Cloud Application Container (Droplet Computing)

Droplet Computing enables IT Departments to take existing applications and place them into an environment that is decoupled from the native OS, making the applications portable. Applications no longer have a dependency on the underlying OS, and can then be delivered to ANY DEVICE via a browser online or offline.


  • Decouple applications from underlying hardware and operating system.
  • Securely deliver legacy applications onto newer hardware and OS.
  • Access applications on any device or chipset via the browser.
  • Work both online or offline on any device.
  • Safe sandbox environment making apps invisible to the underlying OS
  • Applications are delivered in their native format on any device.
  • Remove your applications dependency around the Operating System.
  • Remove the dependency on the chipset (x86 and ARM)
  • Remove the dependency around being Internet connected
  • One users license can be installed on upto 3 devices


  • Run legacy or bespoke applications on any device or chipset.
  • Remove the vulnerability of running applications on an unsupported OS
  • Choice of devices Windows, Android, Chrome or MacOs.
  • Same look and feel to applications whatever device.
  • Remove the high costs associated with running legacy applications.
  • Provide users with offline or online access to their applications
  • Droplet containers run on a simple web server plus storage.
  • Run both Windows and Linux applications on the same device.
  • Applications sync when a user reconnects to the internet.
  • Real time statistics on what applications are used.


£3.97 to £6.18 per user per month

Service documents

G-Cloud 10



Andrew Cruickshank

01506 460 300

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints End point device needs to have the capacity to run applications installed.
System requirements
  • A Windows Server for Droplet Containers delivery
  • Enough Storage to run your applications
  • Droplet Containers run on x86 and ARM devices
  • Browser must support Web Assembly
  • Browsers supported Firefoxv52 - Chromev60 - Edgev16 or Safariv11

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Severity 1 (Critical Service Incident) - Within 15 mins
Severity 2 (Critical Service Incident) - Within 1 hour
Severity 3 (Non-Critical Service Incident) - Within 4hours
Severity 4 (Minor Support Request) - Within 8 hours
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Our support teams are available Monday to Friday, 9am-5pm, with 24/7 availability to log incidents.

Effective Account Management plays a central and fundamental part in the successful delivery of services to Capito’s customers. Capito has a unique account management structure that consists of:

• Business Development Manager
• Account Manager
• Internal Account Manager
• Pre-Sales
• Sales Support
• Bid Management
• Service Deliver Manager

The Capito structure allows for good management, with no single point of failure and frequent customer contact
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Capito will provide users with onsite training as part of our service deliverables.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Data resides on the customers endpoint devices at all times
End-of-contract process Costs included cover your end user licensing and support costs for the term of the contract.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices Yes
Differences between the mobile and desktop service No difference applications are delivered natively as normally accessed via a desktop.
Accessibility standards None or don’t know
Description of accessibility Cloud service available through browser and customers can be provided with front end interface
Accessibility testing N/A
What users can and can't do using the API Can be used by IT Admins to automate delivery and configuration of containers
API documentation No
API sandbox or test environment No
Customisation available No


Independence of resources Capito provision the Droplet Computing Service at the network edge from our highly available data centre infrastructure.

Each Data Centre is fully powered, secure, resilient and newly equipped to handle the demands of future computing trends such as high density computing, virtualisation, energy conservation, distributed storage and multi site disaster recovery. Offering a total of 7,000 m² of advanced Data Centre technology in 8 major UK cities, we are not hindered by lack of space, legacy operating systems or practices.


Service usage metrics Yes
Metrics types Capito will provide regular monthly billing based on the number of users who have consumed the service
Reporting types
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Droplet Computing

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach N/A data resides on endpoint devices at all times
Data export formats Other
Other data export formats N/A
Data import formats Other
Other data import formats N/A

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Capito will ensure 100% uptime for Cloud Hosting Platform services as monitored by Capito systems, in line with industry best practice.

Only a Cloud Hosting Platform activated by a Customer at the time of a failure will be covered by this SLA.

Should a Cloud Hosting Platform fall below the 100% uptime, Capito will work with the Customer and use all commercially reasonable endeavours to recover the Cloud Hosting Platform and any associated data.
Approach to resilience Regular testing and maintenance of infrastructure and the N+1 policy applied to data centres provides the basis of continuity controls.

This is enhanced by the provision of multiple communication routes and the replication of the network infrastructure across Data Centres.

The Data Centres are also located outside flight paths, flood plains, have no seismic threat, and are a minimum of 3km outside sites who could pose a potential accident or hazardous threat (as governed by HSE). Therefore, in the event of any given location being lost, the primary impact would be on office facilities, but with 6 UK Offices and 10 UK Data Centres providing hosting services and support, this impact is limited and mitigated with standing arrangements to relocate staff to the nearest site.
Outage reporting Email Alerts & SMS

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Access to all service interfaces (for consumers and providers) is constrained to authenticated and authorised individuals.

Remote management access is authenticated and directly associated to authorised individuals rather than group accounts.

All managed systems monitored and access logged and tracked for auditing purposes
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 20/04/2016
What the ISO/IEC 27001 doesn’t cover **
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Capito's adheres to the Security Classification Definitions as described in the Government Security Classifications Policy (GSCP). This is outlined and defined in the Quality Manual and forms part of Capito's overall integrated management system, which consists of UKAS / APMG / NCSC accredited systems. Notably; ISO 27001:2013 Information Security Management; ISO 20000-1:2011 IT Service Management; ISO 9001:2015 Quality Management; ISO 14001:2015 Environmental Management. All are regularly audited for compliance by an accredited certifying body. These standards require Capito to have robust controls in place to manage data, documents and records. Displaying evidence that Capito has appropriate and measured controls in place to manage OFFICIAL information that if lost, stolen or published in the media could have more damaging consequences (for individuals, an organisation or government generally).

All data centres have been independently assessed on a number of occasions by local authorities and UK Government Departments, Senior Information Risk Owner’s (SIRO) as suitable for holding and processing their sensitive information to OFFICIAL level.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Our change management processes are in line with ISO27001 control A.12.2 Controlled mechanism for making changes to the operational environment are in place.
Vulnerability management type Undisclosed
Vulnerability management approach Capito vulnerability management process is aligned with ISO27001:2013 control A12.6.1 which addresses 3 key areas:

• Timely identification of vulnerabilities
• Assessment of or exposure to a vulnerability
• Defined measures to address the risk
Protective monitoring type Undisclosed
Protective monitoring approach Capito Protective Monitoring process is aligned with ISO27001:2013 control A.12.4 which details:

• Event Logging
• Protection of log information
• Admin & operator logs
• Clock synchronisation
• Incident Management
Incident management type Undisclosed
Incident management approach Capito incident management process is aligned with ISO27001:2013 control A.16.1 which details:

• The full incident management procedure
• Responsibilities & procedures
• Assessment of and decision on security events
• Response process
• Evidence collection
• Learning from incidents

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £3.97 to £6.18 per user per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial * Full Droplet container license
* Unlimited applications can be installed and tested
* Optional virtual or physical Web Server
* Normally 30 days period
Link to free trial


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