Just After Midnight

Azure Cloud Consultancy

Audits, reviews, assessments and recommendations through to full design and provisioning of your Azure environment and management/support services. We can help start or optimise your Cloud journey and work independently of or collaboratively with your in-house team.

Features

  • Azure experts
  • Specialist Managed Cloud Consulting
  • Infrastructure review/design
  • Third-party licensing and security provisioning
  • IAAS, PAAS or Hybrid
  • 24/7 availability with our global team
  • Migration planning and support
  • Code and content author/editor support
  • CMS website hosting specialisms
  • 24 Hr Incident Management - “Eyes on” up-time monitoring

Benefits

  • Cloud experts offering independent advice and support
  • Collaborative approach with your team
  • Security first approach to projects
  • Available 24/7 with dedicated cloud consultants and account managers
  • Services include recommendations for security and third-party products
  • Fully managed to reduce client staff overheads
  • Web platform experts on hand to offer the best advice
  • Best solution devised for client specific needs
  • Each customer has their own infrastructure - no shared services
  • Ongoing optimisation and management services available

Pricing

£600 to £760 per person per day

  • Education pricing available

Service documents

G-Cloud 11

572612310541056

Just After Midnight

Sam Booth

02032909247

info@justaftermidnight247.com

Service scope

Service scope
Service constraints Standard cloud hosting constraints.
System requirements Not applicable.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times For consultancy services, this may depend on if it is an urgent request or providing some information. Emails are usually responded to same day and tickets, if used as part of the project to generate higher urgency are usually acknowledged within 15 minutes.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Onsite support
Support levels Cloud consultancy is a highly individualised service at Just After Midnight. Rather than offering service levels, we will tailor our timescales and team effort to the needs of the client.
Consultancy services are usually on a fixed fee basis and can range from assessment and recommendations through to full architecture design and build. The requirements and size of the project will dictate the costs.
To progress beyond the consultancy element:
We can manage pre-agreed hosting contracts, or supply, manage and support the cloud service on your behalf. We also provide a selection of add-ons, including critical support requests such as out-of-hours deployments and infrastructure related service requests.
Due to this, costing differs from case to case, and options will vary from percentages to fixed fees.
Every client will be given a dedicated technical account manager and cloud support engineer who will work with them to consult on your cloud approach, design a detailed architecture (IaaS, PaaS or FaaS) and perform all the necessary processes to get your solution up and running.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Just After Midnight engages with clients to do a full scoping exercise. We find out the background, issues, any constraints and concerns and what a client wants and needs to achieve. We agree access levels to enable us to review and potentially optimise the setup and agree what form of recommendations / reporting is required. Just After Midnight also works together with client teams and offers ad hoc training as required.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction This needs to be requested from Just After Midnight (following notification of termination of contract if prior to end of contract) and can be provided in any format as required. If there are server-side applications then the content and data will be transferred in the most appropriate method agreed eg, encrypted disk, via SFTP or other. This happens within 7 days of the request unless the hosting is being transferred and this is not required as they would own it.
End-of-contract process Most consultancy contracts are fixed term with fixed deliverables and we generally provide reports/recommendations on our findings which we prefer to present face to face or via video/teleconference. No notice period is required to end a contract on its completion date and a sign off for deliverables and contract completion will be issued to the client. Any materials or code owned by the client and have been in use by JAM will be returned/destroyed as instructed.

Using the service

Using the service
Web browser interface No
API Yes
What users can and can't do using the API The code can be used to integrate it. Limitations are that it is predefined and has parameters and variables which cannot be edited.
API automation tools
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
  • Other
Other API automation tools ARM Templates
API documentation Yes
API documentation formats PDF
Command line interface Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
Using the command line interface This is not really relevant to this service, but may be downloaded and used to access servers/hosting environment.

Scaling

Scaling
Scaling available Yes
Scaling type
  • Automatic
  • Manual
Independence of resources Each client will have highly personalised needs.
Once onboarded with Just After Midnight, you will be supported by a dedicated member of our support team whose expertise best suit your needs. They will personally work with you to ensure that your needs are understood and addressed and help guide you towards the best options for your business. This ensures each client receives the individualised service we pride ourselves on. In addition, Just After Midnight is a growing business and taking on new people as and when needed as our client base expands to ensure that all clients are properly serviced.
Usage notifications Yes
Usage reporting
  • Email
  • Other

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
  • Automated scripts failure reports
  • Uptime (if agreed and set up to be measured)
  • Page Load (if agreed and set up to be measured)
  • Traffic (if agreed and set up to be measured)
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold Cloud hosting including AWS and Azure, CDN and SSL

