An Executive Brief Sponsored by IBM

Michael Suby
Stratecast VP of Research
July 2014

Best Practice Security in a Cloud-Enabled World

The cloud will be a growing part of your IT environment. This is inevitable, particularly in consideration of the
following:

Economic Attractiveness The economic attractiveness of cloud infrastructure services (e.g.,

Infrastructure as a Service IaaS) is rising with each round of price wars. Lured by this attractiveness,
will your organization be faced with escalating data protection, operational risk, management complexity,
and compliance uncertainty?

Self-Service Proclivity Findings from a late-2013 Frost & Sullivan survey show that 70 percent of
end users are ignoring IT approval procedures and subscribing to un-vetted cloud services, for a variety
of reasons: support business objectives, improve productivity, and foster innovation. Can your
organization mitigate the security risks associated with uncontrolled and invisible use of Software as a
Service (SaaS)?

Opportunities in the Internet of Things The eve of the Internet of Things is here, as the ability to
send and collect burgeoning streams of data is no longer technologically constrained. Similarly, producing
actionable insights from this data mountain is no longer on the horizon, but aided by the elasticity of
the cloud. Readying your organization to skillfully ride the twin waves of the Internet of Things and Big
Data & Analytics cannot waitbut are you prepared to tackle the information security challenges that
arise when the cloud is part of the equation?

Addressing these questions is feasible through proactive and sensible risk management. While information
technology does move rapidly and with a degree of unpredictability, a comprehensive risk management approach,
designed to flex and adapt, enables organizations to embrace cloud services with security confidence.
In this paper, we present a straightforward approach to cloud security. The structural foundation of this approach
will not only assist in mitigating the risks associated with cloud deployments and usage, but also improve and
standardize your security posture and practices across all your environmentspublic and private clouds as well
as bare metal server clouds; and allow you to skip future security overhauls brought on by the emergence of new
types of information technologies and security threats.

2014 Stratecast. All Rights Reserved.

Stratecast | Frost & Sullivan

The cloud, and the technologies that underlie it, offer a rich set of benefits. However, without a clear
understanding of the security risks and the threats that underlie those risks, and how those risks vary by cloud
model, cloud benefits lose their luster, and serious consequences can occur, such as: disrupted operations, data
breaches, intellectual property (IP) theft, compliance violations, and brand damage. Moreover, the direct and
indirect costs of these and other consequences, and the restrictions that follow, will neutralize the benefits
anticipated with cloud adoption.

The cloud, and the technologies that underlie it, offer a rich set of benefits. However, without
a clear understanding of the security risks and the threats that underlie those risks, and how
those risks vary by cloud model, cloud benefits lose their luster, and serious consequences
can occur.

Compared to on-premises private data centers (i.e., traditional environment),1 cloud usage introduces
incremental risk. Yet, as we propose, this escalation of risk is controllable such that the benefits and risks of using
the cloud can be balanced. In essence, driving toward the same security objectives as in traditional environments
is the right path when using the cloud.

Security Objectives in Traditional Environments

Insulate from Cyber Threats Defend against threats coming from the Internet and through trusted
yet compromised devices.

Minimize Vulnerabilities Shrink the attack surface by reducing exploitable vulnerabilities

throughout the entire software stack and among data flows.

Protect Data Isolate and protect data of value throughout its entire lifecycle: in use, at rest, in
transit, and in retirement.

Control Operations Ensure that oversight and visibility over computing and security operations, and
people-based processes, is continuously effective and compliant with industry standards and government
regulations.

Three Cloud Types

Instrumental in gauging the incremental risk associated with the cloud is the understanding that risk varies by
cloud type. Universally, the cloud model, which encompasses several cloud types, is an approach to configuring,
provisioning, and managing data center infrastructure and applications. Clouds rely on automation,
standardization, and virtualization to allocate IT resources efficiently and optimally. Beyond these commonalities,
differences exist across the three cloud types:
1

On-premises includes data centers as nodes on either the organizations local area network (LAN) or private wide area network
(WAN). In either, the data center is part of a dedicated private network.

2014 Stratecast. All Rights Reserved.

Best Practice Security in a Cloud-Enabled World

Private Cloud A cloud environment in which the virtualized server infrastructure is dedicated to a
single enterprise. The dedicated environment (sometimes called a virtual private cloud) may be hosted
in a cloud providers data center, thus enabling enterprises to have the privacy associated with a
dedicated environment without the full capital investment of a data center. Or, the private cloud could
be hosted in the enterprises own data center.

