Vysiion Ltd

Cloud Gateway

A secure transit broker, hybrid cloud connectivity Platform-as-a-Service (PaaS) and alternative to Azure Expressroute. Provides fully managed security suites and secure traffic management across your network, multiple cloud service providers, PSN, HSCN and internet. Available options: Remote Access Service, Web Application Firewall (WAF), Enhanced Security Options, and Consultancy Services.

Features

  • Managed Service: PSN and HSCN accredited connectivity
  • Enhanced encryption management and consultancy services
  • Remote Access Service (RAS) optional enhancement
  • Web Application Firewall (WAF) optional enhancement
  • VeriSM-aligned service model, with up to 24/7/365 support
  • Cloud Connect: Rapid, secure connectivity to any cloud service provider
  • SD-VPN: Intelligent software-defined network provision
  • Firewall-as-a-Service: All traffic is sanitised, monitored and logged
  • Secure Web Gateway: Secure connectivity to the internet
  • Portal: Customisable dashboard for complete visibility, analytics, incident management

Benefits

  • Digital Transformation: Enables blended on-prem/cloud, continuous change
  • Accredited to connect PSN and HSCN environments
  • Enhanced Visibility: A single, timely and accurate source of truth
  • Central Ingress Point: Eliminates shadow IT and duplicate connectivity
  • Responsive Platform: Promotes choice and expedites pace of change
  • Centralised Security Model: Full policy enforcement and visibility
  • Technology Agnostic: Connect via any means (MPLS, internet, 4G/5G, broadband)
  • Vendor Agnostic: Connect to any/many cloud service providers
  • calable and Elastic: No physical hardware constraints
  • Digital Transformation: Enables blended on-prem/cloud, continuous change

Pricing

£8333 per instance per month

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

3 1 8 6 8 7 8 3 6 5 4 5 3 3 3

Contact

Vysiion Ltd

Caroline Andrewes

01249 446500

cloudsales@vysiion.co.uk

Service scope

Service constraints
No constraints. The service operates on a 'bring your own' basis.
System requirements
Any end user deivce capable of IP based connectivity

User support

Email or online ticketing support
Email or online ticketing
Support response times
Bespoke SLAs depending on customer requirement.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Standard support and technical account management under SLAs (Mon-Fri 09:00-17:30 excl bank holidays) is included in the annual fee for the PaaS. Up to 20 small changes per month are included in the standard charge. Additional or complex changes are priced on application, and are charged at the prevailing daily rate.
Enhanced 24/7/365 support is charged at 25% of the Annual Recurring Charge. Ad-hoc consultancy and technical architecture services are charged at the prevailing daily rate.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Having engaged with the customer early in the process to fully understand their requirements, we implement a VeriSM based transition process to produce and provision the service quickly and efficiently. After completing UAT, we can provide training to the customer via a number of methods, depending on what best suits their needs. This could be on-site workship sessions, conference calls, or written documentation. A period of Early Life Support is agreed with the customer, so that we can help the users gain experience in using the service, backed up by an ITIL based support organisation that can continue to provide advice and assistance once go live has passed.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Log information, analytics and anything else that is customer specific can be copied to a repository of the customer’s choice at which point the source data will then be deleted upon confirmation of successful copy/transmission.
End-of-contract process
"The customer has the opportunity to renew the service or cease the contract. If the desire is to cease then the customer has two options;

1 – Turn the service off with immediate effect and billing ceases inside the agreed billing cycle (end of month for example)

2 – Continue operating the service working with the customer and new provider, to an agreed plan, to migrate service. This will be charged at consultative rates as required until such time as Cloud Gateway can be safely turned off"

Using the service

Web browser interface
Yes
Using the web interface
When live service commences, the client receives a dedicated URL to access their own instance of the Cloud Gateway Portal. The Portal delivers reporting and analytics of all network and security events, accessible via a web interface. It allows network administrators and users to control and keep track of real-time network performance as well as being alerted to live incidents on the network. The Portal also provides a ticketing function where helpdesk incidents can be raised, feeding directly to our support team for resolution. Users cannot see or change the rules which govern firewall and security policy, nor can they see logs via the Portal. New functionality and features are added to the Portal regularly to improve user experience.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
N/A
Web interface accessibility testing
None
API
No
Command line interface
No

