Ensono Ltd

Ensono Cloud Infrastructure

The Ensono Cloud virtual infrastructure platform is designed for the hosting of business critical applications in the public sector. Ensono Cloud is a fully managed infrastructure platform with 24x365 monitoring. Ensono Cloud Deployment service provides provisioning services for public sector clients wishing to consume the Lot1 Ensono Cloud Infrastructure service.

Features

  • Deployment & configuration of platform
  • Deployment & configuration of operating systems and supported applications
  • Deployment & configuration of underlying network and security services
  • 24x365 operating system and supported applications monitoring and management
  • Managed backup and restoration services

Benefits

  • Managed provisioning services for public sector clients
  • Simple and complex deployment and configuration scenarios managed
  • UK delivered provisioning and configuration services

Pricing

£100 per instance per month

Service documents

G-Cloud 10

480128858722235

Ensono Ltd

Commercial Services

01784 211 100

EnsonoUKCommercialServices@ensono.com

Service scope

Service scope
Service constraints Per Microsoft's publically published Azure service description.
System requirements
  • To be used with Ensono Azure Deployment Service
  • To be used with Ensono Azure Service Management

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Ensono aim to respond within 24 hours. However, if Incident base, this would be in line with Ensono's standard SLAs:
P1 - 15 minutes
P2 - 4 hours
P3 - 24 hours
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support No
Support levels This service is sold in conjunction with Ensono Cloud Deployment Services and Ensono Managed Server Instances. Service Levels are defined within these services.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Ensono provides a defined design engagement, which facilitates the high level and low level design of the Ensono Cloud solution. These are available in the Ensono Cloud Deployment Services. Additionally, Clients can go on and have a fully managed Ensono Cloud solution using Ensono's Managed Server Instances.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction As part of our standard contracts, service decommissioning is included. If a Client wishes Ensono to provide a copy of their data on decommissioning of service, this will be scoped as a stand alone project, and may incur additional charges (e.g., for media).
End-of-contract process This particular service would be decommissioned, or the Client has the option to renew.

Using the service

Using the service
Web browser interface Yes
Using the web interface Users can have access to the Ensono Portal, with delegated Administration rights, to provision and consume Ensono Cloud services.
Web interface accessibility standard None or don’t know
How the web interface is accessible Core virtual server provisioning configuration on Ensono Cloud is exposed through the Ensono portal. Once provisioned and with suitable connectivity the client can directly access virtual servers after their provisioning is completed. The web portal also provides access to service reports and other information published regarding the service procured from Ensono.
Web interface accessibility testing None
API No
Command line interface No

Scaling

Scaling
Scaling available Yes
Scaling type Manual
Independence of resources Customer environments are logically segregated to prevent users and customers from accessing resources not assigned to them. Services which provide virtualized operational environments to customers (e.g., Ensono Cloud compute and storage) ensure that customers are segregated via security management processes/controls at the network and hypervisor level. Ensono's storage platform delivers IOPS guarantees that ensures user performance is delivered. Ensono continuously monitors service usage and capacity to ensure infrastructure provision meets availability commitments and capacity requirements.
Usage notifications Yes
Usage reporting Other

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency Never
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach Ensono Cloud provides these controls, including physical access controls, complying with a wide range of security standards and offering additional encryption capabilities where desired by a Client.
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up Available only for Managed Server Instances
Backup controls This is managed by Ensono, to a backup policy agreed with the Client at the time of provisioning.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network VLAN separation

Availability and resilience

Availability and resilience
Guaranteed availability 99.99% availability SLA, with Ensono managing the service credit process.
Approach to resilience Highly available platform, no single points of failure, designed to run business critical applications. Further information available on request
Outage reporting The Ensono portal and in the event of service affecting outages, Ensono contacts the Client.

