CYBERLAB CONSULTING LTD

Cloud Backup for Microsoft 365

Cyberlab's backup solution for Microsoft 365 provides an automated, secure backup of Microsoft 365 data (Exchange, OneDrive and SharePoint). Client data is encrypted in transit and at rest, stored in AWS London. Granular restore functionality with advanced search.

Features

  • Automated Backup of Exchange, OneDrive and SharePoint
  • SaaS - no software to install
  • Granular search and restore functionality
  • 7 year retention for Exchange
  • 1 year retention for OneDrive and SharePoint
  • Encrypted in transit and at rest
  • Full mailbox/account restore
  • Ongoing support
  • Cloud to Cloud Backup
  • Up to six daily backups

Benefits

  • Fast to deploy with virtually no setup required
  • New features are added regularly as Office 365 evolves
  • Reduce time-to-restore with fast search or point-in-time restore
  • Choice of AWS datacenter
  • Fully inclusive pricing - no unexpected costs
  • Backup of Microsoft 365 in an automated, simplified way

Pricing

£2.25 to £2.50 a user a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ryan.bradbury@cyberlab.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

5 4 8 6 2 4 8 0 0 7 4 4 3 6 2

Contact

CYBERLAB CONSULTING LTD Ryan Bradbury
Telephone: 0333 050 8120
Email: ryan.bradbury@cyberlab.co.uk

Service scope

Software add-on or extension
Yes
What software services is the service an extension to
Microsoft 365
Cloud deployment model
Public cloud
Service constraints
None
System requirements
Must be using Microsoft 365

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within two business hours
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 A
Web chat accessibility testing
Cyberlab conducts extensive Quality Assurance before any release, and follows industry best practices for Accessibility. For further details, contact Cyberlab.
Onsite support
Yes, at extra cost
Support levels
Monday - Friday 08:00-18:00 as standard, extended support hours are possible at an additional cost depending on how much you extend the hours by.
Help Desk and Technical account manager is part of the support service.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Once an order is agreed and accepted, the designated account manager will send a welcome email containing platform credentials. The install process is very simplistic with only Microsoft 365 administrative permissions being required. Documentation is available online.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
If the client wishes to change to a different backup provider, the first step is for the client to file a request to leave. Next, an End of Contract date is agreed. Cyberlab would stop the backup on the agreed termination date, all data would be deleted and a final invoice would be sent.
End-of-contract process
The customers' backups would be stopped on the termination date and all data would be deleted.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
None
Service interface
Yes
Description of service interface
Users access services via https://platform.365fortress.com/. Users have access to available functions through our GUI based on their permissions or role.
Accessibility standards
WCAG 2.1 A
Accessibility testing
This service complies with common accessibility guidelines
API
No
Customisation available
No

Scaling

Independence of resources
Resources such as storage and network are reserved for individual customers to ensure customers are not affected by another user on the same platform.

Analytics

Service usage metrics
Yes
Metrics types
The dashboard displays activity metrics including; job history, protected users, storage consumption and the job queue.

Data can also be sent as scheduled email reports.
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Solarwinds

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Data can be restored, data would not be exported.
Data export formats
Other
Other data export formats
Data can be restored, data would not be exported.
Data import formats
Other
Other data import formats
No import is required

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We offer a 99.95% service availability guarantee
Approach to resilience
It is built upon AWS architecture which has this design concept in mind.
Outage reporting
Portal notifications with additional direct communication when appropriate.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Changes to the fully-managed service are performed on request by named buyer contacts after identification security checks have passed.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • Cyber Essentials
  • Cyber Essentials Plus
  • IASME Governance Gold

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
IASME Governance Gold
Information security policies and processes
As part of our IASME Governance Gold accreditation we have a robust set of InfoSec policies in place including (but not limited to):

Security Policy
Business Continuity Plan
Acceptable Use Policy
Access and Network Access Control Policy
Risk Management Policy

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
A change management process is in place in line with our IASME Gold accreditation for better communication and planning. The process includes Impact Analysis, Implementation Plan, Rollout Plan, Backout Plan, and Review notes.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Vendor security vulnerability notifications including Microsoft Security Bulletins are utilised to establish software risks. Patching windows are identified and applied at least once a month, unless a critical vulnerability has been identified which is being actively exploited, at which point provision for patching will be made immediately.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Accounts are actively monitored and alerts generated for suspicious behaviour. Potential compromises are assessed for severity and impact and an appropriate response is taken.
Incident management type
Supplier-defined controls
Incident management approach
We have a Security Incident Tracker to monitor the assets affected, the impact of the incident, root cause analysis and a lessons learned statement.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£2.25 to £2.50 a user a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Free 30 day trial available with no feature limitations
Link to free trial
https://www.cyberlab.co.uk/backuptrial

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ryan.bradbury@cyberlab.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.