Tata Communications Ltd

IZO Cloud Storage - Cloud Storage Service

IZO™ Cloud Storage is based on object storage technology. It offers Flexible, Scalable , Durable, Secure and Reliable cloud storage service. The cloud Storage can be accessed using both Swift API and S3 API.
Service is offered in 3 variants (Value, Resilient, Geo-Resilient)

Features

  • COST EFFECTIVE - Predictable pricing per GB
  • DURABLE - Data is protected across zones and regions
  • RESILIENT - Failure tolerant architecture
  • SCALABLE - Highly Scalable architecture for Multi-PBs
  • SECURE - Firewall & SSL encryptions
  • AVAILABILITY - 99.9% platform availability
  • PAY AS YOU GROW - Pay as per consumption
  • INNOVATIVE - Choice of API access (Swift & S3)
  • MULTIPLE VARIANT - (Value, resilient, geo-res)
  • HYBRID - Choice of connectivity - Internet and WAN

Benefits

  • CLOUD BACKUP - Lower IT backup infrastructure cost
  • AUTOMATE - Improve Backup/Restore process
  • ARCHIVAL - Cost effective Long term data archival storage
  • FILE FABRIC SOLUTION -Share, Colloborate, Compliant
  • ACCELERATE- Quick contents transfer to Cloud
  • SECURE - Hosted in Secure Tier3 DC's with Tier1 Network
  • MEDIA STORAGE - Comptiable with MediaAssetManagement Systems
  • CONSOLIDATE - All your contents under single management
  • TAPE MIGRATION - Legacy Tape Migration service to Cloud storage
  • DOCUMENT MANAGEMENT - Cloud Storage for your business documents

Pricing

£0.011 to £0.035 per gigabyte per month

Service documents

G-Cloud 10

103430669796510

Tata Communications Ltd

Edwin GS P Nadar

+44 7500 809402

edwin.nadar@tatacommunications.com

Service scope

Service scope
Service constraints The platform is a 24x7 available service. Any planned maintenance will not impact availability.

Access to the service is via RESTful API
SWIFT & S3 API Supported
System requirements
  • Internet connectivity or WAN connectivity to Cloud
  • Application with S3 REST API or SWIFT API support

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Email or online ticketing support

Yes

Support response times

Global Service Desk is available 24*7*365 to customers for incident reporting and management. When an incident is reported by customer and an incident ticket is opened by the global service desk, the global service desk assumes full responsibility for the incident until the ticket is closed. Incident tickets are classified as Severity 1: Major Fault, Severity 2: Minor fault and Severity 3: Troubleshooting request based on the classification and priorities.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Our Cloud storage platform is pro-actively managed and monitored by a team of skilled engineers. Incidents and requests are submitted to the web-based Service Desk tool by our customers or our engineers. Further queries can be submitted to the Service Delivery Manager.

The team provides dashboard to report, capturing and progressing of incidents and requests logged via the Service Desk or monitoring systems, and escalating functionally within the team to appropriate areas of expertise or to Service Delivery Managers in the event of major incidents or client impacting changes.

A named Technical account manager can be allocated to the client.
We engage with our clients to design the relevant support model to fit the business needs, it can be 24*7.

We also provide client specific support SLA's as per the Business needs.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Our proven, expertise in service management delivers a single point of contact for your teams. Our service management goes through service design, delivery, implementation and assurance. Service delivery and implementation:

We have a defined on-boarding process which detailed planning which includes:
• Developing risk mitigation plans before delivery • Acceptance Criteria to ensure that both parties agree on what constitutes service readiness, and allows us to transition seamlessly into a full support model. • Introduction and Training on the Service Desk for clients • Ways of Working sessions to agree how we work with key stakeholders, and define ways to report status Service transition and assurance: The handover phase is designed to ensure that the technical teams gain a thorough understanding of the service and/or infrastructure that are being supported. During transition, a Technical Support Document (TSD) is created which forms base document that has all the deployment details. This is maintained as a single document throughout the life of the support service and includes details such as solution architecture, deployment model, managed services reporting etc.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Users can extract their data across the network via VPN or other secure network protocol . Also user can use any Standard tools to copy the data from Cloud storage.

In the event you require a live migration of data, our professional service handle the same.

The Data can be deleted or can be provided to you through the network.

Design and service documentation is located on the Catalyst portal and can be downloaded to provide a permanent record. Other documentation, where available or feasible to produce, can be provided on request.
End-of-contract process If you feel the need to switch providers, we will work with you to expedite the off-boarding of your Cloud storage services .
Our solutions are all based on standardized architecture , with robust migration processes and consistent documentation that make knowledge transfer straightforward and complete. As standard, if you wish to move data, we will provide secure access to third parties to extract your data to help you to get the data in target environment. If you want to keep the data retained, but require the managed service to be terminated, the tools and software can be removed, leaving the data preserved in the bucket. Depending on your target end state and specific schedule, there may be additional professional services charges applicable to help ensure that the migration and handover of services to the new provider are aligned precisely to your requirements.

