Nexus Open Systems Ltd

Nexus Enterprise Mobility + Security

Microsoft Enterprise Mobility + Security is the only comprehensive solution designed to help manage and protect users, devices, apps, and data in a mobile-first, cloud-first world. Service includes: Azure Active Directory Premium; Microsoft Cloud App Security; Microsoft Intune; Azure Information Protection and Microsoft Advanced Threat Analytics.

Features

  • Self-service password reset to reduce helpdesk calls
  • Multi-factor authentication options for greater security
  • Group-based provisioning, single sign-on for thousands of SaaS apps
  • Machine learning-driven security reports for visibility and threat management
  • Robust sync capabilities across cloud and on-premises directories
  • Mobile application management across devices
  • Support for iOS, Android, Windows and Windows Phone devices
  • Selective wipe of apps and data for greater security
  • Use of System Center Configuration Manager and Endpoint Protection
  • Information protection for cloud and hybrid deployment models

Benefits

  • Improved Microsoft Office management
  • Extensive protection of corporate email and documents across four layers
  • Single identity for accessing corporate resources
  • Flexible architecture
  • Only solution to protect your Microsoft Office emails, files, apps
  • Cost savings over purchasing the standalone solutions
  • Simple to set up, always up to date
  • Connects to your on-premises datacentre
  • Helps identify security breaches before they cause damage
  • Protects iOS, Android, Windows and over 2,500 SaaS apps

Pricing

£6.60 per user per month

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

2 1 3 4 1 3 9 9 2 0 4 8 3 5 2

Contact

Nexus Open Systems Ltd

Chris Goodwill

01392 205095

sales@nexusos.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
Microsoft provide planned maintenance notifications which will inform customers about service infrastructure work that might affect some Cloud Services. The scheduling of this maintenance can be viewed online.
System requirements
None

User support

Email or online ticketing support
Email or online ticketing
Support response times
Standard SLA is for 2 hours response for Critical issues; 4 hours response for Major issues and 8 hours response for Minor issues.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 A
Web chat accessibility testing
None as yet
Onsite support
Yes, at extra cost
Support levels
Support Levels: Basic - Service Desk Facility; Incident & Problem Management; Dedicated Account Management; Third Party Liaison; Escalation Procedure; Remote Support; Access to Customer Portal. Standard - Service Desk Facility; Incident & Problem Management; Dedicated Account Management; Third Party Liaison; Escalation Procedure; Remote Support; Access to Customer Portal; Service Level Agreement; Remote Monitoring & Alerting. Advanced - Service Desk Facility; Incident & Problem Management; Dedicated Account Management; Third Party Liaison; Escalation Procedure; Remote Support; Access to Customer Portal; Service Level Agreement; Remote Monitoring & Alerting; Annual IT Strategy; Monthly Remote Health Checks; Proactive Monitoring & Alerting; On-site Support. Support cost: Pricing is dependant on customers infrastructure and environment A dedicated Technical Account Manager is assigned to each customer and our Service Desk team includes Cloud Support Engineers.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We follow a defined process for on-boarding new clients to ensure that they have the assurance of our help, whilst at the same time remain in control of the cloud services which are often at the core of their business. Through the on-boarding process Nexus will complete a detailed assessment of: • Client’s strategic vision • Organisational culture • Current and future objectives • Desire business outcomes • Potential improvements to existing business processes • Project and programme delivery resources • Current governance and programmes. We can provide onsite training to our clients as well as instruction at our own training centre. User documentation is provided by way of client portal guide
Service documentation
No
End-of-contract data extraction
You own your data and retain all rights, title, and interest in the data you store with Enterprise Mobility + Security. You can download a copy of all of your data at any time and for any reason, without any assistance from Microsoft.
Upon expiration or termination of your Enterprise Mobility + Security subscription or contract, Microsoft will provide you, by default, additional limited access for 90 days to export your data.
End-of-contract process
There are no additional costs at the end of the contract.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Different mobile devices work with Enterprise Mobility + Security in different ways, Microsoft provide detailed information online regarding compatibility and functionality.
Service interface
Yes
Description of service interface
Web browser
Accessibility standards
WCAG 2.1 A
Accessibility testing
The interface is provided by Microsoft and has been extensively tested with assistive technology
API
No
Customisation available
No

Scaling

Independence of resources
Enterprise Mobility + Security is built on Azure which is a multi-tenant service, meaning that multiple customers’ deployments and virtual machines are stored on the same physical hardware. Azure, provides geographically dispersed regions around the world. These platforms also provide capabilities that support availability and a variety of disaster recovery scenarios. Azure has resiliency and disaster recovery built in to many of its services.

