Somerford Associates Limited

Cyxtera and AppGate SDP

AppGate SDP is a new approach to security. It secures the network with a Software - De ned Perimeter – a network security model that dynamically creates one-to-one network connections between the user and the resources they access. Everything else is invisible including the system itself.


  • Enterprise, hybrid or full multi-cloud deployable
  • Full functionality of Software- Defined Perimeter specifications
  • Full interoperability with the security and cloud stack via API’s
  • Enterprise scalability, reflexivity, agility, performance and availability
  • Enterprise class security
  • Distributed architecture spanning multiple infrastructures
  • Simple yet highly customisable policies
  • Enterprise integration with AWS, Azure and VMWare
  • Network agnostic
  • Single, centralized logging of all authorized application traffic


  • Enforce “Zero Trust” model consistently at network and application level
  • Attack surfaces by 95% on average
  • Responds and reacts to security incidents in real-time
  • Non-authorized services and resources completely hidden
  • Simplified Compliance
  • Automation and simplification of Business Process Management tasks
  • Automated creation and enforcement of access rules based on user
  • Manage access to on-premises private cloud, and remote public cloud
  • Dynamic access driven by user and service attributes.
  • Reduces cost, complexity and effort for configuring privileged access


£40 to £100 per user per year

Service documents

G-Cloud 11


Somerford Associates Limited

Penny Harrison

+44 1793 698 047

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to AppGate can interact via API's with most existing security infrastructure componants such as firewalls, IPS and SEIM environments as well as enterprise incident ticketing systems.
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints No - Solution is typically a software deployment into hypervisors.
System requirements
  • The physical machines come with AppGate pre installed.
  • OR Virtual: 2 CPU, 8-12 GB Memory, 20GB Storage
  • OR Amazon Web Services - Min 12GB Memory
  • OR Microsoft Azure - Min 12GB Memory

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Production Down - 4 hours or less
High Severity Issue - 8 hours or less
Medium Severity Issue - 2 Business days or less
Low Severity - 3 Business days or less
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Our Service Desk provides support for P1 to P4 where a part of the software, appliance or license was previously working and is not working as expected or at all.

If an issue requires a level of Professional Services to engage, a member of the support team will discuss with your Account Manager to discuss this further.

Service Desk offer support through several channels, including telephone, e-mail and remote sessions where appropriate. Any employee of our entitled customers can raise a support desk ticket via telephone or e-mail with their company e-mail address. This will be logged and assigned to an engineer who will respond within 1 business hour.

Somerford resolve 80% of service desk tickets without requiring the involvement of our Partners. Where Partner involvement is required, we will advise you on this the process. Wherever possible, we will manage your service desk case with our Partners.

Our service desk is available between 9am and 5pm Monday to Friday, excluding Bank Holidays. Our service desk will provide support for existing Customers and companies that are engaged in Proof of Concepts.

All our customers have a Technical Account Manager.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started A comprehenisive training programme is available, as is consultancy services to assist in the implementation.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Configuration and logs can be saved locally
End-of-contract process On expiry the licenses will cease to be active. An additional temporary license can be issued to allow for a transition.

Using the service

Using the service
Web browser interface No
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service No differences.
What users can and can't do using the API Users can interegate 3rd party systems (for example a ticketing system) users can automate the updating of access rules based on alerts to/from other systems such as firewalls or IPS. Users can interface with SIEM & log services. Cyxtera provide a set of the Controller APIs written in OpenApi v3 format.
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The system is fully configurable to allow users to granularly allocate permissions and set user access privileges on a dynamic real-time basis.


Independence of resources Can be configured to auto-scale in virtual & cloud environments.


Service usage metrics Yes
Metrics types Available in the logs as standard - usage statistics, time, date, resource accessed by user. Attempts not permitted etc. fully customisable so almost any metric can be recorded.
Reporting types API access


Supplier type Reseller providing extra support
Organisation whose services are being resold AppGate Cryptzone

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency Never
Protecting data at rest Other
Other data at rest protection approach We do not store data at rest
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Only configuration data is held in the system. This can be backed-up by the users.
Data export formats Other
Other data export formats Secure proprietary back-up file
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Other
Other protection between networks N/A
Data protection within supplier network Other
Other protection within supplier network N/A

Availability and resilience

Availability and resilience
Guaranteed availability We are not a service. Our solution can be deployed with full distributed architecture, loadbalancing and failover.
Approach to resilience Fully distributed & load-balancing available as standard in the product.
Outage reporting Interface by API to ticketing systems eg: whats-up gold

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Other
Other user authentication Authentication is user defined, by any atribute available. This can include (but not limited to); 2-factor authentication, OTP, location, device, time of day, group policy, security state of device (patch-level, AV status etc.)
Access restrictions in management interfaces and support channels Management interface is fully distributable, meaning that administration to specific aspects/functions can be apportioned by individuals responsibility.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes ISO27001

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Appgate sits in the network of the buyer or the infrastructure of their chosen cloud provider, Configuration and change management is the responsibility of the buyer or their supplier.
Vulnerability management type Undisclosed
Vulnerability management approach AppGate sits within the infrastructure of the buyer or their chosen cloud service provider and therefore they control their vulnerability management process. However we have a robust process for monitoring, reporting & resolving threats to the AppGate platform. We also utilise single-packet-authorisation, meaning that our gateways are effectively invisible to common exploits.
Protective monitoring type Undisclosed
Protective monitoring approach AppGate sits in the infrastructure of the buyer or their chosen cloud service provider and therefore protective monitoring is the responsibility of the buyer or their supplier
Incident management type Undisclosed
Incident management approach AppGate sits within the infrastructure of the buyer or their chosen cloud service provider and therefore incident management policy and approach is the responsibility of the buyer or their cloud service provider

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £40 to £100 per user per year
Discount for educational organisations No
Free trial available Yes
Description of free trial Fully functioned but time limited
Link to free trial

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