Blue Cube Security Ltd

AWS and Azure Workload Migration

Assisting our customers set up a secure AWS environment and migrate their workloads to this in planned and well executed manner using the skills of our Cynergy (Brand Name) delivery team.

Features

• Well planned hosting
• Secure Environment

Benefits

• Stress free migration
• Scaleable architecture

£1,000 a person a day

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Framework

G-Cloud 12

Service ID

298869220979007

Contact

Operational Admin Support
0345 0943070
operations@bluecubesecurity.com

Service scope

• Service constraints: None 24/7/365 service with Blue Cube providing support to match
• System requirements:
  • A suitable workload
  • A design concept for the end user experience

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: SLA's can be designed to suit customer requirement
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Yes, at an extra cost
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: All of our web chat services are tested regularly and we do this to ensure suitable compliance
• Onsite support: Yes, at extra cost
• Support levels: SLA's designed to suit customer requirement; On site costs vary depending on timing and skill set; We can provide both TAM and CSE; Costs vary between £600 - £1800 per day
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We start with a requirements gathering and then set up test situations to pilot the requirement thereafter we scale up and secure to suit.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: They download it from secure S3 storage
• End-of-contract process: Subject to contract agreement we will normally include the downloading and transfer of data to the client but we will not transfer the environment.

Using the service

• Web browser interface: Yes
• Using the web interface: The web interface on AWS allows complete control
• Web interface accessibility standard: WCAG 2.1 AAA
• Web interface accessibility testing: None
• API: Yes
• What users can and can't do using the API: Subject to architectural design
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
• API documentation: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Both of our environment providers are super scale providers
• Usage notifications: Yes
• Usage reporting:
  • Email
  • SMS

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: AWS, MS Azure, Oracle Cloud, Google Cloud

Staff security

• Staff security clearance: Conforms to BS7858:2012
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Files
  • Databases
• Backup controls: By contract agreement
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: Multiple methods available but as a security professional we will utilise the best process for the customer and their budget
• Data protection within supplier network: Other
• Other protection within supplier network: Again using multiple tools specifically designed for the customers processes and the architecture we put in place

Availability and resilience

• Guaranteed availability: 99.9% up time excluding agreed maintenance windows
• Approach to resilience: Available on request
• Outage reporting: Email and dashboard alerts

Identity and authentication

• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Al of our user community are subject to role based security
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS
• ISO/IEC 27001 accreditation date: 15/01/2019
• What the ISO/IEC 27001 doesn’t cover: All of our in-house operation is covered by ISO 27001
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO 27001; ISO 27017; regular auditing

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Operational change management listing an MS SharePoint internally designed app and subject to audit.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Regular vulnerability testing
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Utilizing specialist security tools
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our support desk manages a full incident management process

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: By strong security measures

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Under the Amazon, Microsoft and Google company operating guides

Pricing

• Price: £1,000 a person a day
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Requirements gathering and initial design

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF