<div>
Max 5 users only so management prefers to go SaaS rather than a Capex for a physical server
</div>


<div>
Q1: i don't see it is not appropriate as long as the license and user data can be kept safe in the cloud and the polices are applied (such as VM must be region restricted)<br />
<br />
Q2: it really depends, as long as the resource in DMZ or backend zones are in control and trusted. that's the first priority, then choose the most economic solution. commonly, leaving the server in DMZ needs less effort in development but more effort in management<br />
<br />
Q3: it depends again. if the internal policy requires data to kept on a separated zone with firewall and access control in place, then a separated subnet is required.
</div>


sunhux

<div>
a bit of historical background on this new server:<br />
currently our Audit dept shares/uses our parent company's Teammate server. &nbsp;however, parent company's internal audit requires us to have a separate server as we are a separate entity and due to the sensitivity of the data
</div>


<div>
thanks very much for the PDF which shows the only AsiaPac TeamCloud DC is in Sydney. &nbsp;As we dont want data to be in another country, we can hv the data/DB sits in a VM is a Cloud service provider in our country while running the SAAS Teamcloud fr Sydney? &nbsp;seems complicated
</div>


<div>
that Pdf mentions TeamCloud SQL database so I reckon the db will hv to sit inside a VM in Sydney? &nbsp; any chance that the db and data at rest are within our country? &nbsp;or can we run without Teamcloud &nbsp;using AWS in our country?
</div>


<div>
Unlikely in the change in the jurisdiction availability zones but as mentioned go through your contact to get latest updates.
</div>


<div>
ok will liaise with Teammate account manager.<br />
<br />
in the event Teamcloud DC is not available in Spore, guess we hv to go with IAAS with a cloud provider tt has a presence in Spore, right?
</div>


<div>
<div class="content wysiwyg-content">
Our Internal Audit is setting up a Teammate server (data &amp;&nbsp;reports) plus a separate license<br />
server (this license server needs to be authenticated by Teammate/ACL periodically).<br />
<br />
Teammate will host financial data for auditors to analyse/review (using ACL, CAATS)<br />
&nbsp;for frauds so it's considered sensitive data.<br />
<br />
Q1:<br />
Is it appropriate for both the license server as well as Teammate server to be SaaS<br />
(like O365) or just the license server or it's best that they must not be SaaS? &nbsp;For sure<br />
if they're in cloud, the VM must be located in our country due to cross-border restrictions<br />
<br />
Q2:<br />
Do we place the license server in DMZ &amp;&nbsp;Teammate in the internal secure backend zone?<br />
<br />
Q3:<br />
What other security design considerations to take into account?<br />
Restrict license server to Teammate/ACL/CAATS sites only &amp;&nbsp;the Teammate server<br />
to be accessible to Internal Auditors' &nbsp;subnet only?
</div>
</div>


Our Internal Audit is setting up a Teammate server (data & reports) plus a separate license
server (this license server needs to be authenticated by Teammate/ACL periodically).

Teammate will host financial data for auditors to analyse/review (using ACL, CAATS)
 for frauds so it's considered sensitive data.

Q1:
Is it appropriate for both the license server as well as Teammate server to be SaaS
(like O365) or just the license server or it's best that they must not be SaaS?  For sure
if they're in cloud, the VM must be located in our country due to cross-border restrictions

Q2:
Do we place the license server in DMZ & Teammate in the internal secure backend zone?

Q3:
What other security design considerations to take into account?
Restrict license server to Teammate/ACL/CAATS sites only & the Teammate server
to be accessible to Internal Auditors'  subnet only?

Security considerations (SaaS, place in DMZ/internal secure zones) for a Teammate server (used by auditors)

Virtualization is the act of creating a virtual (rather than actual) version of something, including (but not limited to) a virtual computer hardware platform, operating system (OS), storage device, or computer network resources. Virtualization is usually the creation of a system that executes separate from the underlying hardware resources, or the creation of an entire desktop for systems located elsewhere, similar to thin clients.

Virtualization

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Network Security

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.