Client Controls
Hybrid Infrastructure Controls

On-Premises and Mobile

Managed Clients
devices
IDAM Governance
Endpoint Protection (EP)
Endpoint Encryption (EE)
Endpoint Data Lost Prevention (EDLP)
Endpoint Detection & Response (EDR)
Mobile Device Management (MDM)
Network Access Control (NAC)
Multi-Factor Authentication (MFA)
Device Authentication
Privileged Access Management (PAM)
Virtual Private Network (VPN)

On-Premises

Extranet / DMZ
Firewall
Intrusion Prevention System (IPS)
Web Filtering
Edge Data Lost Prevention (Edge DLP)
Antimalware
Security Sockets Layer (SSL) Decryption
Web Application Firewall (WAF)
File Integrity Monitoring (FIM)
Endpoint Detection & Response (EDR)
Servers
Endpoint Protection (EP)
Edge Data Lost Prevention (Edge DLP)
Endpoint Detection & Response (EDR)
File Integrity Monitoring (FIM)
Database Encryption
LAN / WLAN
Network Access Control (NAC)
Access Control Lists (ACLs)
Wireless Intrusion Detection System (IDS)
Network Management System (NMS)

3rd Party Hosting
(Private Cloud)

Extranet / DMZ
Firewall
Endpoint Protection (EP)
Web Application Firewall (WAF)
Edge Data Lost Prevention (Edge DLP)
File Integrity Monitoring (FIM)
Servers
Endpoint Protection (EP)
Endpoint Detection & Response (EDR)
File Integrity Monitoring (FIM)
Database Encryption
LAN / WLAN
Access Control Lists (ACLs)

Public Cloud

Extranet / DMZ
Firewall
Intrusion Prevention System (IPS)
Cloud Data Lost Prevention
Web Application Firewall (WAF)
public cloud
Servers
Endpoint Protection (EP)
Endpoint Detection & Response (EDR)
File Integrity Monitoring (FIM)
Database Encryption

Software as a Service
(SaaS)

Extranet / DMZ
Email Antimalware
Single-Sign-On (SSO)
Multi-Factor Authentication (MFA)
Cloud Access Security Broker (CASB)
saas