Public Cloud A shared computing environment in which infrastructure is hosted in a cloud service
providers data center. The cloud service provider offers computing and storage capacity on demand,
through self-service portals, to subscribers paying for the capacity they use.

Hybrid Cloud An environment that allows enterprises to configure and manage multiple cloud
environmentspublic or private, on-premises or hostedas a single resource pool, through a common
management console.

Incremental Risk of Clouds

The Public Cloud Model is Built on Multi-Tenancy Multi-tenancy drives individual tenant costs
downward; a cloud benefit. However, multi-tenancy also increases the potential of cyber-attacks, both
from the outside and the inside. From the outside, a public cloud provider is a large, attractive target,
and is a collective of tenants, which are also potential targets. Once through the shopping malls doors,
per se, each tenant becomes a potential victim. From the inside, malicious actors can also be cloud
subscribers who stage attacks against and eavesdrop on their co-tenants. Ironically, the elasticity benefit
of the cloud is not limited to legitimate users. Malicious actors can also use clouds elasticity in
accentuating their exploits; for example, building a dynamic botnet army, which may force the cloud
provider to take steps to stop the botnet, thereby also affecting legitimate services to the other tenants.

Security is a Split Responsibility Contrasting with the fully owned and operated foundation of
traditional environments, in all three of the prevalent public cloud modelsInfrastructure as a Service (IaaS),
Platform as a Service (PaaS), and Software as a Service (SaaS)security is a split responsibility between the
cloud provider and its subscribers (tenants); with the level of responsibility in the hands of the cloud
provider growing in moving across the models from IaaS to SaaS (see table on the next page). Similarly,
visibility into the cloud providers security operations is not as deep or deterministic as in traditional
environments. Consequently, cloud tenants are indirectly asked to trust without full verification. For
example, vulnerability scanning and remediation is part of the cloud providers security responsibilities (e.g.,
of virtual network interfaces and hypervisor in IaaS, and up through the application software in SaaS); but
frequency and depth of vulnerability scanning, and prioritizing remediation, is determined by the cloud
provider, not individual tenants. Similarly, identifying and mitigating security incidents and configuration
errors attributed to the layers of the cloud infrastructure under the cloud providers purview are also
outside the line-of-sight of the tenants. In cloud environments, the strength of security is partially dependent
on the strength of the security operations and administration conducted by the cloud provider.

2014 Stratecast. All Rights Reserved.

Stratecast | Frost & Sullivan

In cloud environments, the strength of security is partially dependent on the strength of the
security operations and administration conducted by the cloud provider.

Cl ou d Sec uri ty s S pl i t Res p on si bi l i ti es

Cloud Layer

Cloud Models
Traditional
Environments IaaS PaaS SaaS

Data

Cloud Tenants
Responsibility

Interfaces (APIs, GUIs)

Applications
Solution Stack (Programming languages)
Operating System (OS)
Virtual Machines
Virtual Network Interfaces

Fully
Owned and
Operated
In-House

Hypervisors
Process and Memory

Cloud Providers
Responsibility

Data Storage (hard drives, removable disks, backups, etc.)

Network (interfaces and devices, communications infrastructure)
Physical Facilities / Data Centers
Source: PCI Security Standards Council, Information Supplement: PCI DSS Cloud Computing Guidelines (February 2013),
and Stratecast

Workload Mobility Also linked to the lower cost value proposition of the public cloud is the
infrastructure-optimizing mobility of virtual workloads among the cloud providers physical servers and
data centers. Yet, unlike a workload hosted in a dedicated server, in which circles of protections are
nailed up to protect that workload, similar protection is more difficult to sustain when virtual workloads
move. These security protections must be as mobile as the virtual workloads themselves, without loss of
integrity.

All Users are Remote Another advantage of the public cloud, but also an elevated security risk, is
that all users are remote. While beneficial in supporting anywhere access from any device versus more
restricted access from only company locations and company-issued devices, the inherent user validations
(e.g., an ID card for building access, password for LAN access, and a registered device ID) are not always

2014 Stratecast. All Rights Reserved.

Best Practice Security in a Cloud-Enabled World

present. Consequently, the flow of data into the wild is a higher risk with public cloud services.
Additionally, expanding use of SaaS contributes to risk through credential sprawl and users coping
mechanisms (e.g., repeatable use of easy-to-remember passwords), plus account management challenges
(e.g., terminating access to multiple SaaS services following an employee departure).

