Secura Hosting Ltd

Azure Control

Azure Control can help you maximise the benefits of Microsoft’s Azure cloud services, with an expert and certified team building and managing secure infrastructure that delivers your hosting objectives and
realises a strong return on your investment. Azure Control makes Azure as simple as possible, with expert guidance end-to-end.

Features

  • Expert, certified Azure infrastructure design and deployment
  • Easily bolt-on advanced cloud security features
  • Comprehensive management: Region and VM management, patching and updates
  • UK-based, Azure certified 24 / 7 support
  • Streamlined billing direct with Secura
  • Robust disaster recovery and backup options available

Benefits

  • Maximise your Azure investment with expert management
  • ISO 20000 accredited, UK-based support available 24 / 7
  • Expert design, deployment and management of Azure platforms
  • Simplify the Azure billing process - deal direct with Secura
  • Add fully managed DR, backup and advanced security features

Pricing

£0.2 per virtual machine per hour

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

5 2 6 4 1 5 0 9 6 3 1 3 7 0 7

Contact

Secura Hosting Ltd

Neal Wilkinson

0207 183 2540

neal@secura.cloud

Service scope

Service constraints
Secura's occasional maintenance windows for Virtual Machines under management are conducted out of core business hours and the Secura service desk team will notify customers by email in advance. For emergency maintenance they will provide a minimum of 48 hours notice and for standard changes, seven days notice. Microsoft periodically performs updates to improve the reliability, performance and security of the host infrastructure for virtual machines on Azure. Microsoft will communicate any maintenance periods in advance: https://blogs.technet.microsoft.com/andrewallen/2017/12/18/focus-on-azure-planned-maintenance/. The customer is responsible for complying with the Microsoft Azure client agreement and acceptable usage rights. View this on the Microsoft website: https://azure.microsoft.com/en-gb/support/legal/subscription-agreement/
System requirements
The latest web browser: Microsoft Edge, IE, Safari, Chrome, Firefox

User support

Email or online ticketing support
Email or online ticketing
Support response times
Support response times are based on the priority of the incident or request, defined by the customer when submitting the ticket. Priority 1 - Response within 30 minutes - Target fix within 4 hours. Priority 2 - Response within 2 hours - Target fix within 12 hours. Priority 3 - Response within 4 hours - Target fix within 5 Business Days. Priority 4 - Response within 1 Business Day - Target fix within 20 Business Days. Weekend response times are the same. Details on priority classification can be read in the Azure Control Terms and Conditions document.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
A number of support levels are available to customers on Azure Control depending on their requirements.

Monitored, managed and custom support levels are available and this additional support includes the monitoring and management of a range of operating systems, services, databases, security devices and full technology stacks installed on Azure.

Full details of all support available can be found in the G-Cloud 11 Pricing Document.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
As part of the engagement process, Secura work with the customer on an initial migration or setup plan which will detail the key objectives to smoothly on-board the customer, including any initial knowledge transfer required.

Secura do not offer formal training but customer assistance is available online via the service desk and onsite visits are available at additional cost.

Full service documentation is provided to the customer once they have accepted the service and it is officially handed over.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Data can be exported from different Azure services using the relevant methods provided by Azure that are appropriate to that particular service. The Secura team can advise the customer on these methods if required, as part of the off-boarding process. Subscription access can also be transferred to another managed service providers via the Azure portal.
End-of-contract process
Secura are committed to ensuring that customers receive the same level of service throughout their entire time as a customer.

Once a termination date has been agreed between Secura and the customer, (please refer to the Terms and Conditions Document which will detail termination terms depending on circumstance) the customer may request support for the following off-boarding activities: Migration to another service provider, data backup of discontinued services.

This list is not exhaustive and Secura will support the customer as reasonably required to off-board the service as effectively as possible.

Using the service

Web browser interface
Yes
Using the web interface
Management of customer's Azure platforms is conducted via the Azure portal at: https://portal.azure.com/. Customers have full access to setup and can make changes to their Azure platform and network infrastructure through this management interface.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
The Microsoft Azure portal conforms to WCAG 2.0 standards and a full conformance statement from Microsoft can be downloaded in Word format from their website at: https://cloudblogs.microsoft.com/industry-blog/government/2016/08/05/wcag-2-0-reports-for-microsoft-products/.
Web interface accessibility testing
None.
API
Yes
What users can and can't do using the API
Azure is compatible with REST API which allows users to perform the complete range of operations that are available to users via the web portal interface. A full list of the operations available in Azure via the REST API are available on the Microsoft website: https://docs.microsoft.com/en-us/rest/api/azure/.
API automation tools
  • Ansible
  • Chef
  • Terraform
  • Puppet
  • Other
API documentation
No
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface
Users can access their Azure platform on the command line using Azure Command-Line Interface (CLI). For full details of how to install Azure CLI, its supported installation platforms and the operations and commands available via this interface, please visit the official Microsoft CLI web page at: https://docs.microsoft.com/en-us/cli/azure/?view=azure-cli-latest.

