Galaxkey

Enterprise Cloud Self Hosted - Email and file encryption, Secure Workspace, Digital Document Signing

Galaxkey Enterprise Cloud (Self Hosted) provides pure end-to-end Email & File Encryption, Secure Workspace for file sharing and collaboration plus Digital Document Signing.
Features include email revocation, notifications, geofencing, digital signatures, secure collaboration, file sharing.
All with central management and complete white labelling capabilities.
CPA Certified by the NCSC.

Features

  • Pure end-to-end encryption technology
  • Encrypt emails directly from Microsoft Outlook iOS Android and Web
  • Digital Document Signature
  • Revoke emails, and get notifications for emails
  • Companies can manage keys in-house, no passwords stored
  • Complete audit of access of emails and files
  • Geofence and classify emails to protect emails within your environment
  • White label platform as per corporate requirements
  • Built in policy engine to define policy based encryption
  • Collaborate & Share files in Secure Workspace

Benefits

  • Protect emails and files with end-to-end encryption
  • Easy to use and deploy, report and manage
  • Digital Document signing & encryption of sensitive documents
  • Comply with regulatory requirements like GDPR, HIPPA
  • Save costs on expensive multiple platforms to secure data
  • Use policy engine to help in data loss prevention
  • Get notified when someone opens an email or document
  • Secure sharing and collaboration of sensitive documents
  • Container technology allows no limit on file size
  • Control your own keys and your data, no passwords stored

Pricing

£49 to £89 a user a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@galaxkey.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

1 6 5 3 0 1 6 9 2 7 8 3 7 0 6

Contact

Galaxkey Galaxkey Sales Team
Telephone: +44 (0) 333 150 6660
Email: sales@galaxkey.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Private cloud
  • Hybrid cloud
Service constraints
Galaxkey can be deployed in in-house (Hybrid). It requires a DMZ implementation of some services which provide web access to the secured emails.
System requirements
  • Galaxkey Clients:
  • Microsoft Outlook 2007/2010/2013/2016/2019
  • IOS
  • Android
  • Mac OSX
  • Web Client
  • Galaxkey Server (Hybrid):
  • Windows 2012

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 2 Hours
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Basic, Advance or Premium Support is available:

Basic (Free):
Limited Support Access (12x5)
Training videos/ Getting Started webinars
Basic Support SLA

Advance:
Enterprise-grade Support Access (24x7)
Priority phone support
Enterprise-grade Agreed SLAs
Training videos/ Getting Started webinars

Premium:
Enterprise-grade Support Access (24x7)
Dedicated Support Line
Enterprise-grade Support SLA
Named Customer SuccessManager
Monthly On-Site Customer Success Meeting
Quarterly On-Site Business Review
Support available to third parties
Yes

Onboarding and offboarding

Getting started
When a corporate company signs up with Galaxkey, our on-boarding team does a complete on-boarding process which includes
1. Online/Onsite Training for Administrator
2.Online/Onsite Training for End users
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
With Galaxkey all files and emails that are encrypted have an extension .gxk. This is the secure container file format. Once the contract is over, the customers can use the Galaxkey client to decrypt the files. There is a complete procedure to decrypt the data.
End-of-contract process
At the end of the contract, Galaxkey provides a document to the customer to decrypt all their files. There is no restriction on decrypting the files.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Galaxkey has native applications on the mobile platforms (iOS and Android). The desktop apps are on Windows and Mac. On Windows Galaxkey integrates with Microsoft Outlook and a desktop application is installed to provide File Encryption. On the mobile platform the app provides an email interface which interacts with the mobile email clients to send out secure emails. The apps also provide the ability to open secure files
Service interface
No
API
Yes
What users can and can't do using the API
Galaxkey has an API to encrypt and decrypt any data. This API is provide via the SOAP protocol
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
The following can be customised
1. Logo on the Web Portal
2. The Email wrappers that is sent with a secured email.
3. The out going SMTP Servers (Hybrid)
4. Classifications
5. Email templates

The customisation is provides to the customers via a Web Administrator Portal.