The combination of continuous evolution in security threats and organizations adoption of new information
technologies has been met with a history of innovation in security. As either threats or IT changed, security has
also changed, either by adapting or through the development of new security categories and practices. Beneficially
in securing the cloud, security technologies and their foundational concepts that are already practiced in
traditional environments can be fitted to the cloud. This does not mean that securing the cloud is a simple
process of porting security technologies from traditional environments. Rather, the core precepts are present to
be effective in securing cloud environments, but must be implemented with a thorough understanding of clouds
incremental risks and uniqueness.

Beneficially in securing the cloud, security technologies and their foundational concepts that
are already practiced in traditional environments can be fitted to the cloud. This does not
mean that securing the cloud is a simple process of porting security technologies from
traditional environments.

Also, and as will be discussed later, choice is expanding for cloud users, particularly with IaaS. For IaaS, cloud
users have expanded choice in selecting the optimal mix of performance, privacy, and price for each of their
workloads. Their choices include: public cloud (virtual server, public network connection); private cloud (virtual
server, private network connection); and bare metal cloud (dedicated server, private network connection).
The principal security technologies and concepts needed to secure cloud environments include the following:

Segmentation and Isolation Public clouds multi-tenancy demands that organizations establish and
maintain virtual walls around each of their workloads and the network traffic that flows to and from
workloads and among workloads. This effort is essential in shielding workloads and data from other
cloud tenants and cloud administrators, and, from a performance perspective, assuring that the workload
is not crowded out of its necessary compute, storage, and networking resources. Depending on the
workload, best effort performance is intolerable; verifiable service level agreements (SLAs) are essential.

Threat Detection and Mitigation Threats designed to disrupt operations, undermine integrity, or
eventually sow the seeds for data exfiltration are omnipresent. Cloud providers recognized this and have
built threat detection and mitigation technologies and procedures into their operations to serve all of
their tenants; and, naturally, to maintain service uptime and integrity. Yet, with the micro-targeting of
advanced threats, the cloud providers threat detection is not a panacea. Adding a second layer of threat

2014 Stratecast. All Rights Reserved.

Stratecast | Frost & Sullivan

detection is an advisable practice for all cloud tenants to defend against the external threats that evaded
the for everyone threat detection of the cloud provider.

Security Information & Event Management (SIEM)/Log Management No defense will ever
be completely impenetrable; there must be a backstop of non-stop collection of data to discover early
warning signals of multi-stage exploits. Continuing on the same path as in traditional environments, nextgeneration SIEM and Log Management forms this essential backstop in cloud environments. For
maximum effectiveness, data collection must be broad, from the network layer up through the
application layer; monitoring must be conducted on a real-time basis, and produce outcomes that are
grounded in context. In circumstances where a hybrid approach is useda mix of private data center
(traditional environment) and public cloudthe SIEM and Log Management capabilities must seamlessly
span both environments. Additionally, security intelligence must be equally comprehensive in spanning
external and internal factors, in order to filter what can be a mountain of daily security issues to a more
manageable, prioritized few.

Incident Response and Forensics Despite best efforts to protect virtual workloads in cloud
environments, the potential of a major security incident still exists and must be handled with expedience
and prudence. While a noble aspiration, planning and rehearsal is critical to ensure that cool heads
prevail during the heat of the moment. Forensics is also essential, to gauge the exploits extent and, of
equal importance, to guide defense-tightening adjustments. Comprehensive SIEM and Log Management
capabilities are essential in supporting both incident response and forensics.

Identity & Access Management As previously stated, the remoteness (i.e., access from any device,
from anywhere) of public cloud services, and the proliferation of SaaS subscriptions intensify the
necessity of an Identity & Access Management (I&AM) system to control user access privileges across
private and public environments. Automating subscriber management functions (i.e., bulk SaaS
enrollments, self-service password administration, and revocation of access privileges for departed
employees across all environments) are also important functions. Reporting on user log-in activity, also a
function of I&AM, assists in discovering questionable activities by users and administrators, and in
assigning the costs of cloud services to individuals and departments. Last, single sign-on lessens
credential sprawl and user time spent in resetting forgotten passwords, and logging into each SaaS
subscription individually.

