ZPE Cloud Overview

ZPE Cloud is a Software-as-a-Service (SaaS) platform built on the robust foundation of Google Cloud Platform (GCP) for managing Nodegrid products. It provides 360° network visibility and rich analytics, seamlessly integrating all Nodegrid devices, including Serial, USB, IPMI, Power Management, and KVM for efficient branch IT device management.

ZPE Cloud eliminates the need for staging or pre-configuration of devices before installation, ensuring secure deployment and minimizing external risks. Automated provisioning from the network operations center (NOC) within the ZPE Cloud enhances network security.

The primary features of the ZPE Cloud include:

• Cloud-based configuration and management of Nodegrid devices.

• Secure, fast, and consistent device deployment across all branch locations.

• Single Sign On (SSO) for fast access to all devices.

• Zero-Touch Provisioning (ZTP) over WAN – deployed devices is configured at the branch.

• Automated global fleet management.

• Direct interaction with branch locations to quickly scale and upload configurations from an NOC.

• Remote management, power control, and lights-out operations.

ZPE Cloud’s commitments to security and availability are communicated online and are documented. Service commitments are generally standardized and include, but are not limited to:

• Confidential provisions regarding proprietary technical and business information of both ZPE Cloud and its customers.

• Define and manage the return and destruction of Confidential Information.

• Implementing a formal escalation process for issues that fall outside of ZPE Cloud’s Customer Service Representatives’ purview.

• Define and manage the delivery of services including resources and scheduling.

• Continuous improvement of security through research in lowering the attack surface of the management infrastructure for customer and corporate communication channels.

Risk Mitigation Strategies

ZPE Cloud places paramount importance on risk mitigation strategies to ensure the robust security of its cloud infrastructure. ZPE Cloud prioritizes cloud infrastructure security with a concise risk mitigation strategy based on Google's SRE handbook:

Compliance Adherence

Regular audits and assessments play a crucial role in validating compliance within the ZPE Cloud compliance framework. We are proudly SOC2 Type II certified. These points provide a concise overview of the role of audits, the use of benchmarks, focus areas during assessments, and the commitment to continuous improvement within the ZPE Cloud compliance framework:

Incident Response and Recovery

In accordance with ZPE Cloud’s stringent Incident Response policy, should unauthorized access to sensitive information occur affected customer(s) will be promptly notified after the completion of a thorough investigation to confirm misuse or when there is a reasonable expectation of its potential occurrence. Notably, ZPE Cloud adheres to clearly defined incident response procedures crafted to address security breaches promptly and effectively.

Our incident response procedures are meticulously outlined, detailing the step-by-step actions to be taken in the event of a security breach. These procedures encompass industry best practices, including guidelines from the National Institute of Standards and Technology (NIST) and are informed by principles of Cyber-Informed Engineering (CIE). This approach ensures a comprehensive and effective strategy for handling security incidents, incorporating both recognized standards and cyber-informed engineering principles. These procedures encompass:

• Preparation: Hardening of our systems for greater resilience to attacks.

• Detection.

• Rapid analysis.

• Containment.

• Eradication.

• Recovery.

• Lessons learned.

• And feedback into preparation.

By following these systematically structured protocols, our dedicated team ensures a swift and organized response to security incidents, with the overarching goal of mitigating the impact on our customers and swiftly restoring normalcy.

Furthermore, our commitment to transparency and accountability is exemplified in our practice of notifying affected parties in a timely manner, unless a competent law enforcement agency advises a delay to prevent interference with a criminal investigation, as substantiated by a written request. This commitment, combined with our well-defined incident response procedures, underscores ZPE Cloud’s dedication to maintaining the highest standards of cybersecurity and customer trust.

Information Technology Security

At ZPE Cloud, our commitment to technological infrastructure security extends to the integration of industry-leading tools and platforms. As part of our comprehensive security strategy, we harness the power of cutting-edge technologies to fortify our defenses against potential threats. A pivotal element in fortifying our security arsenal involves the utilization of tools like the Security Command Center (SCC) from the Google Cloud Platform (GCP), which encompasses Cloud Security Posture Management (CSPM), penetration testing, enforcement of OWASP practices, and enforcement of Identity and Access Management (IAM) best practices, among other key security areas:

By leveraging the advanced capabilities of the SCC, we empower our security professionals to gain unparalleled visibility into the security posture of our environments. Through the incorporation of tools like the SCC, ZPE Cloud ensures that our security measures align with best practices and industry standards. This not only reinforces the resilience of our clients' technological infrastructure but also showcases our commitment to staying at the forefront of cybersecurity advancements. With ZPE Cloud, clients can trust that their critical assets are safeguarded using state-of-the-art tools providing a secure foundation for their digital endeavors. Moreover, Trusted Module Platform (TPM) exists inside the hardware of every Nodegrid device. The implementation of TPM on the Nodegrid device ensures that certificates used to communicate with ZPE Cloud are uniquely tied to the device.

