SaaS Deployment Options
All of Proofpoint's email security, data loss prevention, archiving and compliance features can be deployed "in the cloud" without requiring expensive on-premises hardware or software. Proofpoint's next-generation SaaS architecture offers superior security, availability and the lowest total-cost-of-ownership combined with the complete control that enterprises require.
- Low TCO with a Path to SaaS
- Enterprise Security and Control, "SaaS without compromise"
- Industry-Leading Service Level Agreements
- Physical and Network Security
- Secure Operations
- System Monitoring
- Secure, Redundant Infrastructure
Lower TCO, better service and the freeing of critical IT resources are just a few of the key benefits discussed—and realized—by companies that tap into the power of cloud computing. But transitioning from tried-and-true software or appliance solutions to an unfamiliar deployment method, service provider and application can be overwhelming. This is especially true when a company is considering its first SaaS deployment.
Enter Proofpoint. Our best-of-breed solutions ensure secure and protected email for your entire enterprise, regardless of how you choose to deploy them. Additionally, our customizable and innovative technology platform allows an efficient "path to SaaS," ensuring the lowest cost of implementation with the flexibility you demand.
Many enterprises recognize the benefits of a SaaS solution, but aren't willing to compromise on control, flexibility and security. Our SaaS architecture was carefully crafted to meet these stringent requirements. Hosted in our world-class, SAS70 compliant datacenters, our SaaS email security and compliance solutions deliver true enterprise-grade availability, performance, reliability, and security.
With Proofpoint, your data is always secure. Rather than all customers sharing a common service, including databases and application instances, Proofpoint Enterprise Protection and Proofpoint Enterprise Privacy provide an exclusive and truly isolated environment for each customer.
Our next-generation SaaS architecture ensures that your enterprise's data and processing is separate from all others and provides you with dedicated computing resources, including configuration, user, application databases, quarantines, log files, disks, memory, CPU, and firewalls. This unique approach solves the problems associated with traditional multi-tenant solutions.
Proofpoint's SaaS solutions provide superior email security that meets or exceeds even the most stringent on-premises enterprise standards. For example, encryption from your premises to our datacenters protects all data in transit. Complete isolation ensures that denial-of-service attacks on other deployments never impact the performance of your enterprise's unique Proofpoint environment.
The best infrastructure, applications, processes, and experience would be meaningless without the accountability of the industry's leading Service Level Agreements. Proofpoint provides both operational and application level agreements.
From an operational level, Proofpoint guarantees:
- 99.999% Service Availability
- Sub-minute email latency
From an application level, Proofpoint Enterprise Protection guarantees:
- 99% spam effectiveness
- 100% virus control
- < 1 in 350,000 false positive rate
Proofpoint has contracted with top-tier datacenter providers around the world to ensure the most secure and reliable operating environment. All facilities are SAS70 Type II certified and follow ISO 27002 security standards for physical access. All facilities feature:
- On-premises security guards
- External security components including: Cameras, false entrances, vehicle blockades, bulletproof glass/walls, and unmarked buildings
- Biometric systems, including palm scanners
- Security cameras with digital recorders and pan-tilt-zoom capabilities
- Portals and man-traps that authenticate only one person at a time
Each Proofpoint deployment is distributed across multiple, geographically diverse datacenters in an active-active configuration, ensuring continuous availability, even in the event of an unforeseen disaster.
A global load balancer dynamically directs traffic to each datacenter to ensure even distribution of load. A local load balancing proxy in each datacenter maintains a dynamic pool of available resources and manages the translation of unique public IP addresses to their corresponding unique private IP address.Optimal Operating Environments
Each datacenter features clean, continuous power, backed by redundant generators. Local short-notice refueling contracts for the backup generators are maintained at each facility.
To maintain optimal environmental conditions, all data centers are built on raised floors with high-volume, zoned temperature and humidity controls. Redundant (N+1) HVAC units maintain flow of air conditioning and are powered by normal and emergency electrical systems.
Multiple Gig-E connection points to the Internet from different service providers to ensure consistent bandwidth and connectivity during heavy volume spikes and peer-wide outages. Firewalls at each point of presence enforce strict access policies that explicitly deny all traffic destined for an unknown address or port.