User will be notified well prior to the end of contract to renew. In case of no response from customer as standard practice Data will be retained for 15 days from the receipt of termination notice or end of contract (whichever is earlier).

Using the service

Using the service
Web browser interface Yes
Using the web interface The Web based interface provides Following capabilities to the users.
1. Dashboard To view the Account Details, Containers, Storage Usage tracking.
2. ITSM - Incident Management - User can raise a incident ticket, View, Track and Manage from the portal.
3. ITSM - Service request management - User can raise a incident ticket, View, Track and Manage from the portal.
4. Access to Audit Logs.
Web interface accessibility standard None or don’t know
How the web interface is accessible To Log on to the portal :
1. Launch the Portal using URL: https://ipcloud.tatacommunications.com/

2. Login to the cloud storage portal using the URL/Credentials provided during subscription.

3. The defined service user will setup further user accounts and storage containers providing Access Controls accordingly. With appropriate permissions users can the use standard PUT, GET and DELETE data using S3 API / SWIFT API.
Web interface accessibility testing No specific web interface technology testing has been undertaken with assistive technology users, however best practice reference architecture based development methods have been used to optimize the end user experience
API Yes
What users can and can't do using the API On subscription user will be provided with following details access the storage container/bucket.

For SWIFT API based access:
Account name, Swift Password, Container Name.
Swift AUTH URL Example: http://XXX.ipstorage.tatacommunications.com/auth/v1.0/

For S3 API based access:
Account name, S3 API Key, Container Name,
Access URL example : XXX.ipstorage.tatacommunications.com

User can use any standard automation tool which support S3 API or swift API and Automate the API Commands with Scripts to make any changes (i.e. Get, Put, Post, Copy, Head, Delete ).

No Specific limitation on changes through the API.
API automation tools
  • Ansible
  • OpenStack
  • Puppet
  • Other
API documentation Yes
API documentation formats PDF
Command line interface No

Scaling

Scaling
Scaling available Yes
Scaling type
  • Automatic
  • Manual
Independence of resources Each Customer cloud storage is logically segregated to prevent users and customers from accessing bucket not assigned to them.

Each customer data is stored in exclusive location in the cloud disk pool, which does not impact other user data access. Cloud storage architecture is logically segregated in access layer and configuration layer for each storage container/bucket. Each storage bucket is segregated via security management processes/controls.
Usage notifications Yes
Usage reporting
  • Email
  • Other

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • Disk
  • Other
Other metrics Storage Size
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach Encrypted Data Ingestion to Cloud storage bucket/Container.
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Files system backup to cloud Storage
  • Cloud storage is compatible with many backup tools
  • Cloud storage can used for Offsite backup retentions
  • Offsite copy of Virtual machines backup to the cloud
  • Offsite copy of database backup to the cloud
  • Media content backup Copy to cloud
Backup controls Use can use any backup tool compatible to access the storage container over SWIFT or S3 API.

User will be able to schedule the backup to cloud storage target.

The backup tool will provide all features they have been using with Tape backup or local backup so far.
Datacentre setup
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
Scheduling backups Users schedule backups through a web interface
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability The Service Component availability Guarantee for IZO Cloud storage service (henceforth referred as device )is as follows for each variant.

Value Based - 99.9% SLA
Resilient - 99.9% SLA
Geo-Resilient - 99.99% SLA

The device is considered unavailable if the fault reported to the Global Service Desk by customer or identified by supplier itself is of Severity1: Major fault, as defined in the service schedule. Unavailability is calculated on monthly basis and the time of device unavailability experienced.

Such device unavailability shall be used to determine any service unavailability credit that the customer is entitled to for that particular month. The unavailability credit is a percentage of the Monthly recurring charge (MRC) for the device as set forth in following table and applies only to and is calculated for and the sites for which such credit was derived.

SLAs are available only if Client is compliant with the Agreement terms and do not apply to any third party including Client’s end users. SLAs do not apply to beta, experimental, trial, or no-charge Cloud Services.
Approach to resilience Our Cloud storage platform architecture is built with no single point of failure.
Data is stored across multiple availability zones and regions and replicated across multiple regions as per the Storage container Policy configured. Cloud platform architecture supports elastic scaling to ensure the Storage platform scales in line with demand, ensuring high performance across all traffic demands.

Further details can be shared on demand.
Outage reporting Notifications are: ITSM Dash board, Email Alerts, Call during Major incidents.