The Galaxkey Corporate Administrator or designated Service Account can customise the user interface.

Scaling

Independence of resources
Galaxkey cloud service is based on the Amazon auto scale platform. So as the demand increased, the service is auto called.

Analytics

Service usage metrics
No

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Using the Galaxkey client, the customers can export their data to un-encrypted files.
Data export formats
Other
Other data export formats
In original file formats
Data import formats
Other
Other data import formats
  • Galaxkey can encrypt and file format.
  • There is no restriction on file format and size.

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
Even with TLS, all the communication between our internal servers are encryted.

Availability and resilience

Guaranteed availability
Response Time for the Service
Priority Level - 1, First Response - 1 Hour, Subsequent Updates - 2 Hours
Priority Level - 2, First Response - 2 hours, Subsequent Updates - 8 hours
Priority Level - 3, First Response - 2 hours, Subsequent Updates - 48 hours
Priority Level - 4, First Response - 8 hours, Subsequent Updates - 48 hours

Service Level Commitment:
The Service will, subject to the exceptions listed below, be available at least 99.9% of the time during any full calendar month in Customer’s production environment (“Availability Commitment”). The Availability Commitments do not apply to sandbox, beta and other test environments.
The Availability Commitment of the Service for a given month will be calculated as follows (rounded to the nearest one tenth of one percent):
Availability % = 100% x (Total Minutes in the Month – Total Minutes Unavailable in the Month)
Total Minutes in the Month
The Service will be deemed to be unavailable only if the Service does not respond to HTTP requests, (“Unavailable”).
Approach to resilience
Available on request
Outage reporting
1. Email Alerts
2. Twitter

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
All administrative access is based on role based access control. This limits the access to management interfaces.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
EY CertifyPoint
ISO/IEC 27001 accreditation date
18/11/2010
What the ISO/IEC 27001 doesn’t cover
Our admin office
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
CPA certified through NCSC

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Galaxkey is fully CPA Certified with the National Cyber Security Centre (NCSC).
Information security policies and processes
A. Executive review and support of all security related policies.
b. Periodic (but no less than annual) risk assessments of all systems containing Customer Data (“Customer System”).
c. A formal and effective risk treatment program.
d. A formal and effective service provider management program.
e. Periodic review of security incidents, including effective determination of root cause and corrective action.
f. Quarterly internal audit to measure the effectiveness of controls.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
To streamline the Galaxkey change control request, we utilise a ticket system where every change control request is assigned a unique ticket number to track the progress and responses online. With the use of valid AD credentials, the ability to submit a ticket is presented along with the complete archives and history of all Change Control Requests for Administrators.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Under the Galaxkey SDLC, any actual, suspected or reported flaw, vulnerability, or security associated exposures are addressed as soon as they are discovered, suspected or reported.
Two-Phase Flaw identification Process:
During the SDL: In the first instance the flaw remediation is achieved by following the established processes. The developers and the testers are the key stakeholders at this stage.
In production: The Technical Team are responsible for maintaining products and services by ensuring that any reported flaws, vulnerabilities, or other technical issues or services may have are dealt with as a matter of priority as soon as they are reported.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Galaxkey has a comprehensive compromise monitoring system in place based on SEIM and live monitoring. Our response policy for potential compromise is based on the following high level approach.

In an event of compromise
1. The impact of the compromise is categories in either a. Availability b. Integrity c. Security.
2. Based on the impact either single or in combination we have three Business Continuity and Disaster Recovery plans which we execute.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Galaxkey has an online incident reporting system which a user can report to. The incident is recorded and reviewed. We are registered with the ICO and based on the impact of the incident, we have policies to report to the ICO in case of any data theft of loss occurs. In case the incident falls under any of the data security policies, we have policies to provide remedy within 24 hours.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£49 to £89 a user a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
All features are provided at a 14 days trial

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@galaxkey.com. Tell them what format you need. It will help if you say what assistive technology you use.