Somerford Associates Limited

Cyxtera and AppGate SDP

AppGate SDP is a new approach to security. It secures the network with a Software - De ned Perimeter – a network security model that dynamically creates one-to-one network connections between the user and the resources they access. Everything else is invisible including the system itself.


  • Enterprise, hybrid or full multi-cloud deployable
  • Full functionality of Software- Defined Perimeter specifications
  • Full interoperability with the security and cloud stack via API’s
  • Enterprise scalability, reflexivity, agility, performance and availability
  • Enterprise class security
  • Distributed architecture spanning multiple infrastructures
  • Simple yet highly customisable policies
  • Enterprise integration with AWS, Azure and VMWare
  • Network agnostic
  • Single, centralized logging of all authorized application traffic


  • Enforce “Zero Trust” model consistently at network and application level
  • Attack surfaces by 95% on average
  • Responds and reacts to security incidents in real-time
  • Non-authorized services and resources completely hidden
  • Simplified Compliance
  • Automation and simplification of Business Process Management tasks
  • Automated creation and enforcement of access rules based on user
  • Manage access to on-premises private cloud, and remote public cloud
  • Dynamic access driven by user and service attributes.
  • Reduces cost, complexity and effort for configuring privileged access


£40 to £100 per user per year

Service documents


G-Cloud 11

Service ID

4 3 1 5 7 9 9 1 5 7 2 6 5 7 0


Somerford Associates Limited

Penny Harrison

+44 1793 698 047

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
AppGate can interact via API's with most existing security infrastructure componants such as firewalls, IPS and SEIM environments as well as enterprise incident ticketing systems.
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
No - Solution is typically a software deployment into hypervisors.
System requirements
  • The physical machines come with AppGate pre installed.
  • OR Virtual: 2 CPU, 8-12 GB Memory, 20GB Storage
  • OR Amazon Web Services - Min 12GB Memory
  • OR Microsoft Azure - Min 12GB Memory

User support

Email or online ticketing support
Email or online ticketing
Support response times
Production Down - 4 hours or less
High Severity Issue - 8 hours or less
Medium Severity Issue - 2 Business days or less
Low Severity - 3 Business days or less
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
Our Service Desk provides support for P1 to P4 where a part of the software, appliance or license was previously working and is not working as expected or at all.

If an issue requires a level of Professional Services to engage, a member of the support team will discuss with your Account Manager to discuss this further.

Service Desk offer support through several channels, including telephone, e-mail and remote sessions where appropriate. Any employee of our entitled customers can raise a support desk ticket via telephone or e-mail with their company e-mail address. This will be logged and assigned to an engineer who will respond within 1 business hour.

Somerford resolve 80% of service desk tickets without requiring the involvement of our Partners. Where Partner involvement is required, we will advise you on this the process. Wherever possible, we will manage your service desk case with our Partners.

Our service desk is available between 9am and 5pm Monday to Friday, excluding Bank Holidays. Our service desk will provide support for existing Customers and companies that are engaged in Proof of Concepts.

All our customers have a Technical Account Manager.
Support available to third parties

Onboarding and offboarding

Getting started
A comprehenisive training programme is available, as is consultancy services to assist in the implementation.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Configuration and logs can be saved locally
End-of-contract process
On expiry the licenses will cease to be active. An additional temporary license can be issued to allow for a transition.

Using the service

Web browser interface
Application to install
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices
Differences between the mobile and desktop service
No differences.
Service interface
What users can and can't do using the API
Users can interegate 3rd party systems (for example a ticketing system) users can automate the updating of access rules based on alerts to/from other systems such as firewalls or IPS. Users can interface with SIEM & log services. Cyxtera provide a set of the Controller APIs written in OpenApi v3 format.
API documentation
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Customisation available
Description of customisation
The system is fully configurable to allow users to granularly allocate permissions and set user access privileges on a dynamic real-time basis.


Independence of resources
Can be configured to auto-scale in virtual & cloud environments.


Service usage metrics
Metrics types
Available in the logs as standard - usage statistics, time, date, resource accessed by user. Attempts not permitted etc. fully customisable so almost any metric can be recorded.
Reporting types
API access


Supplier type
Reseller providing extra support
Organisation whose services are being resold
AppGate Cryptzone

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
Protecting data at rest
Other data at rest protection approach
We do not store data at rest
Data sanitisation process
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Only configuration data is held in the system. This can be backed-up by the users.
Data export formats
Other data export formats
Secure proprietary back-up file
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
Other protection between networks
Data protection within supplier network
Other protection within supplier network

Availability and resilience

Guaranteed availability
We are not a service. Our solution can be deployed with full distributed architecture, loadbalancing and failover.
Approach to resilience
Fully distributed & load-balancing available as standard in the product.
Outage reporting
Interface by API to ticketing systems eg: whats-up gold

Identity and authentication

User authentication needed
User authentication
Other user authentication
Authentication is user defined, by any atribute available. This can include (but not limited to); 2-factor authentication, OTP, location, device, time of day, group policy, security state of device (patch-level, AV status etc.)
Access restrictions in management interfaces and support channels
Management interface is fully distributable, meaning that administration to specific aspects/functions can be apportioned by individuals responsibility.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Appgate sits in the network of the buyer or the infrastructure of their chosen cloud provider, Configuration and change management is the responsibility of the buyer or their supplier.
Vulnerability management type
Vulnerability management approach
AppGate sits within the infrastructure of the buyer or their chosen cloud service provider and therefore they control their vulnerability management process. However we have a robust process for monitoring, reporting & resolving threats to the AppGate platform. We also utilise single-packet-authorisation, meaning that our gateways are effectively invisible to common exploits.
Protective monitoring type
Protective monitoring approach
AppGate sits in the infrastructure of the buyer or their chosen cloud service provider and therefore protective monitoring is the responsibility of the buyer or their supplier
Incident management type
Incident management approach
AppGate sits within the infrastructure of the buyer or their chosen cloud service provider and therefore incident management policy and approach is the responsibility of the buyer or their cloud service provider

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£40 to £100 per user per year
Discount for educational organisations
Free trial available
Description of free trial
Fully functioned but time limited
Link to free trial

Service documents

Return to top ↑