QBit Kloud Limited

SaaS

The Alibaba offering currently delivers more than 2,000 SaaS services to clients across the globe, and the partnership with QBit Kloud offers customers in the UK access to these offerings, any many more SaaS services which are in development.

Features

  • Proactive Monitoring
  • DDOS Mitigation enabled by default
  • 24/7 Service Desk
  • Automatic ticketing system
  • Scalability
  • Privileged Access Management
  • Geo Load-Balancing
  • Globally Connected DC Backbone
  • Dedicated Private Tunnels between DC's & Customer Premises
  • Local Architecture Consulting Services

Benefits

  • Service Level Guarantees - 99.95%+
  • Data reliability
  • High Availability
  • Easy set-up - start an instance in minutes
  • Ease of access to services - Web, API, SSH, CLI
  • Low latency, robust private connectivity between DC's / on premises
  • RBAC Capabilities across stack
  • 1-click back-up
  • Web Application Firewalls - mitigates risk and reduces attack surface
  • Single Pane of Glass - Centralised Monitoring & Management Platform

Pricing

£0.001 per gigabyte per hour

Service documents

G-Cloud 9

574876930255589

QBit Kloud Limited

Tony Boyle

0203 882 0545

tony.boyle@qbitkloud.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Planned and preventive maintenance windows within SLA.
System requirements Windows, macOS or Linux OS is required

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times Response is dependant on criticality of incident raised, and ranges between 36hours for low priority issues / questions, to 15 minutes for critical issues - all of which are dependant on the service support tier purchased
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels We provide 3 levels of support to customers, including: Basic - 5x8 Local Business hours, 3 x tickets p/qtr maximum, includes technical customer manager, <36 hours response times. Cost: £Free Business - 24/7 coverage, includes Cloud Support Engineer, <40min Response times for critical issues, Ticket based contact, limited to 4 Unavailability tickets during contract period. Cost: 10% of monthly usage for £0–£700 7% of monthly usage for £700–£5,600 5% of monthly usage for £5,600–£17,500 3% of monthly usage for over £17,500 Enterprise - 24/7 coverage, includes Dedicated Cloud Expert, <15min Response times for critical issues, Ticket, IM & Phone contact, unlimited ticketing during contract Cost: 10% of monthly usage for £0–£80k 7% of monthly usage for £80k–£260k 5% of monthly usage for £260k–£500k 3% of monthly usage for over £500k
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Online tutorials and start guides are available for all users free of charge, dedicated onsite training is available at a cost, and a forum also provides access to other user groups for information sharing and knowledge transfer
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction The data is free for copy and transfer out when the contract ends. There is no data lock-in applied to any of the contracts.
End-of-contract process Prior to contract expiration, every customer is notified in a timely manner and given notice to either extend or migrate services to another provider. There is a 15 day retention period post contract expiration where the workloads / services are kept in a suspended state, and either renewed and re-enabled, or deleted. During that 15 day period, the customer has an opportunity to migrate data / services to another provider or back on-premises.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The mobile service provides web portal and console accessing.

The look and feel will fit the mobile layout.
Accessibility standards WCAG 2.0 A
Accessibility testing No audio and video accessibility support.
API Yes
What users can and can't do using the API With the Alibaba Cloud being web-based, the vast majority of services offered can be procured, set-up, configured, monitored and / or cancelled via the API, albeit there will be some sizing limitations which may require customer contact centre involvement. The only exception is: Express Connect - dedicated tunnel, to and from DC's and to customer premises or x-border connectivity This service may require the customer to contact their own Network / ISP and the Alibaba Customer Service centre, in order to set up the necessary physical and virtual connections needed for Express Connect to work.
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The limits and thresholds can be customised.

The users can raise tickets to do so.

The users have contacted Alibaba Cloud or partners, verified to be a legit requirement.

Scaling

Scaling
Independence of resources The combined pool of resources available in the Alibaba Cloud not only provides sufficient capacity for auto-scaling requirements (with N+1 and over 60% headroom across all services), but this is constantly monitored and resources are increased on a monthly basis to retain that same level of headroom.

