Secura Hosting Ltd

Azure Control

Azure Control can help you maximise the benefits of Microsoft’s Azure cloud services, with an expert and certified team building and managing secure infrastructure that delivers your hosting objectives and
realises a strong return on your investment. Azure Control makes Azure as simple as possible, with expert guidance end-to-end.

Features

  • Expert, certified Azure infrastructure design and deployment
  • Easily bolt-on advanced cloud security features
  • Comprehensive management: Region and VM management, patching and updates
  • UK-based, Azure certified 24 / 7 support
  • Streamlined billing direct with Secura
  • Robust disaster recovery and backup options available

Benefits

  • Maximise your Azure investment with expert management
  • ISO 20000 accredited, UK-based support available 24 / 7
  • Expert design, deployment and management of Azure platforms
  • Simplify the Azure billing process - deal direct with Secura
  • Add fully managed DR, backup and advanced security features

Pricing

£0.2 per virtual machine per hour

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 11

526415096313707

Secura Hosting Ltd

Neal Wilkinson

0207 183 2540

neal@secura.cloud

Service scope

Service scope
Service constraints Secura's occasional maintenance windows for Virtual Machines under management are conducted out of core business hours and the Secura service desk team will notify customers by email in advance. For emergency maintenance they will provide a minimum of 48 hours notice and for standard changes, seven days notice. Microsoft periodically performs updates to improve the reliability, performance and security of the host infrastructure for virtual machines on Azure. Microsoft will communicate any maintenance periods in advance: https://blogs.technet.microsoft.com/andrewallen/2017/12/18/focus-on-azure-planned-maintenance/. The customer is responsible for complying with the Microsoft Azure client agreement and acceptable usage rights. View this on the Microsoft website: https://azure.microsoft.com/en-gb/support/legal/subscription-agreement/
System requirements The latest web browser: Microsoft Edge, IE, Safari, Chrome, Firefox

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Support response times are based on the priority of the incident or request, defined by the customer when submitting the ticket. Priority 1 - Response within 30 minutes - Target fix within 4 hours. Priority 2 - Response within 2 hours - Target fix within 12 hours. Priority 3 - Response within 4 hours - Target fix within 5 Business Days. Priority 4 - Response within 1 Business Day - Target fix within 20 Business Days. Weekend response times are the same. Details on priority classification can be read in the Azure Control Terms and Conditions document.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels A number of support levels are available to customers on Azure Control depending on their requirements.

Monitored, managed and custom support levels are available and this additional support includes the monitoring and management of a range of operating systems, services, databases, security devices and full technology stacks installed on Azure.

Full details of all support available can be found in the G-Cloud 11 Pricing Document.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started As part of the engagement process, Secura work with the customer on an initial migration or setup plan which will detail the key objectives to smoothly on-board the customer, including any initial knowledge transfer required.

Secura do not offer formal training but customer assistance is available online via the service desk and onsite visits are available at additional cost.

Full service documentation is provided to the customer once they have accepted the service and it is officially handed over.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Data can be exported from different Azure services using the relevant methods provided by Azure that are appropriate to that particular service. The Secura team can advise the customer on these methods if required, as part of the off-boarding process. Subscription access can also be transferred to another managed service providers via the Azure portal.
End-of-contract process Secura are committed to ensuring that customers receive the same level of service throughout their entire time as a customer.

Once a termination date has been agreed between Secura and the customer, (please refer to the Terms and Conditions Document which will detail termination terms depending on circumstance) the customer may request support for the following off-boarding activities: Migration to another service provider, data backup of discontinued services.

This list is not exhaustive and Secura will support the customer as reasonably required to off-board the service as effectively as possible.

Using the service

Using the service
Web browser interface Yes
Using the web interface Management of customer's Azure platforms is conducted via the Azure portal at: https://portal.azure.com/. Customers have full access to setup and can make changes to their Azure platform and network infrastructure through this management interface.
Web interface accessibility standard None or don’t know
How the web interface is accessible The Microsoft Azure portal conforms to WCAG 2.0 standards and a full conformance statement from Microsoft can be downloaded in Word format from their website at: https://cloudblogs.microsoft.com/industry-blog/government/2016/08/05/wcag-2-0-reports-for-microsoft-products/.
Web interface accessibility testing None.
API Yes
What users can and can't do using the API Azure is compatible with REST API which allows users to perform the complete range of operations that are available to users via the web portal interface. A full list of the operations available in Azure via the REST API are available on the Microsoft website: https://docs.microsoft.com/en-us/rest/api/azure/.
API automation tools
  • Ansible
  • Chef
  • Terraform
  • Puppet
  • Other
API documentation No
Command line interface Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface Users can access their Azure platform on the command line using Azure Command-Line Interface (CLI). For full details of how to install Azure CLI, its supported installation platforms and the operations and commands available via this interface, please visit the official Microsoft CLI web page at: https://docs.microsoft.com/en-us/cli/azure/?view=azure-cli-latest.