Data Protection Data breach news stories are far too common; and, with certainty, there are
countless more data breaches that are either undetected or not publicly reported. Several coordinated
approaches assist in mitigating the risk of data breaches (e.g., segmentation and isolation, vulnerability
testing, SIEM, and I&AM). Encrypting valuable data in all of its modalitiesat rest, in motion, and in
useshould also be used. Of equal importance, the cloud users encryption keys should be inaccessible
by the cloud provider, to eliminate the potential that the cloud provider can access tenant data, and to
ensure that data erasure in the cloud is complete (i.e., by destroying the encryption keys).

Secure Software Development Secure software development has long been advocated by security
professionals as essential in systematically reducing the frequency and severity of software vulnerabilities.
Considering the heightened exposure in public cloud environments, the importance of secure software
development is equally heightened.

2014 Stratecast. All Rights Reserved.

Best Practice Security in a Cloud-Enabled World

Vulnerability Scanning and Patch Management Even with devotion to secure software
development, vulnerable software still exists, if for no other reason than the threat actors continuously
advancing their techniques. Also, other layers of software lie below (e.g., operating system) or to the
side of applications (e.g., browsers, drivers, and readers), and are subject to vulnerabilities. Periodic
vulnerability scanning and regular patch management is a good standard practice, and one that takes on
greater importance in the consideration that vulnerabilities in the configuration of a virtual workload will
remain with each new virtual instance of the workload, until the vulnerabilities are discovered and
effectively removed from the workloads configuration profile.

While people and processes are essential in all security endeavors, the third leg of the stooltechnologyis
equally critical. Even with top-flight security personnel and vetted processes, when combined with sub-standard
security technologies, security efficacy suffers. With this in mind, we recommend the following subset of
attributes that should be at the top of the list in selecting security technologies for use in cloud environments.
In parallel with our perspective that cloud security introduces additional risk, we segmented the security
technology attributes into two categories: (1) enterprise-class, and (2) cloud-class. Although these categories are
not mutually exclusive (i.e., cloud-class attributes are beneficial in traditional environments and vice versa), the
cloud-class attributes reflect a step up in functionality needed in cloud environments, as organizations advance
their use of cloud services from trial and tactical to routine and strategic.

While people and processes are essential in all security endeavors, the third leg of the stool
technologyis equally critical. Even with top-flight security personnel and vetted processes,
when combined with sub-standard security technologies, security efficacy suffers.

Enterprise-class

Best-of-Breed Under the reasonable assumption that the short list of security technologies are
similar in security functionality, best-of-breed entails other comparative characteristics, such as:
performance (i.e., bump in the wire), modularity, interoperability, and efficient administration. Vendors
business stability, commitment to research & development, and customer support are also part of the
best-of-breed attribute.

Compliance Friendly The reach of regulations, including data sovereignty laws, continues to expand.
Easing the burden of compliance substantiation, and minimizing the length and severity of noncompliance instances are also enterprise-class attributes.

Unit- and Role-Based Administration Lines of business and corporate services (e.g., finance,
human resources, and legal) are examples of distinctive units within the broader organization that either

2014 Stratecast. All Rights Reserved.

Stratecast | Frost & Sullivan

need or want autonomous administrative control over their security policies. In following the best
practice of least access privilege, role-based administration is also needed in enterprise-class security
technologies.

Cloud-Class

Rapidly Deployable and Highly Automated These are hallmark characteristics of cloud services.
Matching these characteristics in constructing security around each virtual workload and network flow is
essential in retaining, in full, the primary reasons for adopting cloud services.

Single Pane of Glass Extensibility One administrative interface for traditional environments and
another for cloud environments leads to fragmented security policies, compliance uncertainty, and
inefficient security operations. Furthermore, flexibility to move workloads between traditional and cloud
environments is hampered without single pane of glass extensibility. In expanding into the cloud, a crossenvironment administration interface is highly desirable.

Adaptable Just as cloud providers share of security responsibility varies across cloud models,
variation also exists in the security operations and practices among cloud providers in the same cloud
model. Optimally, variation in each cloud providers security attentiveness, and the means to verify
that attentiveness, is known; so, as a workload is placed in a cloud providers environment, the tenants
security responsibility is right-sized. In other words, tenant security is automatically and seamlessly
adaptable to conditions of the environment and the context of the workload (e.g., contains sensitive data
or a business-critical operation versus contains data of little value to would-be hackers; or performance
fluctuations, within reasonable bounds, are tolerable). This adaptability enables organizations to exercise
wider discretion in choosing cloud providers, and in deciding which workloads are cloud candidates.

