Vodafone Limited

Cloud Storage

UK Datacentre based, flexible, secure way to store data, elastic scale, next-generation object based storage platform designed to address variety of use-cases. Based on object storage technology, natively optimised in terms of scale, resilience, accessibility. An archive solution, capacity released from primary storage and planned investment for data growth deferred.


  • Pay-as-you-go storage with no hidden costs
  • Scalability on demand
  • Reduce storage costs
  • Secure connectivity options
  • Internet connectivity
  • Vodafone IP-VPN connectivity
  • Direct Connection in select Vodafone data centres
  • Self-service portal
  • Compatible with a range of third-party business & IT applications
  • Quick to implement


  • Three service tiers with different protection options
  • Flexes up and down with your demand
  • Zero capital outlay
  • ISO/IEC 27001 certified platform
  • Enables you to deploy new applications faster
  • Cloud-based solutions save time and money
  • Allows you to self-serve
  • Archiving inactive data to Cloud off-sets investment in primary storage
  • Applications can be deployment quickly and data management automated


£0.05 to £0.1 per gigabyte per month

Service documents

G-Cloud 10


Vodafone Limited

Nicola Penrice

+44 (0) 7467339990


Service scope

Service scope
Service constraints None
System requirements None

User support

User support
Email or online ticketing support Email or online ticketing
Support response times The standard response time is one hour with support available on a 24/7 basis. The Support Incident Escalation is available to be utilised for critical issues and whenever needed to resolve the issue speedily.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support No
Support levels Vodafone categorizes support into severity levels as follows:
Severity 1 resolution within 4 business hours - defined as a total Loss of service affecting entire sites or the core Vodafone network or any elements of the platforms used by the customer, impacting a majority or all of the customer’s end-users. This excludes incidents outside of Vodafone control.
Severity 2 resolution within 4 business hours - The loss of some but not all Vodafone services to a single or multiple sites. Severe degradation of a service to such an extent that it is not usable. For example, unable to use speech recognition, but able to make and receive calls.
Severity 3 resolution within 48 hours - The degradation of, but not the loss of Vodafone services to a site or a number of sites. For example, poor voice quality while still able to make and receive calls.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started On-boarding guidance is provided as part of the service. When the Cloud Storage service is ready the customer will be provided with the following:
I. Order live document – contains account information and guidance
II. Quick start guide – this will be populated with the customers network information and covers the most common connectivity scenarios, providing configuration advice where needed (in some cases Vodafone will carry out this work for the customer)
III. Connectivity handover (optional) – the Hosting Design team will engage the customer to test connectivity (the customer will have to consult the quick start guide first)
IV. Portal user guide – a how to guide for customer administration (not provided for Managed Cloud Storage Applications customers).
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Advise Vodafone help desk that you want to stop using Cloud Storage and we’ll close your account, giving you 30 days before removing any remaining data.Vodafone may also be able to help you minimise the impact of off-boarding through our professional service capability.
End-of-contract process Exit charges may apply.

Using the service

Using the service
Web browser interface Yes
Using the web interface The service is accessed through the internet and can access a portal. Portal users can either be Account Managers or Account Users. Account Managers have access to create, edit, and remove user accounts. Account Users cannot see the Manage Users screen, however, Account Users can login to the portal and view reports and statistics for the sub-tenancy.
Web interface accessibility standard None or don’t know
How the web interface is accessible It is accessible anywhere through an internet connection over HTTPs and end to end security can be assured by using Vodafone's secure networks.
Web interface accessibility testing None directly for this service as access is through end user devices
What users can and can't do using the API Vodafone Cloud Storage is available over the network via web service. All data must be accessed through web
service calls. Vodafone will provide the API to access web service calls.
If the application itself is developed to write to this Cloud Object Storage. Vodafone Cloud Storage uses EMC Atmos® technology, and therefore the API calls are
compliant with the API standards developed and maintained by EMC Corporation. Any application which works
with EMC Atmos® should work with Vodafone Cloud Storage and any software code created for Vodafone
Cloud Storage should work with any EMC Atmos® node. Atmos provides RESTful and SOAP based web services
APIs for data access and administration.
API automation tools Other
Other API automation tools Any programming language that supports web API calls
API documentation Yes
API documentation formats PDF
Command line interface No