Scaling

Scaling available
Yes
Scaling type
Automatic
Independence of resources
We enforce customer segregation by using dedicated tenancies. This ensures that their Cloud Gateway service is not affected or shared by other users.
Usage notifications
Yes
Usage reporting
  • Email
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • HTTP request and response status
  • Network
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
6point6

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least every 6 months
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
Yes
What’s backed up
Log files and system configurations
Backup controls
Users do not control backups. All backup and recovery administration is handled by Cloud Gateway as part of our fully managed service.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
IPsec or TLS VPN gateway
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
99.95% service availability. Where any service availability issues arise for connectivity from a user site, service credits will only be applicable to that site. Where any service availability issues arise for connectivity to the internet or cloud hosted providers, service credits will be applicable to all user sites.
Approach to resilience
"Our service is built using overlays inside a resilient cloud architecture. Consequently each component, each set of components, each stack and each full tenancy is designed to be resilient at multiple points. This is achieved in its simplest form by having more than one of each component part available (akin to traditional High Availability), but also by leveraging cloud resilient functions such as Multiple Availability Zones, Multiple Regions, or both.
Outage reporting
Our service sends alerts to our monitoring and engineering teams to inform them of any potential outages. The issues are sanitised to see if they require manual intervention by our team, or whether automatic recovery has occurred. If manual intervention is required then a proactive alert ticket is raised within our service desk portal. Our service desk portal shows tickets that are being worked on and these can be viewed by the client at any time. In addition, e-mail alerts can be created against any incidents relating to an outage, which will then be sent to approved recipients.

Identity and authentication

User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
Access restrictions in management interfaces and support channels
Our service has a robust set of multi-layered security functions at its core. Access to and from any service is managed, maintained and enforced in line with customer approved policy.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
Devices users manage the service through
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
ACM
ISO/IEC 27001 accreditation date
10/07/2016
What the ISO/IEC 27001 doesn’t cover
Nothing
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Vysiion is ISO27001 and Cyber Essentials Plus accredited and has a full suite of associated accredited information security policies that are managed and maintained by our Head of Business Services. We design and implement solutions which meet stringent security requirements and meet current industry standards as well as aligning with customers’ information policies and procedures to ensure we protect our customers’ systems and data from security breaches and cyber attacks. We continually monitor and review our security practices, working closely with officially appointed security advisors and accreditation bodies, and as such are very familiar with current legislation and standards, best-practice guidelines and the approaches required to protect UK government assets. Our employees are security cleared to enable them to deliver services to the highest information security requirements.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We follow ITIL 3 aligned Change and Configuration processes for all changes
All changes to infrastructure and systems are managed through these processes ensuring that standardised methods and procedures are followed for all. The process ensures that all changes are formally assessed, authorised and controlled to minimise any adverse service impact.
Our Change Advisory Board assess and validates all Changes from a business, technical, security and delivery perspective, drawing on subject matter experts when required.
A Forward Schedule of Change is maintained.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Potential threats are assessed through live monitoring and alerting within our platform. This is backed up with vulnerability scan's every 2 weeks across the whole platform to test, track and confirm patches have been deployed while also testing security configurations. We also obtain information from our security vendors directly (subscription and notification emails) RSS feeds. We deploy patches manually or via auto updates into our cloud infrastructure.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We identify potential compromises through live monitoring and alerting on our platform. Our monitoring and alerting rules are based on the AWS CIS Foundations benchmarks with additional controls and alerts for any non AWS infrastructure. These events are sent to our SIEM where alarms are triggered based a set of configured rules. Depending on severity the incident will be addressed immediately or in line with customer agreed change control.
Incident management type
Supplier-defined controls
Incident management approach
We operate under the VeriSM framework, utilising the best of ITIL v4 and DevOps methodologies.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Third-party
Third-party virtualisation provider
Amazon, Microsoft, Fortinet
How shared infrastructure is kept separate
Our service is built on a variety of cloud platforms. It is separated by customer, and each customer has their own dedicated hosting environment, such that no two customers will ever share the same service components.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Cloud Gateway provides on-net connectivity by means of a point of presence in ARK and Equinix data centers, based in the UK.
Equinix data centres meet ISO 50001 Energy Management and ISO 14001 Environmental Management Standards.

Pricing

Price
£8333 per instance per month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Yes: We will provide a free fully dedicated platform with access to one cloud provider of the client's choice, for up to 4 weeks, to test connectivity. If technical consultancy is required, this is chargeable at the prevailing daily rate.

Service documents

Return to top ↑