Analytics

Service usage metrics
No

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
Microsoft

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
No
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
You own your data and retain all rights, title, and interest in the data you store with Enterprise Mobility + Security. You can download a copy of all of your data at any time and for any reason, without any assistance from Microsoft.
Upon expiration or termination of your Enterprise Mobility + Security subscription or contract, Microsoft will provide you, by default, additional limited access for 90 days to export your data.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
This service is underpinned by a Microsoft Service Level Agreement (SLA) which describes Microsoft’s commitments for up time and connectivity. For this service, availability of at least 99.95% is guaranteed. The following monthly up time limits attract the indicated service credits. <99.95% (10%); <99% (25%); <95% (100%).
Approach to resilience
Available on request
Outage reporting
A public dashboard shows the status of the service.

Identity and authentication

User authentication needed
Yes
User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
Nexus manage access to management interfaces and support channels through the use of Named Contacts. Those users who require access to management interfaces and support channels such as the client portal must apply for access through their organisation to the Nexus Service Desk. These user applications are then reviewed and approved or rejected with the individual recorded as a Named Contact for the particular service and appropriate credentials provided.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
British Standards Institute
ISO/IEC 27001 accreditation date
15/10/2016
What the ISO/IEC 27001 doesn’t cover
In addition to having the BSI verify the compliance of Office 365 and Dynamics 365 with ISO/IEC 27001, we have asked the BSI to review more than 20 additional privacy controls that we built into the services to better align it with comprehensive European data protection regulations. We have taken this unique approach to help our European customers understand the protections we have put in place to help them satisfy the specific expectations of both European citizens and European regulators. M any customers consider EU privacy regulations to be the strictest in the world, so our work to align our controls with EU privacy regulations helps all customers that value data protection and privacy.Our ISO 27001 certifications and audits by the BSI thus enable all our customers to evaluate how Microsoft meets or exceeds the standards and implementation guidance against which we are certified. The full results of BSI’s findings are included in its ISO/IEC 27001 audit reports on Office 365 and Dynamics 365, summaries of which are available to Office 365 and Dynamics 365 customers upon request.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes
Nexus hold and maintain an Information Security Policy. We have an Information Security Office (ISO) who is responsible for the development, management and enforcement of the policy across our organisation.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Nexus have a configuration management process for tracking changes in the specification of our services and products, this is managed centrally. Nexus also implement a full change management process for assessing and if appropriate executing any changes to services and products.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
One key operational best practice that Microsoft uses to harden its cloud services is known as the “assume breach” strategy. A dedicated “red team” of software security experts simulates real-world attacks at the network, platform, and application layers, testing Office 365's ability to detect, protect against, and recover from breaches. By constantly challenging the security capabilities of the service, Microsoft can stay ahead of emerging threats.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Microsoft security researchers are constantly on the lookout for threats. They have access to an expansive set of telemetry gained from Microsoft’s global presence in the cloud and on-premises. This wide-reaching and diverse collection of datasets enables Microsoft to discover new attack patterns and trends across its on-premises consumer and enterprise products, as well as its online services. As a result, Security Center can rapidly update its detection algorithms as attackers release new and increasingly sophisticated exploits. In the event that customer data is compromised, Microsoft will notify its customers.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
All Incident tickets will be recorded in the Nexus Service Desk system under the Incident Management workflow. All new Incident tickets will undergo an initial impact assessment. Nexus will further look to determine the number of users/systems affected and establish the commercial impact to the customer’s environment. We have a knowledge base to be able to check for common events. Users can report incidents by phone, email or through their client portal. Incidents are included in any appropriate service monthly ticket summary reports.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£6.60 per user per month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Full featured trial, valid for 30 days

Service documents

Return to top ↑