IZO™ Cloud Storage is based on object storage technology. It offers Flexible, Scalable , Durable, Secure and Reliable cloud storage service. The cloud Storage can be accessed using both Swift API and S3 API.
Service is offered in 3 variants (Value, Resilient, Geo-Resilient)
- COST EFFECTIVE - Predictable pricing per GB
- DURABLE - Data is protected across zones and regions
- RESILIENT - Failure tolerant architecture
- SCALABLE - Highly Scalable architecture for Multi-PBs
- SECURE - Firewall & SSL encryptions
- AVAILABILITY - 99.9% platform availability
- PAY AS YOU GROW - Pay as per consumption
- INNOVATIVE - Choice of API access (Swift & S3)
- MULTIPLE VARIANT - (Value, resilient, geo-res)
- HYBRID - Choice of connectivity - Internet and WAN
- CLOUD BACKUP - Lower IT backup infrastructure cost
- AUTOMATE - Improve Backup/Restore process
- ARCHIVAL - Cost effective Long term data archival storage
- FILE FABRIC SOLUTION -Share, Colloborate, Compliant
- ACCELERATE- Quick contents transfer to Cloud
- SECURE - Hosted in Secure Tier3 DC's with Tier1 Network
- MEDIA STORAGE - Comptiable with MediaAssetManagement Systems
- CONSOLIDATE - All your contents under single management
- TAPE MIGRATION - Legacy Tape Migration service to Cloud storage
- DOCUMENT MANAGEMENT - Cloud Storage for your business documents
£0.011 to £0.035 per gigabyte per month
- Education pricing available
Tata Communications Ltd
Edwin GS P Nadar
+44 7500 809402
The platform is a 24x7 available service. Any planned maintenance will not impact availability.
Access to the service is via RESTful API
SWIFT & S3 API Supported
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Email or online ticketing support
Support response times
Global Service Desk is available 24*7*365 to customers for incident reporting and management. When an incident is reported by customer and an incident ticket is opened by the global service desk, the global service desk assumes full responsibility for the incident until the ticket is closed. Incident tickets are classified as Severity 1: Major Fault, Severity 2: Minor fault and Severity 3: Troubleshooting request based on the classification and priorities.
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Our Cloud storage platform is pro-actively managed and monitored by a team of skilled engineers. Incidents and requests are submitted to the web-based Service Desk tool by our customers or our engineers. Further queries can be submitted to the Service Delivery Manager.
The team provides dashboard to report, capturing and progressing of incidents and requests logged via the Service Desk or monitoring systems, and escalating functionally within the team to appropriate areas of expertise or to Service Delivery Managers in the event of major incidents or client impacting changes.
A named Technical account manager can be allocated to the client.
We engage with our clients to design the relevant support model to fit the business needs, it can be 24*7.
We also provide client specific support SLA's as per the Business needs.
|Support available to third parties||Yes|
Onboarding and offboarding
Our proven, expertise in service management delivers a single point of contact for your teams. Our service management goes through service design, delivery, implementation and assurance. Service delivery and implementation:
We have a defined on-boarding process which detailed planning which includes:
• Developing risk mitigation plans before delivery • Acceptance Criteria to ensure that both parties agree on what constitutes service readiness, and allows us to transition seamlessly into a full support model. • Introduction and Training on the Service Desk for clients • Ways of Working sessions to agree how we work with key stakeholders, and define ways to report status Service transition and assurance: The handover phase is designed to ensure that the technical teams gain a thorough understanding of the service and/or infrastructure that are being supported. During transition, a Technical Support Document (TSD) is created which forms base document that has all the deployment details. This is maintained as a single document throughout the life of the support service and includes details such as solution architecture, deployment model, managed services reporting etc.
|End-of-contract data extraction||
Users can extract their data across the network via VPN or other secure network protocol . Also user can use any Standard tools to copy the data from Cloud storage.
In the event you require a live migration of data, our professional service handle the same.
The Data can be deleted or can be provided to you through the network.
Design and service documentation is located on the Catalyst portal and can be downloaded to provide a permanent record. Other documentation, where available or feasible to produce, can be provided on request.
If you feel the need to switch providers, we will work with you to expedite the off-boarding of your Cloud storage services .
Our solutions are all based on standardized architecture , with robust migration processes and consistent documentation that make knowledge transfer straightforward and complete. As standard, if you wish to move data, we will provide secure access to third parties to extract your data to help you to get the data in target environment. If you want to keep the data retained, but require the managed service to be terminated, the tools and software can be removed, leaving the data preserved in the bucket. Depending on your target end state and specific schedule, there may be additional professional services charges applicable to help ensure that the migration and handover of services to the new provider are aligned precisely to your requirements.