All network devices—including firewalls, routers, switches and load balancers—are redundant within each datacenter. All namespaces are owned and managed by Proofpoint directly and addresses are unique to each customer to ensure isolation and asset identity for certificates, encryption, and other security protocols (SSL, TLS, SPF, DKIM, etc.).
All Proofpoint employees and contractors must pass a third-party background check prior to commencing any work at Proofpoint. This background check includes employment verification, education verification, in person and/or phone based reference checks, criminal background check, driving record check, and a credit background check.
Isolated Customer Instances
In order to ensure the highest levels of data isolation and privacy, every Proofpoint customer is deployed on an isolated system instance with no shared data or configuration. Virtualization is managed at the OS level with dedicated CPU and RAM to ensure consistent performance and capacity regardless of fluctuations in other customer deployments.
To provide further data security, data stored within Proofpoint's SaaS infrastructure (e.g., messages in quarantine) is encrypted.
Managing dedicated resources requires extensive automation and control of production resources. Proofpoint has integrated a variety of widely-adopted systems management tools and custom-developed solutions to deliver the highest degree of automation and consistency throughout our infrastructure.
Our system inventory is continuously updated and provides the visibility and control necessary to respond to a rapidly growing, highly diverse customer base. A dedicated team of engineers ensures that system administration tasks are documented, automated, and audited for efficiency and consistency.Infrastructure Monitoring
All Proofpoint systems are actively monitored with local agents collecting hundreds of metrics specific to hardware, networking, and OS. All metrics on each host are continuously measured against a baseline compiled from historical data.
Acceptable thresholds are defined based on a combination of optimal performance targets and historical baselines. Alerts are automatically generated when thresholds are crossed and escalation schemes are systematically enforced to ensure potential issues are acknowledged in a timely manner.
Hosting operations engineers are available 24 hours a day, 7 days a week to respond to any infrastructure issue.
Vulnerability scanning is performed regularly both with externally available and internally designed tools to verify the integrity of Proofpoint’s SaaS infrastructure.
In addition to extensive infrastructure monitoring, Proofpoint actively monitors, trends, and alerts on application-specific metrics. By maintaining consistent, optimized configurations, aberrant behavior can be identified and resolved quickly before it impacts performance or capacity.
Proofpoint’s core engineering team constantly reviews any incidents and reviews performance metrics from SaaS environments as a feedback mechanism to ensure continuous improvements in stability and throughput.
Proofpoint's SaaS platform is built on a secure infrastructure, enabling a host of security and compliance applications in the cloud bound by stringent Service Level Agreements. Additionally, Proofpoint maintains a global datacenter footprint. Each customer is deployed into multiple, geographically diverse datacenters in an active-active configuration, ensuring continuous availability in the event of an unforeseen disaster.
An array of global load balancers dynamically directs traffic to each datacenter to ensure an even distribution of load. A local load balancing proxy in each datacenter maintains a dynamic pool of available resources and manages the translation of unique public IP addresses to their corresponding unique private IP address.
All network devices (firewalls, routers, switches, load balancers) are redundant within each datacenter. Multiple Gig-E connection points to the Internet from different service providers ensure consistent bandwidth and connectivity during heavy volume spikes and peer-wide outages. Each datacenter features clean, continuous power, backed by redundant generators. Local short-notice refueling contracts for the backup generators are maintained at each facility.
To maintain optimal environmental conditions, all datacenters are built on raised floors with high-volume, zoned temperature, and humidity controls. Redundant HVAC units maintain flow of air conditioning and are powered by both normal and emergency electrical systems.
Proofpoint DatacenterFacility Features:
- All facilities are SAS70 Type II certified and follow ISO 27002 security standards for access
- On-premise security guards
- Security systems on the building exterior: cameras, false entrances, vehicle blockades, parking lot design, bulletproof glass/walls and unmarked buildings
- Biometric systems, including palm scanners
- Security cameras with digital recorders and pan-tilt-zoom (PTZ) capabilities
- Portals and man traps that authenticate one person at a time
- Only named Proofpoint personnel are allowed physical access to the data centers
- Access to Proofpoint systems is further restricted within locked cages, which are monitored via video