Arecibo Hosting

WhiteSpider hosts and manages your critical infrastructure at a UK-located tier-3 data centre offering a range of ‘as-a-service’ solutions backed up with industry-leading SLAs and world-class support.


  • Cisco ACI-Anywhere; we host and manage your ACI controller
  • BackUp-as-a-Service; remotely back up data and applications
  • Disaster Recovery-as-a-Service; we’ll mirror your IT estate
  • WAN as a Service: hosting and managing your WAN/SD-WAN
  • Wireless-as-a-Service: hosting and managing your Wireless controller
  • Desktop-as-a-Service; we manage your virtual desktop estate
  • SDAccess as a Service: managing your Software Defined Enterprise Network


  • Reduced cost of operations through centralised control of all devices
  • Greater agility through automated deployment of services
  • Improved visibility of end-to-end infrastructure


£25 per instance per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 10



Jonny Malcolm



Service scope

Service scope
Service constraints No known constraints
System requirements None

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Depending on priority, anytime between 15 minutes and next business day.
The response also depends on the business requirements of the customer
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Service levels include:
1. 8*5 Weekday support
2. 24*7 Support
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Predominantly the service is managed by WhiteSpider, but users have direct access. Training is also provided either face-to-face of online.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Users have full, unrestricted access to their data so can extract it whenever they need.
End-of-contract process Each customer contract is defined individually so will include all the services that the customer requires. There is no additional cost

Using the service

Using the service
Web browser interface No
Command line interface No


Scaling available No
Independence of resources All hosted services are load balanced across all tiers in a multi-tenanted environment.
Usage notifications Yes
Usage reporting Email


Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • Memory
  • Number of active instances
Reporting types Regular reports


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • User data and files
  • Virtual Machines
Backup controls The backups are defined on the service level that the customer purchases. This can include a different schedule for each service, but the customer cannot change this themselves. Any changes have to be performed by WhiteSpider
Datacentre setup Single datacentre with multiple copies
Scheduling backups Users contact the support team to schedule backups
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Services are hosted in a Tier 3 Data centre for hardware and environmental resilience.
From a service perspective all tiers are redundant and load balanced.
Approach to resilience Available on request
Outage reporting A public dashboard and email alerts.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels The service utilised standard Role Based Access Control
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password
Devices users manage the service through Dedicated device over multiple services or networks

Audit information for users

Audit information for users
Access to user activity audit information You control when users can access audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach The approach to security for the service includes:
- Defining appropriate Role Based Access controls to the system
- Continually monitoring for potential cyber threats and implementing safeguards
- Maintaining secure environment and processes for handling customer data
- Ensuring software development follows appropriate standards and testing
Information security policies and processes The following processes are in place to ensure appropriate security is maintained:
Documentation and Software
- Document control: Managing storage and revision of all documentation
- Approvals: Defined approval process for all documentation and software revisions
- Code Development: Processes for managing the development and release of software code
Customer Data
- Access control: Ensure that users have appropriate access for their role to customer data
- Physical Security: Employees are appropriately checked prior to being given access. The Premises are secured, with full CCTV and visitors escorted in the premises

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach The process ensures changes are undertaken by an expert with appropriate level of expertise and experience who understands the impact. The change board consists of:
a. At least one WhiteSpider individual
b. At least) one customer individual.
2. The CAB will have a weekly approval meeting
3. Change requests include:
a. Summary and Priority of change
b. Expected impact, including risk assessment and security impact
c. Time required
d. Devices and people involved
e. Details of changes to production environment.
f. Escalation process
g. Testing details
Change details are stored on a shared environment for access by customer and WhiteSpider
Vulnerability management type Supplier-defined controls
Vulnerability management approach We determine potential threats through subscribing to relevant organisations to receive vulnerability alerts and information. Examples include Cisco's PSIRTs and VMWare Knowledge Base

Any potential threats are assessed to determine criticallity and likely impact

Customer alerts are then created, along with appropriate corrective action

Relevant patches are then applied, following any necessary change process.

Updates are issued when the corrective action is completed.
Protective monitoring type Supplier-defined controls
Protective monitoring approach The services is supported by IDS and IPS at a network level with advanced firewall capabilities at the perimeter, and process monitoring at a compute level.
Incidents are responded to according to the customer specific SLAs for the service.
Incident management type Supplier-defined controls
Incident management approach Incidents are detected and reported either by WhiteSpider's monitoring service (alerts issued automatically) or by end-users who report by phone, email or web portal.
Alerts are issued to the service desk, allocated a priority and impact and passed onto the relevant support teams.
Depending on SLAs, allocated priority and complexity, the incident may be passed to 3rd line support. Escalation process are followed if the issue is not resolved as SLA thresholds are reached.
Once resolved, tickets are closed, customer informed and - if required - detailed incident reports creat-d and either emailed to customer or presented in person.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used VMware
How shared infrastructure is kept separate The service uses VMWare DRS and Resource Groups

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes


Price £25 per instance per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Users have full access to all services for a limited time period (typically 30 days)

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