Scaling available Yes
Scaling type Manual
Independence of resources Vodafone centrally monitors the platform performance and utilisation and manages any capacity expansions necessary to prevent service performance bottlenecks.
Usage notifications Yes
Usage reporting Other


Infrastructure or application metrics Yes
Metrics types
  • Disk
  • Other
Other metrics Bandwidth activity.
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Near-line (on site) and off site backup
  • Restore customer data
  • Covering file application
  • Machine level point in time copies
Backup controls Customer's backup applications manage backup & recovery policies/procedure. In case required, Cloud Storage Applications (such as Vodafone's Cloud Storage Gateway) could also be purchased.
Furthermore, by opting for the Gold service, data stored on Cloud Storage is securly replicated across remote sites (within UK) automatically, ensuring geographic resilience.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users schedule backups through a web interface
Backup recovery Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Service availability up to 100% can be made available with resilience. within the datacentre and dual site replication. Customers can choose from pre-defined service tiers to control how data is protected. The Gold service replicates your data automatically, providing availability from two Cloud Storage sites. While Gold and Silver tiers both provide self-healing.
Approach to resilience There are multiple protection policies to choose from and the replication policy affects the resiliency of the data and the number of copies of the object. Each customer’s sub tenancy on the storage is setup with a default policy. That default policy will be used unless another policy parameter is passed to the API. Each policy is implemented with erasure coding and checksum in each location, and may include replication to another region if the policy names more than one data center campus.
Outage reporting Great emphasis is placed by Vodafone on monitoring and proactive identification of incidents; The Vodafone Service Desk will raise a proactive trouble ticket and initiate first line diagnostics. The Service Desk will contact the affected users/site to determine the business impact and identify any potential causes for the faults e.g. local site power issues. Vodafone will work with the customer to identify the most effective contact points for the various levels of escalation needed to resolve the issue.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
Access restrictions in management interfaces and support channels Portal users - the first user ID and password created when the account is established is the Administrative ID for your storage sub-tenancy, will be used to manage the portal accounts. Additional user ID’s can be created and used to have other roles, privileges. Manage User screen can be found upon selecting Your Account in top right corner. Portal users can either be Account Managers or Account Users. Account Managers have access to create, edit, and remove user accounts. Account Users cannot see the Manage Users screen, however, can login to the portal and view reports, statistics for the sub-tenancy.
Access restriction testing frequency At least once a year
Management access authentication Other
Devices users manage the service through Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 LRQA are Vodafones ISO27001:2013 accreditor
ISO/IEC 27001 accreditation date 01/05/2017
What the ISO/IEC 27001 doesn’t cover N/a
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification NCC Group
PCI DSS accreditation date 08/08/2017
What the PCI DSS doesn’t cover Vodafone holds 5 PCI DSS certificates covering:
Retail Environment
Voice Payments
PCI Zone - multi channel payments

Functions and process not involved in the processing of payment card data
Other security certifications Yes
Any other security certifications
  • CAS(T) certification for our MPLS Fixed Line Network
  • ISO22301:2015 for all Vodafone UK business units and functions

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes All detailed in the UK and Group policy library and governed by the UK policy framework. Key polies are Information Security, Classification & materials handling, Vulnerability and Patch management, risk management, change management, incident management.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Formal management responsibilities and procedures within Vodafone are in place to ensure satisfactory control of all changes. When changes are made, an audit log containing all relevant information is retained on the Vodafone change management system. Changes to operational systems are only made when there is a valid business reason to do so, such as an increase in the risk to the system.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Vulnerability scanning is performed by industry standard a vulnerability management platform. Governance is in place to ensure that appropriate patching and/or remedial action is reviewed and implemented according to the severity and business impact of the vulnerability.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Vodafone has logging and monitoring capabilities in place along with appropriate storage of log data. The monitoring capability and events are managed and stored within the SIEM solution. The SIEM solution has been built in line with GPG13 DETER.
Incident management type Supplier-defined controls
Incident management approach Incident management processes are in line with ITIL best practice, and integrated with event, problem and change management processes.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used VMware
How shared infrastructure is kept separate Cloud Storage supports access by multiple tenants, where each tenant is defined by a namespace and the namespace has a set of configured users who can store and access objects within the namespace. The key characteristic of a namespace is that users from one namespace cannot access objects belonging to another namespace.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £0.05 to £0.1 per gigabyte per month
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