Analytics

Analytics
Service usage metrics Yes
Metrics types The CPU, RAM, Network and IOPS utilisation.
The progress and relevant metrics.
Reporting types
  • API access
  • Regular reports

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold Alibaba Cloud

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Using our API they can export the data.
Data export formats
  • CSV
  • Other
Other data export formats
  • RAW
  • Original format
  • ASCII
  • BIN
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • RAW
  • BIN

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Full SLA list: https://intl.aliyun.com/help/faq-list/42389.htm Take ECS (Elastic Compute Service, virtual machine) as an example: 1. Availability: 99.95%. 2. Service Credit Claim: * 10%: if the monthly uptime is less than 99.95%, but equal or higher than 99%. * 30%: if the monthly uptime is less than 99%.
Approach to resilience The Alibaba Cloud vulnerability management team is responsible for identifying, tracing, finding and fixing security vulnerabilities. We utilize a vulnerability scoring system to categorize and prioritize vulnerability fixing. Alibaba Cloud also keeps contact with members of security research communities and reviews reports about external vulnerabilities.

Alibaba Cloud has established a security event management platform for security event reporting, status and notifications. In addition to security events, significant cloud failures will also be managed through this platform. Our security team will record and manage the events in order of priority by severity, with events that directly impact customers assigned the highest priority. Post- event analysis and review is performed to prevent reoccurrence of similar events.
Outage reporting Outages are reported to customers via e-mail alerting to the designated client contacts, and there will also be a notification on the Website.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Full Resource Access Management utilising RBAC standards is in use across the infrastructure, which restricts in-authorised access to interfaces and support channels
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Less than 1 month
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for Less than 1 month

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 05/11/2012
What the ISO/IEC 27001 doesn’t cover New products released after the last revision of the certification are not covered, e.g. Resource Orchestration Service. New locations after the last revision of the certification. We have all the current regions covered. Future regions will be certified with BSI's renew schedule.
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date 09/03/2015
CSA STAR certification level Level 3: CSA STAR Certification
What the CSA STAR doesn’t cover New products released after the last revision of the certification are not covered, e.g. Resource Orchestration Service. New locations after the last revision of the certification. We have all the current regions covered. Future regions will be certified with BSI's renew schedule.
PCI certification Yes
Who accredited the PCI DSS certification Atsec Information Technology
PCI DSS accreditation date 02/06/2016
What the PCI DSS doesn’t cover The new products released after the certification are not covered, .e.g. Resource Orchestration Service.
Other security accreditations Yes
Any other security accreditations
  • DJCP
  • TRUCS
  • CNAS
  • SOC 1/2/3
  • MPAA
  • HIPAA
  • MTCS Level-3
  • BDSG
  • ENISA through CSA CCM
  • TRUSTe

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes Consult the Pro's - but needs to ensure that we outline basic procedures of ISO27011 etc.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Established policies for change control and configuration management. A change control system is utilized to initiate and approve change requests. The applicant is required to specify change type, risk level, risk description, change reason, change plan, rollback plan, and validation method in the application form. Additional approval from management must be obtained prior to migration of emergency changes. configuration baseline standards that specify baseline requirements for physical servers, operating systems, database management systems, network devices and virtual images. Configuration baseline standards are reviewed and updated at least annually.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach The Alibaba Cloud vulnerability management team is responsible for identifying, tracing, finding and fixing security vulnerabilities. We utilize a vulnerability scoring system to categorize and prioritize vulnerability fixing. Alibaba Cloud also keeps contact with members of security research communities and reviews reports about external vulnerabilities.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach The vulnerability management team is responsible for identifying, tracing, finding and fixing security vulnerabilities. We utilize a vulnerability scoring system to categorize and prioritize vulnerability fixing, keep contact with members of security research communities and reviews reports about external vulnerabilities. An established security event management platform for security event reporting, status, and notifications. Significant cloud failures will also be managed through this platform. Our security team will record and manage the events in order of priority by severity, with events that directly impact customers assigned the highest priority. Post-event analysis and review is performed to prevent reoccurrence of similar events.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Alibaba Cloud has established a security event management platform for security event reporting, status and notifications. In addition to security events, significant cloud failures will also be managed through this platform. Our security team will record and manage the events in order of priority by severity, with events that directly impact customers assigned the highest priority. Post- event analysis and review is performed to prevent reoccurrence of similar events. Alibaba Cloud notifies customers, media and the public of security incidents through the Alibaba Cloud's international website and other forums. Customers can report incidents through our ticket system.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £0.001 per gigabyte per hour
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Terms and conditions document View uploaded document
Return to top ↑