2014 Stratecast. All Rights Reserved.

Best Practice Security in a Cloud-Enabled World

Cloud security can be accomplished and accomplished well, but not by chance; planning is paramount. The
relative newness of the cloud and its unique challenges do not lend cloud security to a learn as we go
proposition; knowledgeable and tenured expertise is needed from the start.

The relative newness of the cloud and its unique challenges do not lend cloud security to a
learn as we go proposition; knowledgeable and tenured expertise is needed from the start.

IBM is thoroughly equipped to help organizations adopt cloud securely. The company is well-known for its
lengthy and deep history in IT security. Even before the cloud became that next turn in IT, the company
developed its evergreen Security Framework. Designed to establish a pragmatic framework to address the
security challenges of complex private data centers, the same framework elements are extensible into cloud
environments. Furthermore, with cloud security requiring a holistic approach rather than piecemeal, the history
of IBM is replete with examples
of organic growth and best-of-breed acquisitions (see timeline on next page) in
IBM Security
creating a comprehensive portfolio of security technologiessoftware and virtual applianceand professional
and managed security services.

IBM Security Framework

2014 Stratecast. All Rights Reserved.

Stratecast | Frost & Sullivan

IBM Security

History of IBM Security Portfolio Expansion

IBM Hi sto ry of Sec u ri ty P ortf ol i o Ex pa nsi o n
Secure mobile
management
Advanced fraud
protection

2013
Endpoint
management
Security
and security
intelligence
Information
Database monitoring and analytics
and protection management
2011
Application
security
2010
Enterprise
singlesign-on
Application security
2009
Risk management
2008
Data management

Network intrusion
prevention
SOA management
and security
Identity management
Directory integration
Access management

Mainframe
and server
security

2012

IBM Security
is created

2007
2006

2005
2002

1999

6,000+ IBM Security experts worldwide

1976

3,000+ IBM security patents

4,000+ IBM managed security
services clients worldwide
25 IBM Security labs worldwide
2014 IBM Corporation

Source: IBM

Building on experience from client engagements, in-house thought leaders, and one of the worlds largest IT test
beds (itself), IBM developed its Cloud Computing Reference Architecture (CCRA) to guide adoption of cloud
services. Naturally, security is foundational to this architecture.
From CCRA to client engagements, IBM drives a best practice, strategic approach built on three steps that
leverage multiple components from IBMs broad security portfolio:
1. Security
Define
IBM

CCRA 3.0 Security Preview

a cloud strategy with security in mind

2. IdentifySecurity
the security measurements
neededModel
Revised
Component
3.

Enable security for the cloud

Security Components

Security Intelligence, Analytics and GRC

Security Information & Event
Management

Security Intelligence

Security Governance, Risk

Management & Compliance

People

Data

Applications

Infrastructure*

Identity & Access

Management

Data & Information Security

Secure Application
Development

Threat & Intrusion

Prevention

Physical & Personnel

Security

Encryption & Key

Management

Security Policy Management

Endpoint Management

Source: IBM

2014 Stratecast. All Rights Reserved.

Best Practice Security in a Cloud-Enabled World

IBM as a Secure Cloud Provider and Private Cloud Services

Earlier in this paper we spoke of the shared security responsibility between the cloud provider and its cloud
tenants. And, as the totality of security is only as good as the parts, the foundational layers of cloud security and
the protection of the cloud providers data center facilities (i.e., cloud providers responsibility) are crucial. As
expected, IBMs cloud-supporting data centers and its cloud security practices adhere to IBMs CCRA.
We also highlighted that multi-tenancy and Internet access are structural elements of public cloud services, and
these elements elevate security risk. While security technologies and practices can be established to mitigate this
additional risk, adherence to certain regulations (e.g., Health Insurance Portability and Accounting Act HIPAA,
and Payment Card Industry Data Security Standards PCI-DSS) and data privacy directives (e.g., US Department
of Commerces Safe Harbor directive) can still be hard to assure. Driven by this reality, organizations tendency is
to use on-premises data centers for the hosting of applications and workloads that are subject to these
regulations and directives; and, in doing so, forfeit the scalability, agility, and economic advantages (e.g., no capital
investments and usage-based pricing) delivered by the cloud services model.
IBM bridged this gap between cloud benefits and the security of private data centers with the 2013 acquisition of
SoftLayer, a cloud computing infrastructure company. Steeped in automation in physical and virtual server
provisioning and management, and grounded in security management (e.g., National Institute of Standards and
Technology (NIST) 800-53 framework and Cloud Security Alliances Security, Trust and Assurance Registry
(STAR) Self-Assessment), IBM offers the following SoftLayer services.

SoftLayer Bare Metal Cloud On-demand provisioning of customer-dedicated physical servers in

SoftLayers data centers, with customer connectivity via a private network port.

SoftLayer Private Cloud On-demand provisioning of single tenant virtualized servers hosted in
SoftLayers data centers, with customer connectivity via a private network port.

SoftLayer Public Cloud A public cloud Infrastructure as a Service hosted in SoftLayers data
centers.

Combined, these three SoftLayer services provide IBM customers with cloud infrastructure services without
compromise in supporting their varied workloads.

2014 Stratecast. All Rights Reserved.

Stratecast | Frost & Sullivan

Security in a fast-paced technology-infused world cries for an invest once and deploy everywhere approach. For
this to be realized, security must be planned in advance and built-in, yet still be fluidly adaptable to circumstances,
and singularly controllable. Lacking this type of security approach, the practice of security in the cloud will be on
a path of reactiveness, with expensive and sub-optimized operations.

IBM has the essential assets to make security work in the cloud:

IBM has a proven and comprehensive portfolio of security technologies that are extensible into cloud
environments. All the technologies that we referenced earlier in this paper are present in IBM. The
company also has security solutions designed for unique security challenges present in cloud
environments (e.g., mitigating hypervisor vulnerabilities). Additionally, IBMs adherence to standards
allows the integration of clients existing standards-supporting assets.

IBMs approach to cloud adoption and security is strategic (advancing business through use of cloud),
holistic (a cloud environment is a dynamic instance of a private data center, and must encompass all of
the same security best practices), and proactive (discover and remediate vulnerabilities ahead of
threats).

And like the private data center, cloud security operations are 24 x 7. IBMs professional and managed security
services teams bring the expertise, and proven and reliable practices that client organizations need.

Michael Suby
VP of Research
Stratecast | Frost & Sullivan
msuby@stratecast.com

2014 Stratecast. All Rights Reserved.

Silicon Valley

San Antonio
7550 West Interstate 10, Suite 400
San Antonio, Texas 78229-5616
Tel 210.348.1000
Fax 210.348.1003

331 E. Evelyn Ave., Suite 100

Mountain View, CA 94041
Tel 650.475.4500
Fax 650.475.1570

London
4, Grosvenor Gardens,
London SWIW ODH,UK
Tel 44(0)20 7730 3438
Fax 44(0)20 7730 3343

877.GoFrost myfrost@frost.com
http://www.frost.com

ABOUT STRATECAST
Stratecast collaborates with our clients to reach smart business decisions in the rapidly evolving and hyper competitive Information and Communications Technology markets. Leveraging a mix of action -oriented subscription
research and customized consulting engagements, Stratecast delivers knowledge and perspective that is only
attainable through years of real-world experience in an industry where customers are collaborators; todays
partners are tomorrows competitors; and agility and innovation are essential elements for success. Contact your
Stratecast Account Executive to engage our experience to assist you in attaining your growth objectives.

ABOUT FROST & SULLIVAN

Frost & Sullivan, the Growth Partnership Company, works in collaboration with clients to leverage visionary
innovation that addresses the global challenges and related growth opportunities that will make or break todays
market participants. For more than 50 years, we have been developing growth strategies for the Global 1000,
emerging businesses, the public sector and the investment community. Is your organization prepared for the next
profound wave of industry convergence, disruptive technologies, increasing competitive intensity, Mega Trends,
breakthrough best practices, changing customer dynamics and emerging economies? Contact Us: Start the
Discussion
For information regarding permission, write:
Frost & Sullivan
331 E. Evelyn Ave. Suite 100
Mountain View, CA 94041

Auckland

Dubai

Moscow

Silicon Valley

Bahrain

Frankfurt

Mumbai

Singapore

Bangkok

Iskander Malaysia/Johor Bahru

Oxford

Sophia Antipolis

Beijing

Istanbul

Paris

Sydney

Bengaluru

Jakarta

Rockville Centre

Taipei

Buenos Aires

Kolkata

San Antonio

Tel Aviv

Cape Town

Kuala Lumpur

So Paulo

Tokyo

Chennai

London

Sarasota

Toronto

Colombo

Manhattan

Seoul

Warsaw

Delhi / NCR

Miami

Shanghai

Washington, DC

Detroit

Milan

Shenzhen