that fit within the release cycle. Because this method allows us to adapt quickly to changes in the business, only near-term sprints (current and next) are locked in and committed. Change management: In our controlled process, all changes are submitted, reviewed, approved, scheduled, and implemented with little impact on service quality, so that Verizon Cloud maintains a high level of availability. All requests for changes are recorded and include information such as risk/severity levels, maintenance verification steps, rollback procedures, and prerequisites. Verizon Cloud is complemented by our professional consulting expertise. Our Professional Services suite includes a leading portfolio of consulting and integration services in key areas including networking, cloud, security, and the Internet of Things. We can help you evaluate your current systems, plan your next steps, design a cost-effective strategy, and implement it. Our Professional Services engagements often lead to the implementation of managed solutions that help customers realize tangible improvements to the way they do business. We do not just bring theories and one-size-fits-all solutions to the table. We get deep into your business. Understanding 8 VERIZON ENTERPRISE SOLUTIONS

the nuances of how you run your enterprise allows us to address the big picture better. What s more, we don t just implement the technology and run. We can provide project management for all engagements, helping your new solutions realize their full potential. Whether it involves a short-term project or long-term outsourcing, we can extend the knowledge of your internal resources and provide the expert help you need. Our experts deliver integrated solutions and professional services that address real business challenges. Our credentials include: More than 130 specialized consulting services available in more than 20 countries Experienced team of professional consultants providing support around the globe with local service Recommended as an ideal partner by industry analysts Recognized as an industry leader in security, managed, and hosted services Ability to leverage global IP network A vendor-neutral approach to get the right solution An end-to-end solution led by the same team of professionals Involved in the planning, design, implementation, and migration stages SUMMARY Very few hosting organizations or cloud providers can demonstrate the type of physical security and network infrastructure that Verizon provides. The logical security measures that are incorporated on top of the physical security capabilities help Verizon Cloud meet the unique security requirements for many enterprises. We have the tools, processes, and capabilities to protect the confidentiality, integrity, and availability of your data. Our services, combined with a client s prudent and aggressive information-assurance measures and oversight, create a secure cloud environment second to none for hosting and securing enterprise production workloads. verizonenterprise.com 2015 Verizon. All Rights Reserved. The Verizon name and logo and all other names, logos, and slogans identifying Verizon s products and services are trademarks and service marks or registered trademarks and service marks of Verizon Trademark Services LLC or its affiliates in the United States and/or other countries. Microsoft, Outlook, Active Directory, and Lync are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks and service marks are the property of their respective owners. WP16344 2/15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information