User will be notified well prior to the end of contract to renew. In case of no response from customer as standard practice Data will be retained for 15 days from the receipt of termination notice or end of contract (whichever is earlier).
Using the service
|Web browser interface||Yes|
|Using the web interface||
The Web based interface provides Following capabilities to the users.
1. Dashboard To view the Account Details, Containers, Storage Usage tracking.
2. ITSM - Incident Management - User can raise a incident ticket, View, Track and Manage from the portal.
3. ITSM - Service request management - User can raise a incident ticket, View, Track and Manage from the portal.
4. Access to Audit Logs.
|Web interface accessibility standard||None or don’t know|
|How the web interface is accessible||
To Log on to the portal :
1. Launch the Portal using URL: https://ipcloud.tatacommunications.com/
2. Login to the cloud storage portal using the URL/Credentials provided during subscription.
3. The defined service user will setup further user accounts and storage containers providing Access Controls accordingly. With appropriate permissions users can the use standard PUT, GET and DELETE data using S3 API / SWIFT API.
|Web interface accessibility testing||No specific web interface technology testing has been undertaken with assistive technology users, however best practice reference architecture based development methods have been used to optimize the end user experience|
|What users can and can't do using the API||
On subscription user will be provided with following details access the storage container/bucket.
For SWIFT API based access:
Account name, Swift Password, Container Name.
Swift AUTH URL Example: http://XXX.ipstorage.tatacommunications.com/auth/v1.0/
For S3 API based access:
Account name, S3 API Key, Container Name,
Access URL example : XXX.ipstorage.tatacommunications.com
User can use any standard automation tool which support S3 API or swift API and Automate the API Commands with Scripts to make any changes (i.e. Get, Put, Post, Copy, Head, Delete ).
No Specific limitation on changes through the API.
|API automation tools||
|API documentation formats|
|Command line interface||No|
|Independence of resources||
Each Customer cloud storage is logically segregated to prevent users and customers from accessing bucket not assigned to them.
Each customer data is stored in exclusive location in the cloud disk pool, which does not impact other user data access. Cloud storage architecture is logically segregated in access layer and configuration layer for each storage container/bucket. Each storage bucket is segregated via security management processes/controls.
|Infrastructure or application metrics||Yes|
|Other metrics||Storage Size|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||
|Other data at rest protection approach||Encrypted Data Ingestion to Cloud storage bucket/Container.|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||
Use can use any backup tool compatible to access the storage container over SWIFT or S3 API.
User will be able to schedule the backup to cloud storage target.
The backup tool will provide all features they have been using with Tape backup or local backup so far.
|Scheduling backups||Users schedule backups through a web interface|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
The Service Component availability Guarantee for IZO Cloud storage service (henceforth referred as device )is as follows for each variant.
Value Based - 99.9% SLA
Resilient - 99.9% SLA
Geo-Resilient - 99.99% SLA
The device is considered unavailable if the fault reported to the Global Service Desk by customer or identified by supplier itself is of Severity1: Major fault, as defined in the service schedule. Unavailability is calculated on monthly basis and the time of device unavailability experienced.
Such device unavailability shall be used to determine any service unavailability credit that the customer is entitled to for that particular month. The unavailability credit is a percentage of the Monthly recurring charge (MRC) for the device as set forth in following table and applies only to and is calculated for and the sites for which such credit was derived.
SLAs are available only if Client is compliant with the Agreement terms and do not apply to any third party including Client’s end users. SLAs do not apply to beta, experimental, trial, or no-charge Cloud Services.
|Approach to resilience||
Our Cloud storage platform architecture is built with no single point of failure.
Data is stored across multiple availability zones and regions and replicated across multiple regions as per the Storage container Policy configured. Cloud platform architecture supports elastic scaling to ensure the Storage platform scales in line with demand, ensuring high performance across all traffic demands.
Further details can be shared on demand.
Notifications are: ITSM Dash board, Email Alerts, Call during Major incidents.
Our Incident Management process guides pro-active detecting and logging incidents and requests and ensure technical teams respond efficiently and effectively in order that requests are fulfilled and service is restored to clients as swiftly and stably as possible. In the event of an outage, the Service Delivery Manager contacts the client to inform them. Client also has full access to the Service Desk, and is able to configure a dashboard to receive alerts on incidents and track resolutions in real time. Further updates are then communicated using a combination of methods, including the dashboard, ticket updates and incident reports in accordance with the severity of the outage as documented in our Incident Management process.
