Amazon Web Services Cloud Hosting
SR Cloud Solutions have highly experienced AWS certified staff, who work with our customers to provide tailor-made solutions that fit within desired budgets, while still meeting business needs. Amazon Web Services provides a flexible, resilient, secure, cost-efficient cloud strategy. All our staff are UK based with a 24x7x365 service desk.
Features
- AWS accredited UK based consultants and support team
- AWS migration professional services with full project management
- Experts in delivering AWS Database Services
- Configurable Geo-replication to other AWS regions
- Auto scaling to increase /decrease number of EC2 instances
- Free access to Cloudcheckr for compliance and cost optimisation
- Elastic Load Balancing to distribute incoming traffic
- Advanced data analytics tools - Athena, EMR, Redshift, Kinesis
- Amazon Elastic Container Service to run applications on managed cluster
- Amazon object/block level storage options using EBS, EFS, S3
Benefits
- Build, Deploy and Manage business applications faster
- Experts in cloud cyber security to safeguard your data
- Agility and speed to grow your infrastructure on demand
- Deployable anywhere with AWS global regions
- 24x7x365 Remote Monitoring & Management
- OPEX PAYG monthly - no long term contracts or commitments
- Specialist right sizing VMs and created Reserved Instances saving costs
- Experts in providing connectivity into AWS using Direct Connect
- Free AWS Compliance & Best Practice reports from Cloudcheckr
- Free Cloudcheckr cost optimisation to efficiently manage AWS workloads
Pricing
£0.01 to £0.01 a unit
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 12
Service ID
2 0 7 7 0 2 9 3 9 5 7 8 7 0 8
Contact
SR Cloud Solutions Ltd
Jamie Ritchie
Telephone: 02036039960
Email: jamie@srcloudsolutions.co.uk
Service scope
- Service constraints
- No service constraints. AWS is a highly available, resilient, secure public cloud service with 99.9% SLA and 24x7x365 support
- System requirements
- N/A
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Standard AWS Support SLAs
General Guidance < 24 hours
System Impaired < 12 hours
Production system impaired < 4 hours
Production system down < 1 hour - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Web chat
- Web chat support availability
- 24 hours, 7 days a week
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- Web chat is accessible via our homepage at srcloudsolutions.co.uk
- Web chat accessibility testing
- Full testing has been completed with assistive technology users
- Onsite support
- Onsite support
- Support levels
-
Priority Response Resolution
Critical (P1) 1 Hour 4 Hours
High (P2) 1 Hour 8 Hours
Medium (P3) 4 hours 2 Days
Low (P4) 1 Day 5 Days
Planned (P5) 2 Day 14 Days - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
An initial meeting will be held with the new customer to gather the requirements so we ensure we can align an appropriate solution to fit the needs. This meeting will involve a Technical Solutions Architect, and a Project manager / Account manager.
This meeting will include the gathering of information to produce a Statement of Work, the SoW will provide a breakdown of tasks involved for the project, roles & responsibilities, timelines, costs, training requirements, quality assurance and testing procedures. - Service documentation
- Yes
- Documentation formats
-
- Other
- Other documentation formats
-
- Word
- Hard Copy
- End-of-contract data extraction
- This is provided in an agreed format at the end of the contract through our established off boarding process. The data is usually provided in excel format (CSV) as standard although other formats may be available upon request.
- End-of-contract process
- Following notification of cancellation we will engage with the customer to confirm the termination date and agree time frames for supplying the customers information to them. If additional/bespoke reporting requirements are requested this would be costed on a POA basis and provided as required.
Using the service
- Web browser interface
- Yes
- Using the web interface
-
All Azure services are managed via the Azure Resource Manager web portal at https://portal.azure.com
Features that cannot be managed via the Azure web portal can be done using Azure powershell cmdlets. - Web interface accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web interface accessibility testing
- N/A
- API
- Yes
- What users can and can't do using the API
- Information relating to Azure API integration services can be found here --> https://azure.microsoft.com/en-gb/resources/videos/azure-friday-an-overview-of-azure-integration-services/
- API automation tools
-
- Terraform
- Puppet
- API documentation
- Yes
- API documentation formats
-
- HTML
- Command line interface
- Yes
- Command line interface compatibility
-
- Linux or Unix
- Windows
- MacOS
- Using the command line interface
-
The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.
AWS tools for Powershell are used to provision and manage services directly.
Scaling
- Scaling available
- Yes
- Scaling type
- Automatic
- Independence of resources
-
The hosting environment is configured to automatically scale to accommodate high demand usage during peak periods, or in the event of a Global Pandemic Outbreak.
Extensive workforce planning is undertaken to ensure suitable support resources are also available during peak times. - Usage notifications
- No
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- Memory
- Network
- Number of active instances
- Other
- Other metrics
-
- Storage
- Database
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- Amazon Web Services
Staff security
- Staff security clearance
- Conforms to BS7858:2012
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Deleted data can’t be directly accessed
- Hardware containing data is completely destroyed
- Equipment disposal approach
- A third-party destruction service
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
- Data Warehouse
- Backup controls
- Customer and SR Cloud Solutions work together to ensure adequate backups and security are in place to protect data as per the customers required standards.
- Datacentre setup
-
- Multiple datacentres with disaster recovery
- Multiple datacentres
- Scheduling backups
- Supplier controls the whole backup schedule
- Backup recovery
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Other
- Other protection within supplier network
-
SR Cloud Solutions work with clients to determine appropriate network security and firewall settings to ensure service availability while preventing unauthorised internal or external access to customer data.
