Transact Technology Solutions

Transact Cloud Management Platform (TCMP) Security

We deliver total visibility—across multiple public clouds and hybrid workloads—making immediate cost savings achievable from the most complex cloud infrastructure. From government agencies to large enterprise and managed service providers, TCMP customers deploy our SaaS solution to secure, manage, and govern the most sensitive environments in the world

Features

  • Monitor Security via AWS CloudTrail
  • Security Alerts
  • Security Best Practice Recommendations
  • Reporting of IAM permissions
  • Reporting on S3 Bucket permissions
  • Activity Monitoring using CloudWatch, VPC Flow Logs, AWS Resources
  • Security Group Reporting

Benefits

  • Highlight Security Issues
  • Bridge Skills gap by helping users easily view security issues
  • Time and Cost Savings

Pricing

£200 an instance a month

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at stuart.whitman@transactts.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

2 9 0 3 6 7 7 1 9 1 6 5 0 4 6

Contact

Transact Technology Solutions Stuart Whitman
Telephone: 07725 367728
Email: stuart.whitman@transactts.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Our GCP support is in Beta although we are actively releasing additional functionality throughout the year
System requirements
Read access to environment

User support

Email or online ticketing support
Email or online ticketing
Support response times
CloudCheckr provides every customer with 24/7 email support via support@cloudcheckr.com. We also have a full support documentation base and github API call repository available at success.cloudcheckr.com.
1 HR response for Sev 1 outage and or major functionality down.
1.5 HR initial response on general issues
3 HR response to customer request for updates.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
CloudCheckr customers can choose between three different onboarding plan options - Fundamentals, Standard, and Professional, and also have the option to puchase Premium Support, which gives access to a dedicated Technical Account Manager, provides faster SLAs and includes phone support. This is enhanced by transACT's support services and trained engineers.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
TCMP’s Customer Success team is committed to helping your organization realize maximum return on investment from TCMP management platform. Our experts work with customers at all phases of their cloud transformation journey, providing premier industry knowledge and best practices for TCMP enablement. TCMP has a proven methodology for platform adoption. We recognize that while there are key elements of every customer onboarding journey that lead to positive and meaningful impact, there are also unique needs and circumstances for each customer.

transACT will manage the installation from end to end working with the customer to ensure the best results.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
CloudChecker maintains your data for up to 7 years so long as your a current customer.  All data cannot be exported from the UI.
End-of-contract process
Buyer may terminate the relationship with Supplier for any reason by (i) providing Supplier with notice and (ii) closing Buyers account for all services for which Supplier provide an account closing mechanism.
 
Buyers pay for the services they use to the point of account termination.
 
Supplier customers retain control and ownership of their data. Supplier will not erase customer data for 30 days following an account termination. This allows customers to retrieve content from Supplier services so long as the customer has paid any charges for any post-termination use of the service offerings and all other amounts due. CloudCheckr complies with the GDPR right to be forgotten regulation.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Opera
Application to install
No
Designed for use on mobile devices
No
Service interface
Yes
Description of service interface
TCMP is next-generation cloud management featuring a new experience for delivering total visibility into infrastructures and organizational management—by individuals, teams, and roles.

With the ability to unify disparate data sources across an enterprise, businesses achieve immediate and actionable insights on how to run and scale public cloud infrastructure.

TCMP is the only cloud insights solution with the flexibility to meet business requirements at scale. A new user experience, built on a responsive interface and an API-first methodology, can be used access data on any desktop or mobile device allowing distributed teams to collaborate without restrictions
Accessibility standards
WCAG 2.1 A
Accessibility testing
We maintain a populated copy of the VPAT (Voluntary Product Accessibility Template). The current version of CloudCheckr meets the majority of WCAG 2.1 criteria as “Supports”. Please note that we have a new User Interface that is updating many of the pages in the application. This new UI will be 1) based on the React UI Framework and 2) fully compliant with the WCAG 2.1 Level AA Guidelines as pages are updated
API
Yes
What users can and can't do using the API
CloudCheckr provides support for all of the listed requirements. The platform features a robust API so that users can self-serve in building integrations with other enterprise systems, and manage service requests based off of cloud security events. The API has hundreds of individual calls, allowing users to easily export data from the platform into other third party solutions and build integration workflows.
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
TCMP allows customization at various levels which includes how you organize your cloud accounts using the TCMP's Account Hierarchy, Multi account views and Account families constructs. Along with that more than 250 security Best Practice Checks have quantitative and qualitative parameters than can be changed or limited to reflect custom security baselines. TCMP user permissions are incredibly granular, and can be limited on both an account as well as action level, with access controls for individual reports, features, and information types within the platform. Out of the box, we provide five user roles: Read-Only User, Basic User, User, Administrator, and Partner SysAdmin. All user priveleges are then managed on the report and account level via our Groups template functionality. This allows the customers to customize and restrict access to the service.
CloudCheckr's complete platform offers the customization of the following modules:
Cost Optimisation
Inventory - customizable reporting on all resources, inc. compute/storage to user permissions; accurate trend reports for resources that show spend over time; geographical resource representations.
Compliance - based off of CloudCheckr’s Best Practice Checks and built in alerts, our Total Compliance module automatically details and readies your environment against audit for 35+ regulatory standards
Security
Utilization
Automation

Scaling

Independence of resources
Customer environments are logically segregated to prevent users and customers from accessing resources not assigned to them.

