Iotic Labs

Iotic Secure

Cloud hosted SaaS solution that provides DDoS and PDoS mitigation through double abstraction of source and consumer. Brokered interactions between data and controls using FinTech-level security. Use oursolution Iotic Secure to deploy IoT devices securely in your business, reduce the risk of network incursions, and identify, mitigate, and isolate threats.


  • Digital Twin of source and consumer
  • Brokered interaction between data and controls
  • Interoperability across Data Estate
  • Technology Agnositic
  • Scalable horizontal architecture
  • Future flexible - additive adaptive architecture


  • Enhance productivity - single intergration and mutltiple reuse
  • Flexible - use what you have. Technology agnositic
  • Secure - FinTech level security.


£1295 per licence per month

Service documents

G-Cloud 10


Iotic Labs

Ali Nicholl


Service scope

Service scope
Service constraints Standard service offering requires users to have
1. Basic knowledge of the Python Language
2. Comfortable using the command line interface in Linux, Mac or Windows
3. Some familiarity with network configurations
System requirements User requires command line access in Linux, Mac or Windows

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times Response times are linked to Service Level Agreements and Support Contracts ranging from 24 hrs to 30 minutes dependent on level of service and support required.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Standard Support - UK business hours Monday to Friday
Response time 1hr

Enhanced Support can be provided based on requirement cost based on requirement.

Technical Account Mangers are available at cost
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Onsite onboarding workshop available (standard 3hrs for 6 users)
Extensive user documentation and examples (available through GitHub and open community developer portal (
Online training is not currently provided directly - courses are available from (ISC)2
( ) - CPEs available
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Very little data is stored within the environment however users can at any stage follow and write stream into a database/store of their chosing.
End-of-contract process Service is provided as SaaS. At end of contract service access is withdrawn.
Usage and monitoring and reporting can be provided at additional cost.

Using the service

Using the service
Web browser interface Yes
Using the web interface Once set up Users can access their private Iotic space to access connected devices, manage interactions between data and controls.

Only approved users, with agent credentials can make changes and add additional IoT devices.

Network gateway configuration is not possible through the web interface.
Web interface accessibility standard None or don’t know
How the web interface is accessible All visual interface actions and behaviours are possible in code using accessible code libraries and standard code interfaces.
Web interface accessibility testing Web interface was tested against RNIB guidelines.
Code interface alternative tested using voice only command interface.
What users can and can't do using the API API is intergration process.
Service is not set up or amended via API
API drives interaction only.
API automation tools Other
API documentation Yes
API documentation formats
  • HTML
  • Other
Command line interface Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface All interactions and behaviours are possible through command line interface

User profiles and user management are not possible through command line.


Scaling available Yes
Scaling type Automatic
Independence of resources Horizontally scalable architecture and discrete user instances enable load balancing and extensible usage.

Usage and access throttling controlled by system administrators where necessary.
Usage notifications Yes
Usage reporting
  • Email
  • Other


Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Memory
  • Number of active instances
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest Other
Other data at rest protection approach Data at rest are not encrypted (deliberately) as:

Each component that accesses the data only has minimal privileges on that data (e.g. can't do a database dump)
Each component has its own userid and password (stored in the Ansible Vault)
Database servers are only accessible via the AWS VPC (needing another public-private key-pair)
Backups are encrypted and sent to another physical location (Frankfurt) and stored on Amazon S3
Data sanitisation process No
Equipment disposal approach In-house destruction process

Backup and recovery

Backup and recovery
Backup and recovery Yes
Backup controls User can control back up of locally hosted applications
Datacentre setup Multiple datacentres
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Standard provision of service is based on 3rd Party hosted service from Amazon Web Services (
Approach to resilience Available on request.
Outage reporting Email alerts.
Where dedicated service has been selected Technical Account Manager will match customer requirement.
Dashboard can be made available on request.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
  • Username or password
Access restrictions in management interfaces and support channels We use public-private key-pairs. Each Iotic-labs developer requires 3 pairs to gain access to the servers, the VPC and the password vaults
All system passwords follow standard format and pass the Unix systems "Cracklib" password checker.
All system passwords are encrypted using AES256 and stored in Ansible vaults, accessed using a 100-character password. The password is encrypted using GPG (only accessible using the developers' public-private key-pair). The Ansible control host, where the vaults are kept, is turned off normally.
User passwords are hashed using Password change/length/etc policies on space website(s) are in the Clients' control
Access restriction testing frequency At least once a year
Management access authentication Other
Devices users manage the service through
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We link security activities to your organisation’s goals and priorities
We have identified the individuals, at all levels, who are responsible for making security decisions and empower them to do so
ensure accountability for decisions
ensure that feedback is provided to decision-makers on the impact of their choices
Security is a priority sits alongside other business priorities, such as health and safety, or financial governance.
Information security policies and processes Internal review and management from Board, Senior Management Team and individuals.

A small team organisation reporting is direct from individual to SMT to CEO and board.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Change control process
Identify, Track, Define Accountability, Update Library (including GitHub public and private document development), Release to staging test, review, Release to production.
Audit against project manger requirements.
Vulnerability management type Undisclosed
Vulnerability management approach Available on request
Protective monitoring type Undisclosed
Protective monitoring approach Available on Request
Incident management type Undisclosed
Incident management approach Available on Request subject to service requirements and usage.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £1295 per licence per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Just Start 3 Month Free Trial
500 private feeds or controls
500 subscriptions
60 shares per feed per hour
2,000 public feeds or controls
Unlimited subscribers*

*subject to fair usage policy
Link to free trial


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