Data is encrypted at rest and in transit.
We also utilise AWS Direct Connect to secure networks.
Availability and resilience
- Guaranteed availability
- SLAs for AWS are available from Amazon depending on the cloud service selected and the level of availability chosen during configuration.
- Approach to resilience
- AWS services can be configured at multiple AWS regions, within these regions there are multiple availability zones for added resiliency. AWS has 22 worldwide regions, 69 Availability Zones, and 199 edge locations.
- Outage reporting
-
Website notification
Direct email
Telephone/account management team
Identity and authentication
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google apps)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
- Access is managed through AWS IAM (Identity Acess Management) controls configurable by the customer.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Dedicated link (for example VPN)
- Username or password
- Devices users manage the service through
- Directly from any device which may also be used for normal business (for example web browsing or viewing external email)
Audit information for users
- Access to user activity audit information
- You control when users can access audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- Between 6 months and 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- EY CertifyPoint
- ISO/IEC 27001 accreditation date
- 12/03/2018
- What the ISO/IEC 27001 doesn’t cover
- N/A
- ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- 15/12/2017
- CSA STAR certification level
- Level 2: CSA STAR Attestation
- What the CSA STAR doesn’t cover
- N/A
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- Coalfire Systems Inc
- PCI DSS accreditation date
- 25/01/2018
- What the PCI DSS doesn’t cover
- N/A
- Other security certifications
- Yes
- Any other security certifications
-
- Cyber Essentials Plus
- ISO 27017
- ISO 27018
- SOC 1/2/3
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
- Cyber Essentials Plus; ISO 27017; ISO 27018; SOC 1/2/3
- Information security policies and processes
-
AWS implements formal, documented policies and procedures that provide guidance for operations and information security within the organisation. Policies address purpose, scope, roles, responsibilities and management commitment.
Employees maintain policies in a centralised and accessible location. AWS Security Assurance is responsible for familiarizing employees with the AWS security policies.
AWS has established information security functions that are aligned with defined structure, reporting lines, and responsibilities. Leadership involvement provides clear direction and visible support for security initiatives.
The output of AWS Leadership reviews include any decisions or actions related to:
• Improvement of the effectiveness of the ISMS.
• Update of the risk assessment and treatment plan.
• Modification of procedures and controls that affect information security to respond to internal or external events that may impact the ISMS.
• Resource needs.
• Improvement in how the effectiveness of controls is measured.
Policies are approved by AWS leadership at least annually or following a significant change to the AWS environment.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Changes to AWS services and features follow secure software development practices, including security risk reviews prior to launch. Developer access to production environments is via explicit access system requests, subject to owner review and authorisation.
Teams set bespoke change management standards per service, underpinned by standard AWS guidelines.
All production environment changes are reviewed, tested and approved. Stages include design, documentation, implementation (including rollback procedures), testing (non-production environment), peer to peer review (business impact/technical rigour/code), final approval by authorised party.
Emergency changes follow AWS incident response procedures. Exceptions to change management processes are documented and escalated to AWS management. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
AWS Security performs vulnerability scans on the host operating system, web applications, and databases in the AWS environment. Approved 3rd party vendors conduct external assessments (minimum frequency: quarterly). Identified vulnerabilities are monitored and evaluated. Countermeasures are designed and implemented to neutralise known/newly identified vulnerabilities.
AWS Security monitors newsfeeds/vendor sites for patches and receives customer intelligence via http://aws.amazon.com/security/vulnerability-reporting/.
AWS customers are responsible for all scanning, penetration testing, file integrity monitoring and intrusion detection for their Amazon EC2 and Amazon ECS instances/ applications. Scans should include customer IP addresses (not AWS endpoints). AWS endpoint testing is part of AWS compliance vulnerability scans. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
AWS deploys (pan-environmental) monitoring devices to collect information on unauthorized intrusion attempts, usage abuse, and network/application bandwidth-usage. Devices monitor:
• Port scanning attacks
• Usage (CPU, processes, disk utilization, swap rates, software-error generated losses)
• Application metrics
• Unauthorized connection attempts
Near real-time alerts flag potential compromise incidents, based on AWS Service/Security Team- set-thresholds.
Requests to AWS KMS are logged/ visible via the account’s AWS CloudTrail Amazon S3 bucket. Logs provide request information, under which CMK, and identify AWS resources protected through the CMK use. Log events are visible to the customer after turning on AWS CloudTrail in their account. - Incident management type
- Supplier-defined controls
- Incident management approach
-
AWS adopts a three-phased approach to manage incidents:
1. Activation and Notification Phase
2. Recovery Phase
3. Reconstitution Phase
To ensure the effectiveness of the AWS Incident Management plan, AWS conducts incident response testing, providing excellent coverage for the discovery of defects and failure modes as well as testing the systems for potential customer impact.
The Incident Response Test Plan is executed annually, in conjunction with the Incident Response plan. It includes multiple scenarios, potential vectors of attack, the inclusion of the systems integrator in reporting and coordination and varying reporting/detection avenues.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- No
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
- By utilising Amazon Web Services infrastructure as a Service/Platform as a Service, the worldwide AWS regional data-centres follow Amazon's best practice for energy efficiency.
Pricing
- Price
- £0.01 to £0.01 a unit
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- Free trials available on request.