This G-Cloud 10 service is no longer available to buy.

The G-Cloud 10 framework expired on Tuesday 2 July 2019. Any existing contracts with Truststream Security Solutions are still valid.
Truststream Security Solutions

Zscaler Private Access Service

Zscaler Private Access is a cloud-based service that delivers policy-based, secure access to private applications and assets without the cost, support burden, or security risks of a VPN. It delivers seamless, policy-driven, access to private internal applications and assets whether they are in the cloud, the data center, or both.

Features

  • No VPN client to launch, exit, support and manage
  • Enable application-specific access to staff, individual contractors, and business partners
  • Users never placed on network, enabling use of unmanaged devices
  • Consistent security policy enforcement for application access
  • Unauthorized users are not able to see applications
  • Removes complexity and security risk of VPNs
  • Reduces Capex and Opex compared to traditional VPNs
  • Easy and fast deployment
  • Decouples private internal applications from the physical network
  • Automatically routes to the location that delivers the best performance

Benefits

  • Provides secure access to your internal applications
  • No VPN on-premise equipment capital and support (FTE) costs
  • Easily apply your organisation’s security access policy
  • Applications never exposed to the internet, reducing the DDoS threat
  • Seamless integration with your existing identity stores
  • Scalable to any size of workforce and number of applications
  • Requires no changes to current infrastructure
  • Reduces the complexity of network/security architectures, accelerating cloud adoption
  • Simplifies cloud security through partnerships with Microsoft/Azure and Amazon/AWS

Pricing

£0.94 a user a month

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bryan.thomson@truststream.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 10

Service ID

1 3 8 5 0 4 2 6 6 7 6 1 3 3 6

Contact

Truststream Security Solutions Bryan Thomson
Telephone: 07827 327320‬
Email: bryan.thomson@truststream.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
There are no operational constraints to the service
System requirements
None

User support

Email or online ticketing support
Email or online ticketing
Support response times
Standard Support: P1 response time 2 hours, P2 response time 4 hours, P3 response time 12 hours, P4 response time 48 hours.

Premium Support: P1 response time 30 minutes, P2 response time 1 hour, P3 response time 3 hours, P4 response time 4 hours.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Standard support is provided by Zscaler with the ZPA service. Premium support is available from Truststream at 15% of the annual net cost of the service. The Truststream Zscaler Premium Support service provides a support engineer with contextual knowledge of the customer implementation. It also gives regular technical account management meetings which can be in person or by Webex. The frequency of the meetings are agreed at the time of the implementation. Typically, more frequently initially, settling to a quarterly or bi-annual frequency.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
The implementation of the Zscaler Private Access service is not a complex nor lengthy project. Truststream supports organisations that are new to the service every step of the way. Online training and comprehensive user documentation is provided. Often, organisations evaluate and become comfortable with the service using a proof-of-concept trial. They then purchase the service and the PoC is simply switched into production making implementation straightforward and low-risk.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
We do not hold any client data
End-of-contract process
The customer would have to phase-in alternative application access methods in advance of the service contract ending.

Using the service

Web browser interface
No
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
None
Accessibility standards
None or don’t know
Description of accessibility
The admin monitor is viewable as an application through a web browser. There is no user interaction as the system is passive to the end user.
Accessibility testing
Not applicable
API
No
Customisation available
Yes
Description of customisation
The ZPA service can be customised via the administration portal. It is very comprehensive in deployment, granular policy control options and reporting.

Scaling

Independence of resources
The Zscaler global network consists of over 100 data centers. If there is a problem with one DC, user traffic is simply routed to the nearest alternative DC. Zscaler has been designed as a scalable cloud service from day 1. Currently, over 5,000 organisations in 185 countries are using the service to make 30 billion requests a day, 125 million of which are blocked for protection and compliance purposes.

Analytics

Service usage metrics
Yes
Metrics types
The interactive reporting tool in the admin portal presents a wide range of standard reports and provides the ability to create custom reports as well. It supports real-time interactive analysis.
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
Zscaler

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least every 6 months
Penetration testing approach
In-house
Protecting data at rest
Other
Other data at rest protection approach
We do not hold customer data
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
For compliance mandates on local log archival, Zscaler Nanolog Streaming Service (NSS) allows you to transmit your logs to your SIEM in real time for external logging or advanced threat correlation. You can even fine-tune threat feeds to receive particular data in order to accommodate SIEM Events Per Second (EPS) restrictions.
Data export formats
Other
Other data export formats
Customizable to send log fields based on complex log filters
Data import formats
Other
Other data import formats
Live user credentials from ADFS or SSO integration

Data-in-transit protection

Data protection between buyer and supplier networks
Private network or public sector network
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
The SaaS will be available to accept Customer’s Transactions and Sessions 100% of the total hours during every month Customer uses the SaaS. Service Availability is monitored by a third party service (Site 24x7 by ZOHO), and Service Availability is validated by this third-party service. Excluded Transactions and Sessions would not be factored into this Service Availability validation. Failure to meet this Service Availability Agreement results in a Service Credit as follows. Percentage of Transactions and Sessions Processed During a Month:
>= 99.999%, service credit 0 days;
< 99.999% but >= 99.99%, service credit 3 days;
< 99.99% but >= 99.00%, service credit 7 days;
< 99.00% but >= 98.00%, service credit 15 days;
< 98.00%, service credit 30 days.
Approach to resilience
N+1 failover Data Centres
Outage reporting
Public Dashboard & Email. The Zscaler Service Continuity Customer Notification Protocol is available on request. Type the term into a search engine.

Identity and authentication

User authentication needed
Yes
User authentication
Other
Other user authentication
SAML
Access restrictions in management interfaces and support channels
Role-based access control. Details available upon request.
Access restriction testing frequency
At least once a year
Management access authentication
Other

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Brightline for Zscaler, The British Assessment Bureau for Truststream
ISO/IEC 27001 accreditation date
26/06/14 for Zscaler, 07/10/16 for Truststream
What the ISO/IEC 27001 doesn’t cover
Truststream scope: provision of cyber security services. Zscaler scope: the Zscaler cloud operations for its Security as a Service platform (including operations employees and network operations center) located in Zscaler’s network operations center in San Jose, California. Everything else is out of scope.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Truststream is Cyber Essentials Plus certified

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Truststream is Cyber Essentials Plus certified
Information security policies and processes
Available on request

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Available on request
Vulnerability management type
Undisclosed
Vulnerability management approach
Following industry best practices with Qualys scanning
Protective monitoring type
Undisclosed
Protective monitoring approach
Available upon request
Incident management type
Undisclosed
Incident management approach
Available upon request

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
Yes
Connected networks
New NHS Network (N3)

Pricing

Price
£0.94 a user a month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Full product on qualified 30-day proof-of-concept trial. When organisations satisfy themselves that the service functions as advertised, they usually proceed to purchase and the PoC trial is simply switched to production and the full production user-load added.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bryan.thomson@truststream.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.