ZPE Cloud goes the extra mile in ensuring the security and resilience of its software through a comprehensive strategy that includes Software Composition Analysis (SCA) and vulnerability scanning. The acclaimed Synopsys Blackduck is employed for Software Composition Analysis (SCA) in combination with various open-source tools like Grype and Trivy. This meticulous process involves scrutinizing each new code delivery to identify and catalog open-source components, while also assessing potential vulnerabilities. By leveraging multiple tools, the analysis aims to mitigate the risk of false positives, ensuring a more accurate and reliable evaluation of the code's security landscape. This proactive measure is augmented by the expertise of Synopsys WhiteHat, a renowned leader in application security. WhiteHat's advanced capabilities in dynamic application security testing (DAST) and static application security testing (SAST) further enhance ZPE Cloud's ability to detect and remediate vulnerabilities. By integrating these powerful tools seamlessly into their development pipeline, ZPE Cloud not only ensures the integrity of their codebase but also exemplifies a commitment to delivering software solutions that prioritize security from the ground up. All data is encrypted at-rest and any data outside of ZPE Cloud private network is encrypted at-flight.
Security in layers:

Employee Protection, Training, and Awareness

ZPE Cloud is committed to maintaining a highly trained and security-conscious workforce. To achieve this, we have implemented ongoing training programs that cover various aspects of cybersecurity. These programs are designed to:

Keep Staff Informed: Regular training sessions are conducted to update employees on the latest security threats, vulnerabilities, and best practices. This ensures that our staff remains well-informed about emerging risks and is equipped to address them effectively.

Promote a Security Culture: Training extends beyond technical aspects to instill a security-first mindset among all employees. This involves emphasizing the importance of security in day-to-day tasks and fostering a culture where security is everyone's responsibility.

Compliance and Regulations: Staff members are educated about relevant data protection laws, industry regulations, and compliance standards. This ensures that our operations align with legal requirements and industry best practices.

Specialized Training: Departments dealing with sensitive information or specific security responsibilities receive specialized training tailored to their roles. This ensures that individuals handling critical tasks have the expertise needed to safeguard information.

ZPE Cloud recognizes that the security of our organization is not solely dependent on external threats but also encompasses potential risks posed by embedded side-channel attacks. In addition to our current initiatives, we have implemented specific measures to protect our employees from these sophisticated threats. Our commitment to security extends beyond our products and services to ensure the safety and well-being of our workforce:

By incorporating these additional measures into our Employee Training and Awareness programs, ZPE Cloud is dedicated to creating a comprehensive security framework that not only protects our clients' information but also ensures the resilience of our workforce against evolving cyber threats. We remain committed to maintaining the highest standards of security across all facets of our organization.

Collaboration with Third-Party Security Providers

ZPE Cloud is committed to ensuring the highest standards of security for its clients by fostering strategic collaborations with reputable third-party security providers. Recognizing the dynamic nature of cyber threats, ZPE Cloud believes in the strength of partnerships to enhance its overall security posture. By aligning with industry-leading security service providers, ZPE Cloud ensures that its clients benefit from a comprehensive and robust security infrastructure.

These collaborations are not just about integrating additional security layers but are rooted in a proactive approach to cybersecurity. ZPE Cloud engages in continuous dialogue and collaboration with its third-party security partners to stay ahead of emerging threats. Regular information sharing, threat intelligence exchange, and joint analysis sessions contribute to a collective effort to identify and counter potential vulnerabilities. This collaborative approach allows ZPE Cloud to provide its clients with cutting-edge security solutions that evolve with the ever-changing threat landscape.

To maintain the effectiveness of these partnerships, ZPE Cloud places great importance on the regular evaluation and optimization of third-party security solutions. Through ongoing assessments and audits, ZPE Cloud ensures that the security measures implemented by its partners align with industry best practices and comply with the latest standards. This commitment to continuous improvement ensures that ZPE Cloud's clients receive the most up-to-date and effective security solutions, providing peace of mind in an increasingly complex digital environment.

In essence, ZPE Cloud's collaboration with third-party security providers is not just a business arrangement; it's a strategic alliance aimed at fortifying the digital defenses of its clients. By combining internal expertise with the specialized knowledge of trusted security partners, ZPE Cloud stands at the forefront of delivering resilient and adaptive security solutions to meet the challenges of today's interconnected world.

SSO providers: Any SSO external provider such as Okta, Duo, PingFederate, the provider usually uses SAML specification.

Future Roadmap

ZPE Cloud's commitment to ensuring the utmost security for its users is at the forefront of its future roadmap. The company recognizes the ever-evolving landscape of cybersecurity threats and is dedicated to implementing robust security enhancements and making strategic investments to fortify its cloud infrastructure. As technology advances, so do the tactics employed by malicious actors, and ZPE Cloud aims to stay ahead of the curve in safeguarding sensitive data and digital assets.

One pivotal element of the future roadmap encompasses a thorough delineation of planned security enhancements, incorporating innovative measures such as the implementation of a risk-register, a security-mesh framework, and robust privileged access management. ZPE Cloud is poised to deploy advanced encryption protocols, multi-factor authentication mechanisms, and cutting-edge intrusion detection systems. These collective measures are meticulously crafted to establish multiple layers of defense, furnishing users with a secure environment for the storage and processing of their data. Moreover, ZPE Cloud is committed to investing in continuous security audits and assessments, ensuring proactive identification and resolution of vulnerabilities.

ZPE Cloud is fully committed to staying abreast of emerging threats and technologies, recognizing that a proactive approach is key to maintaining a robust security posture. The company will closely monitor the evolving threat landscape, collaborate with industry experts, and engage in research and development efforts to adapt its security measures accordingly. By staying agile and responsive to emerging challenges, ZPE Cloud aims to provide its users with a secure and trustworthy cloud computing experience.

In a rapidly changing digital landscape, ZPE Cloud's dedication to security not only ensures the protection of its users' data but also reflects its commitment to maintaining the highest standards of reliability and integrity in the cloud services it offers. Users can have confidence that ZPE Cloud will remain at the forefront of security innovations, continuously enhancing its capabilities to mitigate evolving threats and provide a resilient and secure cloud computing environment.