Scaling

Scaling
Scaling available Yes
Scaling type
  • Automatic
  • Manual
Independence of resources Azure customers can choose specific virtual machine sizes that offer isolated compute resource for those workloads that require it, with storage separated from compute to enable independent scaling, with a range of storage options available based on an application's performance requirements. For full details on how Azure achieves isolation please visit: https://docs.microsoft.com/en-us/azure/storage/common/storage-scalability-targets. For storage details and targets visit: https://docs.microsoft.com/en-us/azure/security/azure-isolation.
Usage notifications Yes
Usage reporting
  • Email
  • SMS
  • Other

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold Microsoft Azure

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Files
  • Virtual Machines
  • Databases
  • Applications
Backup controls As part of the service, customers can decide what to back up and when. This process is administered through the Azure interface. This is available as a managed service with optional self-service.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users contact the support team to schedule backups
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Microsoft offers a range of different SLA guarantees depending on the specific Azure service. However, for Azure Active Directory Basic and Premium services, Microsoft provide a 99.9% availability SLA. For full SLA details on the range of Azure services, please consult the Azure SLA web page here: https://azure.microsoft.com/en-gb/support/legal/sla/
Approach to resilience Secura can advise on designing solutions to maximise the resiliency options provided by Azure, including resilient solution design options and geo-redundancy across multiple regions. Full details are available on request.
Outage reporting Secura operate a separate status website and twitter feed to inform customers of potential issues with the platform. Email alerts are also delivered via the service desk. Updates direct from Microsoft are available via: https://azure.microsoft.com/en-gb/status/. Azure subscription holders can also access a personalised status dashboard that provides alerts and guidance when Azure service issues affect their platforms. Full details can be found on the Microsoft website here: https://azure.microsoft.com/en-gb/features/service-health/.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels System level management access is restricted to Secura operations networks only. Per client, level management access can optionally be restricted to specific IP addresses or networks.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 UKAS
ISO/IEC 27001 accreditation date 2014
What the ISO/IEC 27001 doesn’t cover The ISO 27001 certification covers our whole service.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We have created policies and processes which are assessed against the compliance requirements of ISO 27001.

These policies and processes are audited annually by an independent audit assessment body.

Full details of all the security policies and processes we have in place are available from us on request.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Secura operates a Configuration Management Database (CMDB) which records the initial introduction of an asset. Furthermore, this CMDB records relationships with other assets, changes, and tags to ensure that the asset is included in relevant updates or policy groups.

Secura operates a change management process in accordance with our ISO 9001, ISO 27001 and ISO 20000 certifications. As part of this process, assessments are made of the risk and impact associated with any change, along with conditions required to mitigate the risks of any approved changes. Full details of our change management process are available on request.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Secura uses a specialist vulnerability monitoring service which continuously monitors our services for vulnerabilities. Secura aims to deploy patches to security related vulnerabilities within one day of the vulnerability being discovered.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Secura uses a specialist Intrusion Detection Service (IDS) which continuously monitors our services for malicious activity. Secura invokes its standard response process in the event of a suspected compromise; the response time target for such an incident is 1 hour.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Secura's incident management process is administered through the service desk as a 'ticket'. This allows customers to log incidents (with an associated priority according to severity) with Secura. Customers are kept updated through the service desk on the incident and are advised when progress is updated or it is resolved. The service desk includes a specific section titled 'Resolution' which records the root cause and fix. The 'ticket' is recorded and archived in the service desk and this 'ticket' forms the incident report. For severe incidents (Priority 1) a separate report is published and delivered to the customer.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used Hyper-V
How shared infrastructure is kept separate Each Azure Active Directory (AD) is distinct and separate from other Azure AD directories. This architecture isolates customer data and security information meaning customers cannot accidentally or maliciously access data in another customer's directory. For full details of how the Azure platform achieves isolation for customers, visit: https://docs.microsoft.com/en-us/azure/security/azure-isolation

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes
Description of energy efficient datacentres The Microsoft Azure cloud achieved carbon neutrality in 2014 with an average 1.125 power usage effectiveness (PUE) for all new data centres. Find out more on the Microsoft website: https://azure.microsoft.com/en-gb/global-infrastructure/.

Pricing

Pricing
Price £0.2 per virtual machine per hour
Discount for educational organisations Yes
Free trial available Yes
Description of free trial We can provide free trials of services on Azure Control. Please contact us for more details.

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