Our Incident Management process guides pro-active detecting and logging incidents and requests and ensure technical teams respond efficiently and effectively in order that requests are fulfilled and service is restored to clients as swiftly and stably as possible. In the event of an outage, the Service Delivery Manager contacts the client to inform them. Client also has full access to the Service Desk, and is able to configure a dashboard to receive alerts on incidents and track resolutions in real time. Further updates are then communicated using a combination of methods, including the dashboard, ticket updates and incident reports in accordance with the severity of the outage as documented in our Incident Management process.

Identity and authentication

Identity and authentication
User authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Operating Systems and applications in the platform have the restricted services access enabled.
Operating Systems and applications are fine tunes to run only the required services and access for intended project and application use.
System utilities are used only after proper validation / testing done. Without which users prohibited to use the same.
Users with system and network administrator access shall not download and use any security related tools without Prior approval rom Head-information security.
Support channel connects through Physically & logically isolated network channel.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Bureau Veritas Certification Holding SAS - UK Branch
ISO/IEC 27001 accreditation date 27/03/2017
What the ISO/IEC 27001 doesn’t cover Nothing specifically excluded or not covered.
It Covers all required services and DC in UK.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification ControlCase LLC
PCI DSS accreditation date 31/01/2018
What the PCI DSS doesn’t cover This Certificate does not substitute for the need to register with the card brands directly in order to be listed on their website and for them to confirm you as compliant per their individual programs.
Other security certifications Yes
Any other security certifications
  • ISO/IEC20000-1:2011
  • MTCS Level 3
  • Ministry of IT India
  • ISAE3402/SSE16 SOC2

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Tata Communications maintains core security certifications ISO 2700 Security risks, requirements and controls are primarily designed around Confidentiality, Integrity and Availability. Managing security in this manner allows for a practical, applicable and cost effective design that meets our business, regulatory and compliance requirements. As we are fully certified in ISO27001 we apply rigorous processes within our development framework to ensure that we develop, configure and manage infrastructure to meet the security needs of our clients. If an incident is identified as being a security incident either by an investigating engineer or by a security monitoring system then it is immediately escalated to technical team, the service design and architecture team, the service delivery manager and the senior management team form a dedicated Security Operations Center.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Tata Communications follows the ITIL definition of change management to provide a standardized method for the management of the risk and impact associated with amending live configuration items. The workflow is configurable based on change classification (emergency, planned etc.). The Change Team ensure the necessary governance is in place at all stages of the process and are responsible for managing quality, adherence to the process and provide final approval. There is a structured process: Logging, Assessment, Scheduling, Testing and Plans, Communications, Reporting and Governance.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Tata Communications carries out vulnerability scans using authorized scanning vendors on external interfaces as well as internal scans using market leading products. Results are reviewed and remediation plans set through raising tasks within our management system for engineer completion. A suitable 3rd party vulnerability and security testing company can be identified as part of the full service offered. Critical issues found are raised immediately via the service desk to be fixed by the support team under SLA.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Tata Communications leverages industry leading unified security management tools for our pro-active monitoring solution on our platforms.. We have a complete view of our platform by identifying potentially compromised systems and suspicious behavior, assessing vulnerabilities, correlating and analyzing security event data. These are based on key principles such as : Asset Discovery, Behavioral Monitoring, Vulnerability Assessment, SIEM into a single management plane A centralized log management platform is used to audit access providing real-time searchable data for an holistic view of security, allowing multiple ( unrelated) logs to be linked in a single security event, enabling real-time issue analysis
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Tata Communications support team proactively monitor and manages the platform on 24x7x365. Platform monitoring covers all elements such as hardware and network, storage nodes using the native monitoring tools. Tata Communications monitors the critical service components such as cloud storage node health, Network, Firewall, Connectivity using the monitoring tool. Automatic incident tickets are generates and sent via email to the support team on threshold exceed or any failure of the service components. Also user can trigger incident ticket via ITSM portal or email, prompting team to investigate the issue and take any necessary corrective action.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used Other
Other virtualisation technology used Cloud storage platform is designed with Openstack Swift architecture.
We support both Erasure coding method and Copy method to store the data.
How shared infrastructure is kept separate To access the storage bucket(container) individual User requires combination of Account name, password, access URL, Access keys. Which will be unique for every container.

Each customer user profile and data is Isolated with access layer, Logical container layer, Storage layer. Completely isolated for exclusive access.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £0.011 to £0.035 per gigabyte per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial - Size of the container (1TB to 10TB) > 10TB Approval required
- Maximum Containers–5
- Bandwidth (5Mbps – 20 Mbps)
- Maximum POC Time (15 to 30 Days)
- Any ICS Region
- Accessible over Internet Swift API / S3 API
- Delivery timeline 1 to 2 working Days
Link to free trial https://www.tatacommunications.com/contact/

Documents

Documents
Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