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Files
  • Google Docs
  • Databases
  • Cold Repositories
  • Scripts
  • Proof of Concept environments
  • All data backed up is encrypted
  • Email and Tickets raised
Backup controls Backups for elements of a consultancy service tend to be limited to documentation - which if using a common version such as Google Docs is version controlled and backed up constantly. Scheduled backup of a proof of concept can be set up on a request basis. This and any other specific requirements can be discussed during the scoping exercise and agreed with the client. The retention policy will be defined by the client as to their individual requirements.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users contact the support team to schedule backups
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability For consultancy services, we are available as standard during business hours though we may handover to our Singapore or Australia offices to continue working to a tight deadline. We have teams available 24/7 to answer queries and SLAs are negotiable. Standard SLAs on provision of service will back to back with Azure, which offers 99.99% on the server level. The availability and SLAs for Just After Midnight will depend on the service required but SLAs are available and our usual response time to tickets raised is within 15 minutes.
Approach to resilience This information is available on request.
Outage reporting Outage reporting is not usually needed whilst Just After Midnight is consulting on Azure Cloud services with the client. It will however, be offered once the solution has been set up and we begin managing/supporting the hosting. Monitoring is set up to trigger alerts into Just After Midnight's dashboard software as well as raise a ticket in our ticketing system and raise an alert in our critical alerts comms channel. These take the form of an in-house dashboard, APIs from the monitoring software as well as multiple comms channels. Incident reports are created by our team when an outage occurs. This is sent to the client within 24 hours of the incident and details the outage, the actions taken to resolve it and the root cause and recommendations (if known) by Just After Midnight.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication Active Directory is also supported.
Access restrictions in management interfaces and support channels Each user has a role and these are permissions based controlled, whether this is in email, through the interfaces, support channels, servers and all other access channels regardless of how they are authenticated. All methods of authentication are encrypted as data in transit.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Description of management access authentication Authentication process
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 The British Assessment Bureau
ISO/IEC 27001 accreditation date 28/08/2018
What the ISO/IEC 27001 doesn’t cover The certification covers Just After Midnight's information security management and services.
Any third-party tools and services would not be covered.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Cyber Essentials
  • Third party organisations have relevant security certifications.

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes As per ISO 27001 - including:
ISMS
Data Protection Policy
Information Security Policy
Maintaining Security Event and Incident Log
Access Control Policy
Information Transfer Policy

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach We operate a change management process and can adapt this to align with client processes to ensure any changes to scope or other elements are documented and signed off.
Configuration and Changes are subject to risk assessment including security impact and are scheduling for regular review. Approval from the technical director and senior management team as appropriate. Our processes align with ISO 27001
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Just after Midnight has anti-virus and malware protection, which are updated to the latest versions along with regular patching of OS levels. We are also subscribed to live feeds informing of vulnerabilities to keep up to date with any potential issues. We have an emergency process to address and deal with any breaches including our internal senior management team and client communication where appropriate. Our in-house engineers address and manage any emergency fixes.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Just After Midnight uses proactive and reactive methods. Our systems are protected by anti-virus and 2fa encryption. Logs are regularly reviewed and monitoring tools are set up to trigger alerts in the case of anything performing outside of expected parameters including potential Ransomware/malware attacks. As our teams work 24/7 then any potential compromise is reacted to within minutes. Dependent upon the incident, it is rectified eg by rolling back to a "safe version" and additional protective measures put in place. If appropriate, relevant clients/third parties contacted. We also subscribe to a number of feeds that inform us of new threats.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Our incident managers provide 24/7 'eyes on' monitoring to all applications and websites. We use decision trees which are agreed with the client during onboarding to guide our incident managers through the correct processes and procedures to respond to a query, alert, or incident. They are hosted on our internal platform 'Mission Control.' Our 24/7 monitoring ensures that in most cases, we are aware of incidents before you. Should you notice an issue before us, there is a dedicated support email and phone number to contact us 24/7.
Incident reports are issued summarising incident, root cause and recommendations where appropriate.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes
Description of energy efficient datacentres We use cloud hosting rather than on-premise datacentres. Studies have shown that Cloud hosting is significantly more energy efficient than traditional datacentres.
We predominantly use Azure and AWS. Azure states that "For localized deployments, Microsoft Cloud is between 79 to 93% more energy efficient than a traditional on-premise datacenter". Also, that accounting for renewable energy, carbon emissions from Azure Compute are 92-98% lower than a traditional on-premise datacenter" and AWS which states that "customers only need 16% of the power as compared to on-premises infrastructure. This represents an 84% reduction in the amount of power required." and "Combining the fraction of energy required with a less carbon-intense power mix, customers can end up with a reduction in carbon emissions of 88% by moving to the cloud and AWS."

Pricing

Pricing
Price £600 to £760 per person per day
Discount for educational organisations Yes
Free trial available No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