Identity and authentication

Identity and authentication
User authentication Other
Other user authentication This is based on Client requirements, we are able to provide all the above methods. Some may incur an additional charge and require that the Client takes Ensono Cloud Deployment Services.
Access restrictions in management interfaces and support channels Ensono have processes in place to authenticate named users from Client organisations. Role-based access control is used to segregate access to services to Client's approved users.
Access restriction testing frequency Never
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Devices users manage the service through Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information No audit information available
Access to supplier activity audit information No audit information available
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 25/03/2016
What the ISO/IEC 27001 doesn’t cover Ensono's ISO certification covers all business functions in the UK and Wales only.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification NCC Group
PCI DSS accreditation date 10/10/2017
What the PCI DSS doesn’t cover Ensono are compliant with Sections 9 & 12 only.
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Ensono maintains certification to ISO/IEC 27001:2013 as its approach to Information Security Management as part of Information Security Management System (ISMS). As part of the ISMS, Ensono shall:
•Define and maintain an inventory of all information assets, and supporting assets, which the security of the information assets depend
•Perform regular risk assessments of those information assets, and their supporting assets, to ascertain level of business risk, as per the Ensono Risk Assessment Guide
•Put in place controls to reduce identified risks to acceptable levels, taking account the criticality and value of information and costs involved, as per the Ensono Risk Assessment Guide
•Provide a rolling education programme to all personnel within Ensono, covering importance of information security, and individuals responsibility to adhere to information security related policies, processes and procedures.
•Provide a tool for the prompt reporting of actual or potential security incidents, and resources to promptly evaluate and act upon such incidents
•Continually monitor, review and improve ISMS by undertaking regular reviews, audits and other activities, and take prompt action in response to the findings
•Adopt ISO/IEC 27001:2013 as the approach to Information Security Management, and utilise the Control Objectives of ISO/IEC 27002:2013 for controlling risk

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach The objective of Change Management is to ensure that changes are recorded, evaluated, authorised, prioritised, planned, tested, implemented, documented and reviewed in a controlled manner, utilising the ITIL framework to ensure good practice.

To minimise the risk of impact of change related incidents and to record and communicate the changes that are made
Vulnerability management type Supplier-defined controls
Vulnerability management approach Vulnerabilities are identified using Ensono’s Vulnerability Assessment Tool, which collects and collates data from trusted external sources (e.g. Secunia). These are reviewed by a Subject Matter Expert and assigned a patch rating (Critical, High, Medium, Low, or Not Applicable). An Emergency Vulnerability Assessment Board (VAB) is convened immediately to discuss Critical risk vulnerabilities, otherwise VAB meets on a monthly basis. Affected Clients are identified and a summary of the vulnerability is sent to these Clients. Out-of-band patching schedules may be created for critical vulnerabilities; high, medium and low risk vulnerabilities will be rolled into the quarterly patching cycle.
Protective monitoring type Supplier-defined controls
Protective monitoring approach •File integrity monitoring, alerting and incident resolution - The pre-configured FIM report show any file changes on a daily basis
•Registry integrity monitoring, alerting and incident resolution - as part of default monitoring.
•Security log alerting from security appliances and incident resolution - Ensono create alerts and incident resolution.
•Behaviour anomaly detection, investigation and incident resolution through manual report assessment.
•Alerting - Ensono create alerts and incident resolution.
SIEM is vastly used within ‘Ensono Management Environment’ If Client has subscribed to Log Management (SIEM) services then all the mentioned alerting and more can be provided to client.
Incident management type Supplier-defined controls
Incident management approach Ensono has a predefined Incident Management process, which includes activities from incident notification and logging, classification and escalation, investigation and diagnosis, through to resolution, recovery and incident closure. Ensono’s standard approach is at a VM level is primarily agent based through NetIQ, which reports back to our monitoring platform. This includes many standard metrics including, CPU, Memory, Disk. For all of these there are standard thresholds configured which can be changed on client request. If any of these was to exceed these thresholds for a certain amount of time then a ticket would automatically be raised in support works system.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used VMware
How shared infrastructure is kept separate Ensono Cloud utilises software defined networking for complete segregation of clients into their own logical networks. Each client is provided with their own virtual datacentre providing a wide range of networking and security options.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £100 per instance per month
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Terms and conditions document View uploaded document
Return to top ↑