Identity and authentication
|Access restrictions in management interfaces and support channels||
Operating Systems and applications in the platform have the restricted services access enabled.
Operating Systems and applications are fine tunes to run only the required services and access for intended project and application use.
System utilities are used only after proper validation / testing done. Without which users prohibited to use the same.
Users with system and network administrator access shall not download and use any security related tools without Prior approval rom Head-information security.
Support channel connects through Physically & logically isolated network channel.
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
|Devices users manage the service through||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||Between 1 month and 6 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||Between 1 month and 6 months|
|How long system logs are stored for||Between 1 month and 6 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Bureau Veritas Certification Holding SAS - UK Branch|
|ISO/IEC 27001 accreditation date||27/03/2017|
|What the ISO/IEC 27001 doesn’t cover||
Nothing specifically excluded or not covered.
It Covers all required services and DC in UK.
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Who accredited the PCI DSS certification||ControlCase LLC|
|PCI DSS accreditation date||31/01/2018|
|What the PCI DSS doesn’t cover||This Certificate does not substitute for the need to register with the card brands directly in order to be listed on their website and for them to confirm you as compliant per their individual programs.|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||Tata Communications maintains core security certifications ISO 2700 Security risks, requirements and controls are primarily designed around Confidentiality, Integrity and Availability. Managing security in this manner allows for a practical, applicable and cost effective design that meets our business, regulatory and compliance requirements. As we are fully certified in ISO27001 we apply rigorous processes within our development framework to ensure that we develop, configure and manage infrastructure to meet the security needs of our clients. If an incident is identified as being a security incident either by an investigating engineer or by a security monitoring system then it is immediately escalated to technical team, the service design and architecture team, the service delivery manager and the senior management team form a dedicated Security Operations Center.|
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||Tata Communications follows the ITIL definition of change management to provide a standardized method for the management of the risk and impact associated with amending live configuration items. The workflow is configurable based on change classification (emergency, planned etc.). The Change Team ensure the necessary governance is in place at all stages of the process and are responsible for managing quality, adherence to the process and provide final approval. There is a structured process: Logging, Assessment, Scheduling, Testing and Plans, Communications, Reporting and Governance.|
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||Tata Communications carries out vulnerability scans using authorized scanning vendors on external interfaces as well as internal scans using market leading products. Results are reviewed and remediation plans set through raising tasks within our management system for engineer completion. A suitable 3rd party vulnerability and security testing company can be identified as part of the full service offered. Critical issues found are raised immediately via the service desk to be fixed by the support team under SLA.|
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||Tata Communications leverages industry leading unified security management tools for our pro-active monitoring solution on our platforms.. We have a complete view of our platform by identifying potentially compromised systems and suspicious behavior, assessing vulnerabilities, correlating and analyzing security event data. These are based on key principles such as : Asset Discovery, Behavioral Monitoring, Vulnerability Assessment, SIEM into a single management plane A centralized log management platform is used to audit access providing real-time searchable data for an holistic view of security, allowing multiple ( unrelated) logs to be linked in a single security event, enabling real-time issue analysis|
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||Tata Communications support team proactively monitor and manages the platform on 24x7x365. Platform monitoring covers all elements such as hardware and network, storage nodes using the native monitoring tools. Tata Communications monitors the critical service components such as cloud storage node health, Network, Firewall, Connectivity using the monitoring tool. Automatic incident tickets are generates and sent via email to the support team on threshold exceed or any failure of the service components. Also user can trigger incident ticket via ITSM portal or email, prompting team to investigate the issue and take any necessary corrective action.|
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||Yes|
|Who implements virtualisation||Supplier|
|Virtualisation technologies used||Other|
|Other virtualisation technology used||
Cloud storage platform is designed with Openstack Swift architecture.
We support both Erasure coding method and Copy method to store the data.
|How shared infrastructure is kept separate||
To access the storage bucket(container) individual User requires combination of Account name, password, access URL, Access keys. Which will be unique for every container.
Each customer user profile and data is Isolated with access layer, Logical container layer, Storage layer. Completely isolated for exclusive access.
|Price||£0.011 to £0.035 per gigabyte per month|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||
- Size of the container (1TB to 10TB) > 10TB Approval required
- Maximum Containers–5
- Bandwidth (5Mbps – 20 Mbps)
- Maximum POC Time (15 to 30 Days)
- Any ICS Region
- Accessible over Internet Swift API / S3 API
- Delivery timeline 1 to 2 working Days
|Link to free trial||https://www.tatacommunications.com/contact/|
|Pricing document||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|