Cognizant Technology Solutions UK Limited

Infrastructure as a Service

Cognizant’s Cloud Infrastructure Services support planning, building and managing hybrid cloud environments with a portfolio of flexible choices. It includes services based out of Cognizant or partner owned data centre providing public or private cloud offerings that host virtual data centres, multi-tenant enterprise services and virtual data desktops.

Features

  • Scalability
  • No hardware CAPEX
  • Utility style costing
  • Location independence
  • No single point of failure
  • On-demand self-service
  • Resource pooling
  • Physical security of data centre location
  • Chargeback model with API's for billing, metering and cost management
  • Single pane of control over Hybrid cloud ecosystem

Benefits

  • Cost savings on hardware/infrastructure
  • Capacity management
  • Disaster recovery/business continuity
  • Disaster recovery/business continuity
  • Ability to access new skills/capabilities
  • Support of uncertain provision planning
  • Transparent metering and self-service management
  • One click provisioning and deployment

Pricing

£37.70 per instance per month

Service documents

G-Cloud 10

217945046490693

Cognizant Technology Solutions UK Limited

Paul Todd

+44 (0) 7711 588 127

paul.todd@cognizant.com

Service scope

Service scope
Service constraints Private cloud element can be provisioned as per customer requirement. The public cloud element would have the same set of constraints that are applicable for public cloud environments like AWS or Azure.
System requirements
  • Baseline for compute and storage aspects of service
  • Data location and transmission requirements must be defined by customer

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We have SLA response times of approximately 15 minutes. Resolution SLAs depend upon ticket priority levels and vary from 1 hour for highly critical failures to 4 hours for low priority queries.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard WCAG 2.0 AA or EN 301 549 9: Web
Web chat accessibility testing Webchat is accessible through a desktop client, a mobile client and a web portal. The user can get support from agents via webchat and can also raise tickets.
Onsite support Onsite support
Support levels We provide 24/7 L1, L2 and L3 levels of onsite support based on the customer's requirements and on the criticality of the environment.
We provide a technical account manager for each account. We also provide cloud support engineers to help with the service. The resource will be available on a dedicated or shared basis depending upon the customer's requirements.
We typically provide 99.99% availability at the platform level and can provide enhanced availability levels through a highly redundant design at additional cost.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started The following documents help the users to start using the services
- Service Management Readiness - Ticketing tool to log tickets
- KEDB - This Known Error Database (KEDB) will be a reference book for the users to fix issues autonomously
- Standard Operating Procedure - This document will provide the support details of different stakeholders and how to reach procedures

Apart from these, we also provide a handover and training to customer users once the service is setup which will enable client users to get started quickly on the system.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction For private cloud, data will be migrated back to the client and devices will be decommissioned.
For public cloud, data will be migrated to the client, then it will be overwritten and we will end the cloud subscription.
Or, we transfer the credentials and we signoff, after which the client will change the credentials.
Alternatively, we can provide extracts of all data within the system to users as a dump and allow the vendor who is providing the replacement system to migrate the data.
End-of-contract process At the end of the contract the access of the users to application will be removed
• Customer proprietary documentation access to the users should be revoked
• All the revoking steps must be documented and signed off by the customer
• In Flight project documentation and knowledge transfer is provided to the customer and the new vendor in a series of arranged sessions
• All documentation regarding the customer environment is handed over to the customer

We also provide a transition to the vendor who is taking over the management of the system and the scope of services being provided under the current contract.

Using the service

Using the service
Web browser interface Yes
Using the web interface We provide a self-service portal, template-based service catalogs and configurable workflows to accelerate cloud application deployment, reduce errors and empower end-users. With our portal, applications can be deployed in minutes instead of weeks, increasing employee productivity and reducing time-to-market.
Users can request items from service catalogue such as virtual machines and storage, etc. Users can deploy pre-configured templates for deployment of virtual machines or entire environments through the web interface. Other features available include:
- Creation of user groups / assign rights to user groups
- Control metering and chargeback to different business LOBs
- Reporting and analytics
- Commissioning and decommissioning of environments
- Load balancing, firewall changes
- Monitoring profiles keep track of IT resources such as memory, CPU, storage and networks
- Pre-defined policies and management rules which can be applied across resources in an organisation
Web interface accessibility standard WCAG 2.0 AA or EN 301 549
Web interface accessibility testing No work to date, however we have the capabilities to work with assistive technology users as is shown by our accessibility standards.
API Yes
What users can and can't do using the API Provisioning and Orchestration - Enabling easy deployment and management of applications on cloud environments, ranging from simple websites to complex business applications. With the help of pre-defined and customisable polices, users can orchestrate application environments with a single click.