CloudCheckr's application continuously monitors the production environment and dynamicly spins servers up and down to match customer demand using automation.

Analytics

Service usage metrics
Yes
Metrics types
EC2 Summary, List of Instances, EBS summary, List of Volumes, AMI Summary, List of AMI's, Load Balancers Summary, Autoscaling Summary, Autoscaling Groups, and Launch Configurations, Elastic IP's Summary, List of Elastic IP's, S3 Summary, List of S3 Buckets, RDS Summary, List of DB Instances, List of Backups, List of Snapshots, Heatmaps, etc.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Cloudcheckr

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Other
Other data at rest protection approach
All data is encrypted in transit using TLS encryption. Regarding data at rest all data at rest is encrypted in our High Security and Federal offerings with FIPS validated encryption, in our standard offering only sensitive fields such as personal data and configuration information are encrypted at rest utilizing AES 256.
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Users can export data by generating reports or invoices, then downloading said reports in CSV or PDF format. They can also export via API
Data export formats
  • CSV
  • Other
Other data export formats
PDF
Data import formats
  • CSV
  • Other
Other data import formats
PDF

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
Other
Other protection within supplier network
TCMP employs security best practices including encryption, network segregation, role based access control, multi factor authentication.

Availability and resilience

Guaranteed availability
SLAs fall in accordance with the agreement signed by you and transACT
Approach to resilience
The TCMP application is designed with resiliency in mind. TCMP has deployed the application in multiple regions all over the world. In each region, using automation, the system scales up and down as needed, and is continuously monitored for errors. In the event that a server becomes unhealthy, it is detected and the server is taken out of production and quickly replaced with a healthy server.
Outage reporting
Via email

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication
TCMP provides authentication with Active Directory Federation Services (ADFS) or SSO through any SAML 2.0 provider.
Permissions are granular,can be limited on both an account as well as an action level, with access controls for individual reports, features, and information types within the platform. TCMP provides authentication with Active Directory Federation Services (ADFS) or SSO through SAML 2.0 provider.

TCMP administrative users have access to an Audit-History feature, which details any changes made or reports executed and event type, including timestamp for the event.

TCMP provides authentication with Active Directory Federation Services (ADFS) or SSO through any SAML 2.0 provider.
Access restrictions in management interfaces and support channels
The customer is in control of their users who have access via our User Management functionality.TCMP user permissions are incredibly granular and can be limited on both an account as well as an action level, with access controls for individual reports, features, and information types within the platform. Out of the box, we provide five user roles: Read-Only User, Basic User, User, Administrator, and Partner SysAdmin. All user privileges are then managed on the report and account level via our Groups template functionality.

API calls can be encrypted with TLS/SSL for confidentiality and customers can use TLS/SSL-protected API endpoints.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
SSAE 18 SOC2 Type2

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
We have SSAE 18 SOC2 Type 2 that is certified annually
Information security policies and processes
CloudCheckr is currently in the FedRAMP ready status, which requires over 300 controls. CloudCheckr also maintains an annual SSAE SOC2 Type2 outlining our comprehensive control set.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Changes are requested via a ticketing system. After the ticket has been created, they are reviewed at a change management meeting which occurs at least weekly. Representatives from each department attend the change management meeting and approve change requests.

All production environment changes are reviewed, tested and approved. Stages include design, documentation, implementation (including rollback procedures), testing (non-production environment), peer to peer review (business impact/technical rigour/code), final approval by authorised party.

Emergency changes follow incident response procedures. Exceptions to change management processes are documented and escalated to Transact management.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
CloudCheckr's Threat and Vulnerability management process follows FedRAMP principles.

Transact performs vulnerability scans on the host operating system, web applications, and databases in the environment. Approved 3rd party vendors conduct external assessments (minimum frequency: quarterly). Identified vulnerabilities are monitored and evaluated. Countermeasures are designed and implemented to neutralise known/newly identified vulnerabilities.

Customers are responsible for all scanning, penetration testing, file integrity monitoring and intrusion detection for their EC2 and ECS instances/ applications. Scans should include customer IP addresses (not endpoints). endpoint testing is part of compliance vulnerability scans.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Transact perform monitoring devices to collect information on unauthorized intrusion attempts, usage abuse, and network/application bandwidth usage. Devices monitor:

• Port scanning attacks
• Usage (CPU, processes, disk utilization, swap rates, software-error generated losses)
• Application metrics
• Unauthorized connection attempts

Near real-time alerts flag incidents, based on Service/Security Team- set thresholds.

Requests to KMS are logged and visible via the account’s Services. Logs provide request information, under which CMK, and identify the resource protected through the CMK use. Log events are visible to customers after turning on services in their account.
Incident management type
Supplier-defined controls
Incident management approach
Once an incident has been declared, notifications are given to relevant parties, then remediation efforts take place. After the incident has been declared at an end, all evidence and efforts taken are collected and examined to discover take-aways and lessons learned.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£200 an instance a month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Proof of Concept - a 1 month free trial for the TCMP

Access to the services such Cost Management, Security & Governance, Compliance.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at stuart.whitman@transactts.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.