Softcat Limited

Phoenix

Phoenix is a SaaS service which allows organisations to backup and protect their file, database and Vm data, such as Vmware, SQL or NAS utilising the cloud. Customers are able to configure, administer and manage their backup estate utilising a single cloud based console.

Features

  • Cloud based dashboard & reporting platform
  • Global deduplication of data across multiple sources
  • Tiering of data for Long term retention within cloud
  • Backup and Recovery of diverse data sources
  • VMware File level recovery
  • Saas Consumption pricing model
  • Multi-site administration from cloud dashboard
  • On premise data caching
  • Cloud Disaster Recovery

Benefits

  • Compliance to data legislation (PCI-DSS,GDPR,HIPAA,PII)
  • Cost effective data protection for all data sources
  • Long-term data Retention across all data sources
  • Source-side global deduplication for more efficient data backup
  • Enterprise grade security protects all data in transit
  • Self-service user data restore portal
  • Enterprise integration and deployment capabilities
  • Data replication between 3 data centres

Pricing

£98.40 a terabyte

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at psitq@softcat.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

3 1 1 9 7 1 9 0 0 6 1 0 9 0 1

Contact

Softcat Limited Charles Harrison
Telephone: 01612725766
Email: psitq@softcat.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Service maintenance is carried out at a defined schedule for this service
System requirements
  • Viable internet connection
  • For cloud cache, availability of on-premise VM

User support

Email or online ticketing support
Email or online ticketing
Support response times
Business critical offered as standard with priority of response set by customer. Critical having 1 hour initial, high 2 hours, medium 4 hours and low 8 hours. We offer premium support (at a cost) with critical being 30 mins, high 1 hour, medium 2 hours, and low 4 hours
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Yes, at an extra cost
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
N/a
Web chat accessibility testing
N/a
Onsite support
Yes, at extra cost
Support levels
Business critical offered as standard with priority of response set by customer. Critical having 1 hour initial, high 2 hours, medium 4 hours and low 8 hours. We offer premium support (at a cost) with critical being 30 mins, high 1 hour, medium 2 hours, and low 4 hours
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Once the service is activated, we have a Sales engineer, customer success and customer support team all available to assist with successful onboarding. Druva operates a knowledge base portal for help and configuration documentation as well as free online learning videos to assist with service training
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
Users can extract data manually from within the system at any time. An bulk export service is available at an additonal cost
End-of-contract process
All customer data is deleted

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
Yes
Compatible operating systems
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Mobile and tablet devices have a dedicated app available from the appropiate app store whereas the endpoint devices have an appropiate agent available from the management console
Service interface
Yes
Description of service interface
The Druva Cloud Platform is a portal accessed via a web client from any web enabled device. The portal allows access to all elements of the platform from product to support enabling a really simpistic service, giving the user a true SaaS experience.
Accessibility standards
None or don’t know
Description of accessibility
N/A
Accessibility testing
N/A
API
Yes
What users can and can't do using the API
We are able to provide APIs for Audit trail, file server, NAS, CloudCache, Organization, Storage, VMware and Alerts.

Please see following link to see documentation outlining all requirements:
https://developer.druva.com/reference
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Customer can add their own co-branding to the service

Scaling

Independence of resources
The service is scalable using Amazon AWS Compute and Storage for all Servers, allowing it to use further resources as and when necessary. No further customer investment in additional technologies is necessary to ensure scalability of the service- this is included in the service per user cost

Analytics

Service usage metrics
Yes
Metrics types
Service availability,
deduplication rates,
successful backups,
successful restores,
Active users,
license allocation,
growth rates.
Not limited to the above and many more available
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller (no extras)
Organisation whose services are being resold
Druva

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can extract data manually from within the system at any time. An bulk export service is available at an additonal cost
Data export formats
Other
Other data export formats
Original format of data
Data import formats
Other
Other data import formats
Original format of data

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We provide an SLA of 99.5% uptime and 99.99999% Customer Data durability
Approach to resilience
The cloud instance for the customer is alwalys replicated between 3 physically different data centres as part of the Amazon AWS availability zone feature. In the case of access being not availabile from 1 datacentre, the customers instance will be instantly available from 1 of the 2 further datacentres.
Outage reporting
Outages of the system availability or the storage component are communicated to all assigned administrators within a cloud instance via email as well as via the Support Portal. An online dashboard also reports instance of global outages

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Users and management are seperated and controlled with separate authentication portals
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Details can be provided upon request
ISO/IEC 27001 accreditation date
Details can be provided upon request
What the ISO/IEC 27001 doesn’t cover
Details can be provided upon request
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Undergo an annual SOC 2 Type 2 and HIPAA audit
Information security policies and processes
"Druva's security program is based on NIST 800-53, documented policies include:
Access Control Policy
Audit and Accountability Policy
Awareness Training Policy
Clear Desk Policy
Configuration Management Policy
Contingency Planning Policy
Identification and Authentication Policy
Information Security Policy
Information Technology Policy
Media Protection Policy
Personnel Security Policy
Physical & Environmental Security Policy
Position Designation Policy
Risk Assessment Policy
Secure Development (SDLC) Policy
Security Planning Policy
Server Security Policy
System Acquisition Policy
System & Information Integrity Policy
System Maintenance Policy
Vendor Management Policy
Wireless Communication Policy
Business Continuity Plan"

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Any changes are controlled under project management
Vulnerability management type
Undisclosed
Vulnerability management approach
Druva identifies vulnerabilities through a variety of sources that include internal scans and externally reported vulnerabilities. Druva tracks all vulnerabilities and identifies their criticality based on the CVSS standard. Druva targets to fix high risk vulnerabilities in 30 days, moderate risk vulnerabilities in 90 days and low risk vulnerabilities within 365 days.
Protective monitoring type
Undisclosed
Protective monitoring approach
"Druva's Cloud Operations team monitors the services on a 24x7x365 basis. Systems are monitored with host based intrusion detection and AWS activity logging that is centralized in Druva's logging infrastructure.

Customers will be notified of identified security incidents within 48 hours of discovery."
Incident management type
Undisclosed
Incident management approach
Druva has a documented Incident Response Plan that includes steps to respond to security incidents including identification, investigation, response, mitigation, customer notification, and root cause analysis.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£98.40 a terabyte
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Free trial available with all functionality available for up to 1 month
Link to free trial
Available through engagement with Druva team

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at psitq@softcat.com. Tell them what format you need. It will help if you say what assistive technology you use.