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
Azure customers can choose specific virtual machine sizes that offer isolated compute resource for those workloads that require it, with storage separated from compute to enable independent scaling, with a range of storage options available based on an application's performance requirements. For full details on how Azure achieves isolation please visit: https://docs.microsoft.com/en-us/azure/storage/common/storage-scalability-targets. For storage details and targets visit: https://docs.microsoft.com/en-us/azure/security/azure-isolation.
Usage notifications
Yes
Usage reporting
  • Email
  • SMS
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Microsoft Azure

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Files
  • Virtual Machines
  • Databases
  • Applications
Backup controls
As part of the service, customers can decide what to back up and when. This process is administered through the Azure interface. This is available as a managed service with optional self-service.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Microsoft offers a range of different SLA guarantees depending on the specific Azure service. However, for Azure Active Directory Basic and Premium services, Microsoft provide a 99.9% availability SLA. For full SLA details on the range of Azure services, please consult the Azure SLA web page here: https://azure.microsoft.com/en-gb/support/legal/sla/
Approach to resilience
Secura can advise on designing solutions to maximise the resiliency options provided by Azure, including resilient solution design options and geo-redundancy across multiple regions. Full details are available on request.
Outage reporting
Secura operate a separate status website and twitter feed to inform customers of potential issues with the platform. Email alerts are also delivered via the service desk. Updates direct from Microsoft are available via: https://azure.microsoft.com/en-gb/status/. Azure subscription holders can also access a personalised status dashboard that provides alerts and guidance when Azure service issues affect their platforms. Full details can be found on the Microsoft website here: https://azure.microsoft.com/en-gb/features/service-health/.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
System level management access is restricted to Secura operations networks only. Per client, level management access can optionally be restricted to specific IP addresses or networks.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
UKAS
ISO/IEC 27001 accreditation date
2014
What the ISO/IEC 27001 doesn’t cover
The ISO 27001 certification covers our whole service.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
We have created policies and processes which are assessed against the compliance requirements of ISO 27001.

These policies and processes are audited annually by an independent audit assessment body.

Full details of all the security policies and processes we have in place are available from us on request.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Secura operates a Configuration Management Database (CMDB) which records the initial introduction of an asset. Furthermore, this CMDB records relationships with other assets, changes, and tags to ensure that the asset is included in relevant updates or policy groups.

Secura operates a change management process in accordance with our ISO 9001, ISO 27001 and ISO 20000 certifications. As part of this process, assessments are made of the risk and impact associated with any change, along with conditions required to mitigate the risks of any approved changes. Full details of our change management process are available on request.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Secura uses a specialist vulnerability monitoring service which continuously monitors our services for vulnerabilities. Secura aims to deploy patches to security related vulnerabilities within one day of the vulnerability being discovered.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Secura uses a specialist Intrusion Detection Service (IDS) which continuously monitors our services for malicious activity. Secura invokes its standard response process in the event of a suspected compromise; the response time target for such an incident is 1 hour.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Secura's incident management process is administered through the service desk as a 'ticket'. This allows customers to log incidents (with an associated priority according to severity) with Secura. Customers are kept updated through the service desk on the incident and are advised when progress is updated or it is resolved. The service desk includes a specific section titled 'Resolution' which records the root cause and fix. The 'ticket' is recorded and archived in the service desk and this 'ticket' forms the incident report. For severe incidents (Priority 1) a separate report is published and delivered to the customer.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
Hyper-V
How shared infrastructure is kept separate
Each Azure Active Directory (AD) is distinct and separate from other Azure AD directories. This architecture isolates customer data and security information meaning customers cannot accidentally or maliciously access data in another customer's directory. For full details of how the Azure platform achieves isolation for customers, visit: https://docs.microsoft.com/en-us/azure/security/azure-isolation

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
The Microsoft Azure cloud achieved carbon neutrality in 2014 with an average 1.125 power usage effectiveness (PUE) for all new data centres. Find out more on the Microsoft website: https://azure.microsoft.com/en-gb/global-infrastructure/.

Pricing

Price
£0.2 per virtual machine per hour
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
We can provide free trials of services on Azure Control. Please contact us for more details.

Service documents

Return to top ↑