Blue Cube Security Ltd
AWS and Azure Workload Migration
Assisting our customers set up a secure AWS environment and migrate their workloads to this in planned and well executed manner using the skills of our Cynergy (Brand Name) delivery team.
Features
- Well planned hosting
- Secure Environment
Benefits
- Stress free migration
- Scaleable architecture
Pricing
£1,000 a person a day
- Education pricing available
- Free trial available
Service documents
Framework
G-Cloud 12
Service ID
2 9 8 8 6 9 2 2 0 9 7 9 0 0 7
Contact
Blue Cube Security Ltd
Operational Admin Support
Telephone: 0345 0943070
Email: operations@bluecubesecurity.com
Service scope
- Service constraints
- None 24/7/365 service with Blue Cube providing support to match
- System requirements
-
- A suitable workload
- A design concept for the end user experience
User support
- Email or online ticketing support
- Yes, at extra cost
- Support response times
- SLA's can be designed to suit customer requirement
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AAA
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Yes, at an extra cost
- Web chat support availability
- 24 hours, 7 days a week
- Web chat support accessibility standard
- WCAG 2.1 AAA
- Web chat accessibility testing
- All of our web chat services are tested regularly and we do this to ensure suitable compliance
- Onsite support
- Yes, at extra cost
- Support levels
-
SLA's designed to suit customer requirement
On site costs vary depending on timing and skill set
We can provide both TAM and CSE
Costs vary between £600 - £1800 per day - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- We start with a requirements gathering and then set up test situations to pilot the requirement thereafter we scale up and secure to suit.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- They download it from secure S3 storage
- End-of-contract process
- Subject to contract agreement we will normally include the downloading and transfer of data to the client but we will not transfer the environment.
Using the service
- Web browser interface
- Yes
- Using the web interface
- The web interface on AWS allows complete control
- Web interface accessibility standard
- WCAG 2.1 AAA
- Web interface accessibility testing
- None
- API
- Yes
- What users can and can't do using the API
- Subject to architectural design
- API automation tools
-
- Ansible
- Chef
- OpenStack
- SaltStack
- Terraform
- Puppet
- API documentation
- No
- Command line interface
- No
Scaling
- Scaling available
- Yes
- Scaling type
-
- Automatic
- Manual
- Independence of resources
- Both of our environment providers are super scale providers
- Usage notifications
- Yes
- Usage reporting
-
- SMS
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- HTTP request and response status
- Memory
- Network
- Number of active instances
- Reporting types
- Real-time dashboards
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- AWS, MS Azure, Oracle Cloud, Google Cloud
Staff security
- Staff security clearance
- Conforms to BS7858:2012
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- Files
- Databases
- Backup controls
- By contract agreement
- Datacentre setup
- Multiple datacentres with disaster recovery
- Scheduling backups
- Users schedule backups through a web interface
- Backup recovery
-
- Users can recover backups themselves, for example through a web interface
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
- Other
- Other protection between networks
- Multiple methods available but as a security professional we will utilise the best process for the customer and their budget
- Data protection within supplier network
- Other
- Other protection within supplier network
- Again using multiple tools specifically designed for the customers processes and the architecture we put in place
Availability and resilience
- Guaranteed availability
- 99.9% up time excluding agreed maintenance windows
- Approach to resilience
- Available on request
- Outage reporting
- Email and dashboard alerts
Identity and authentication
- User authentication
- 2-factor authentication
- Access restrictions in management interfaces and support channels
- Al of our user community are subject to role based security
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
- 2-factor authentication
- Devices users manage the service through
-
- Dedicated device on a segregated network (providers own provision)
- Dedicated device on a government network (for example PSN)
- Dedicated device over multiple services or networks
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users receive audit information on a regular basis
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- QMS
- ISO/IEC 27001 accreditation date
- 15/01/2019
- What the ISO/IEC 27001 doesn’t cover
- All of our in-house operation is covered by ISO 27001
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- Yes
- Any other security certifications
- Cyber Essentials
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
ISO 27001
ISO 27017
regular auditing
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- Operational change management listing an MS SharePoint internally designed app and subject to audit.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- Regular vulnerability testing
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- Utilizing specialist security tools
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- Our support desk manages a full incident management process
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Supplier
- Virtualisation technologies used
- VMware
- How shared infrastructure is kept separate
- By strong security measures
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
- Under the Amazon, Microsoft and Google company operating guides
Pricing
- Price
- £1,000 a person a day
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- Requirements gathering and initial design