Monitoring and Auto Remediation - 24x7 policy-based monitoring of the entire IT setup, providing a 360-degree visibility and control over the entire environment in real time.

Metering and Chargebacks - Detailed consumption metering and granular reporting to identify the real cost of delivering business services for improved planning and budgeting. Utilisation of resources, such as memory, CPU, and network results in greater compliance, cost visibility, reduced IT costs, and greater accountability across business units.

Analytics and Advisory - Analytics and reporting capabilities let you view the utilisation trends and provide a comprehensive audit trail of user activities allowing you to control the consumption of resources across various environments. This results in greater accountability, improved compliance, higher return on investment and lower cost of ownership.
API automation tools
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
  • Other
Other API automation tools
  • Powershell
  • Node.js
API documentation Yes
API documentation formats
  • HTML
  • PDF
Command line interface Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface Resource and configuration management can be done through the command line interface. All functionalities for the resources under management are done through the provided web interface.

Scaling

Scaling
Scaling available Yes
Scaling type
  • Automatic
  • Manual
Independence of resources We provide physically segregated systems for some users where demand for other clients doesn’t affect services for other users. In some cases, where there is only logical segregation, we ensure that there are adequate global capacity pools which can be leveraged in the event that one customer is accessing a larger burst workload. Tolerances are defined at the beginning of the engagement.
Usage notifications Yes
Usage reporting
  • API
  • SMS

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
  • Number of connections
  • Success rate of transactions
  • Availability status
  • Storage capacity
  • Network perfomance
  • Active number of users
  • Number of tickets raised
  • Number of SLA's breached
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Incremental backup of system information
  • Full backup of system information
  • Data files
  • Environment snapshots
  • Virtual machine images
  • Database copies
  • Automation procedures
  • Workflows
Backup controls Backup schedules are agreed in advance with the users. During the contract, changes to the schedule are enabled through change control.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks Cognizant can provision for both the Network and the Application Layer data protection. Shared networks incorporating routing controls are configured to ensure that computer connections and information flows do not breach access control policies of business applications. Offshore deployments are on logical segregation. Individual projects are uniquely categorised under specific VLAN. VLANs are restricted based on the project need. Access control lists are built based on the request received from Client Security team/Project. Cognizant has home grown utility for logging access control polices on project demand and approval process.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network Department specific VLANs have been implemented in the firewalls and these are centrally managed by the IT team. Inter VLAN restriction is in place to provide adequate security. Access to department-specific files and shares are controlled through a “firewall change request” raised by associates via the internal portal. This request needs to be approved by the respective project managers and is then processed by the IT team. All firewalls are in high availability mode with hot failover configuration.

Availability and resilience

Availability and resilience
Guaranteed availability We offer industry standard availability (typically 99.99%). The standard SLA's are negotiated during the contract negotiation stage and we have a proven record in meeting those SLA's. However, in cases where we fail to meet the agreed SLA's, we have a SLA penalty provision in our contract which would be decided after discussion with the client.
Approach to resilience Cognizant adopt an effective IT Resilience Strategy which addresses key characteristics such as performance, scalability, availability, stability and capacity encompassing Application Technology, Infrastructure and Business Processes.

This can be customised to offer the level of resiliency the customer needs and is available on request. Resiliency is typically offered through the following points:

- Design - No Single Point of Failure: Redundant Hardware Components - Full channel path redundancy - Remote site software replication to enable seamless DC failover - Multiple sources for alert generation, monitoring and response

- Monitoring - Advanced predictive monitoring - Remote Monitoring to provide system records error and statistical data

- Resolution - Non-disruptive Hardware Replacement - Provision for diagnosis and analysis before the user is aware of any disruption in services
Outage reporting For planned outages, we will inform the clients well in advance through all the communication channels. In case the service reports any outage due to incident, we will immediately issue a high priority alert to the client with an estimated time of resolution while working on resolution of the outage.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels The users are provided with ‘least privilege’ user access rights by default based on job role and function. The additional privileges are granted against a request from the user which is approved by the relevant Project Manager and the access is granted for specific time duration. One week before the expiry, the access needs to be renewed, if required. If the access is not renewed, it is revoked on last working day originally assigned.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through Dedicated device on a segregated network (providers own provision)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Standardisation Testing and Quality Certification, IT Department, Government of India
ISO/IEC 27001 accreditation date 02/07/2015
What the ISO/IEC 27001 doesn’t cover The following locations, business process, data centers are out of ISMS scope:
1. Cognizant's Sales and Marketing Offices
2. Data centres used for hosting services/client delivery
3. Core logic business division
4. Cognizant finance process
5. Any other development centres not mentioned in facility details of SOA
6. Cognizant Academy
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Cognizant has a well-defined ‘Corporate Security Policy’ which is approved by the Chief Security Officer (CSO) of the Corporate Security team. Cognizant’s Corporate Security Policy and supporting Cognizant Standards, Processes, Guidelines and Procedures extensively cover security requirements to manage security risk for the client, for Cognizant and for the client’s information assets. The scope of the security policy covers all Cognizant business units and affiliates, all Associates, all its partners, suppliers (including contractors, and sub-contractors working with or delivering work products to Cognizant), service providers and all Cognizant infrastructure and information processing assets.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Both the Customer or Cognizant may request change to the original scope of work at any time using the Change Request (CR). All CR details are recorded in a Change Log. Each CR will be analysed in terms of impact on the original scope, schedule, cost, effort, and quality. The increased scope of work on project schedules and/or planned resources will be assessed.

Cognizant’s configuration management process is designed in order to:
1.Provide IT Management with greater control over IT Assets of the organization
2. Provide accurate information to other ITIL/MOF processes
3.Create and maintain a reliable Configuration Management Database
Vulnerability management type Supplier-defined controls
Vulnerability management approach Cognizant has adopted security technologies such as the deployment of firewalls, Internet access monitoring, enterprise antivirus, network and host-based IPS, Data Loss Prevention (DLP), hardened hosts, data mining and analytics, electronic media forensics, vulnerability management and Security Information Event Monitoring (SIEM).

Incidents which are identified through the above monitoring processes are remediated as per the Incident handling procedure. The structured approach is composed of the major phases (Preparation, Detection and Analysis, Containment, Eradication and Recovery and Post-Incident Activity) and of on going parallel activities (Communication, and Documentation).Incidents are responded to and resolved in a prioritised fashion according to their severity.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Cognizant has adopted security technologies such as the deployment of firewalls, Internet access monitoring, enterprise antivirus, network and host-based IPS, Data Loss Prevention (DLP), hardened hosts, data mining and analytics, electronic media forensics, vulnerability management and Security Information Event Monitoring (SIEM).

Incidents which are identified through the above monitoring processes are remediated as per the Incident handling procedure. The structured approach is composed of the major phases (Preparation, Detection & Analysis, Containment, Eradication and Recovery and Post-Incident Activity) and of on going parallel activities (Communication, and Documentation).Incidents are responded to and resolved in a prioritized fashion according to their severity.
Incident management type Supplier-defined controls
Incident management approach Cognizant has defined the ‘Cyber Security Incident Response Guide’ to handle events including privacy incidents, unauthorised disclosure, unauthorised access or breach of client data. The guide includes the process to detect, report, assess and manage information security Incidents. Customers are notified of all security related incidents.

The Incident Handling/Incident Response Procedure is composed of four major phases (Preparation, ‘Detection and Analysis’, ‘Containment, Eradication and Recovery’ and Post-Incident Activity) and of on going parallel activities (Communication and Documentation). This response phase(s) is derived from many standardised incident response processes such as those published by NIST, NASA Incident Management, and ISO27035.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used VMware
How shared infrastructure is kept separate We use the latest cutting edge technology to logically isolate client environments from each other while on the shared public cloud. The logical partitioning divides hardware resources among clients thereby keeping them separate and secure from each other.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £37.70 per instance per month
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