Bridgeway Security Solutions

Bridge Host & Bridge Manage: Co-managed MobileIron service, hosted in secure datacentre

Bridgeway is proud to offer a unique co-managed, fully-hosted MobileIron service. This service includes our own IronWorks reporting solution to evidence project success, our Bridge Train for MobileIron administrator and help-desk training, and our market-leading 24x7 Bridge Support service for peace of mind. UK hosted, supported and data residency.

Features

  • MobileIron hosting in PSN, N3 and HSCN connected secure datacentre
  • Support, hosting and training all delivered from within the UK
  • Only UK Authorised Training Partner (ATP) for MobileIron
  • Service credits, administrator training and MobileIron reporting included
  • Mobility project key performance indicator (KPI) charting
  • Automated, scheduled emailed PDF reports aligned to line-of-business
  • Comprehensive trend analysis and charting of your mobility project
  • Compliance reporting for GDPR, ISO27001, IG Toolkit and PSN CoCo
  • Daily MobileIron security health-check and operational dashboard
  • Integrated MobileIron licence tracking and efficiency calculator

Benefits

  • Data residency and secure interconnections for UK public sector
  • Key delivery personnel vetted to SC, DV available via sponsorship
  • Maximise the value and the capabilities of your MobileIron investment
  • Only MobileIron true one-stop-shop hosting provider in UK
  • Measure, track and evidence the success of your MobileIron project
  • Disseminate bespoke MobileIron reports directly to team leaders
  • Complete and consistent historical MobileIron information for mobility project reporting
  • Evidence your continuous improvement towards reaching and maintaining compliance
  • Identify potential mobility project issues before they become a problem
  • Save money by identifying optimum MobileIron licensing model and split

Pricing

£20 to £32 per person per year

Service documents

G-Cloud 11

591045051646863

Bridgeway Security Solutions

Jason Holloway

01223 979 090

g-cloud@bridgeway.co.uk

Service scope

Service scope
Service constraints Bridge Host is bound by current published and supported MobileIron virtual machine specifications, for which guidance is available as part of the service.
IronWorks integrates via API calls with MobileIron deployments.
Mobility projects that do not use MobileIron as the security MDM/EMM/UEM are not supported at present.
One training course candidate place included per annum, any additional candidates at usual training course cost.
System requirements
  • MobileIron Core v9.1 or greater for integration
  • A local user with (read-only) API roles on MobileIron
  • A modern web browser and internet connection
  • An email address for delivery of optional emailed PDF reports
  • Any relevant and current MobileIron service requirements (available on request)
  • MobileIron licences are transferred, or purchased as part of service

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Tickets are assigned a priority level, which may be altered during the lifecycle of the ticket, but always based on agreement between the customer and our support team. A P1 (mission critical) priority level has a 1 hour first response time. A P5 (information) priority level, has a first response time of 48 hours.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Our Bridge Support services are flexible: we can augment your existing support arrangements, or provide a complete outsourced support function. Bridge Host includes full 24x7 Bridge Support tickets and/or onsite consultancy visits, which would consume a pre-agreed number of service credits. Additional service credits available in different pricing bands, if so required.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Bridge Host includes the migration (lift-and-shift) of an existing MobileIron deployment, or the creation of a brand new instance, according to customer's needs.
Part of this set-up service also includes a health-check and consultancy work to address the most serious and pressing identified challenges. All such consultancy work to take place under jointly-agreed Statements of Work (SoWs) and implementation plans.
Bridge Host also includes one administrator training course (Bridge Train) candidate place per annum. Bridge Train courses take place regularly in Cambridge, on the dates published on our website.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Backups of the live MobileIron servers can be extracted through the GUI. Full device fleet details can be obtained via API and/or CSV export. Devices can be backed up (if policy allows).
IronWorks users can request data extraction upon which we would create and share a copy of their underlying database data.
End-of-contract process At the end of the term, the customer is welcome to renew their contract and the service would continue. Alternatively, if the customer verifies in writing their preference not to continue, their account and associated data are deleted.

Using the service

Using the service
Web browser interface Yes
Using the web interface Customers can access the MobileIron management and administration portal via web interface. All the MobileIron administration functions are available, except for the System Manager portal, which is reserved for Bridge Host operations team.
Customers can also access IronWorks for reporting and configuration needs.
Web interface accessibility standard None or don’t know
How the web interface is accessible No testing has been carried out.
Web interface accessibility testing No testing has been carried out.
API Yes
What users can and can't do using the API MobileIron API provides programatic access to a whole host of device control and reporting APIs for integration with other solutions. For organisations looking for augmented operational dashboards, historical trend reporting, management reports and/or compliance reporting, we recommend Bridgeway's IronWorks, which is included in this service.

IronWorks collects data from MobileIron instances through the use of APIs. IronWorks also has APIs available for customer integration of the resulting computed information into existing business intelligence tools (e.g. Power BI and similar). Full documentation of all the available API calls is available and integration consultancy services are available at extra cost.
API automation tools Other
Other API automation tools IronWorks
API documentation Yes
API documentation formats
  • HTML
  • PDF
Command line interface No

Scaling

Scaling
Scaling available Yes
Scaling type
  • Automatic
  • Manual
Independence of resources MobileIron instances are architected with reasonable project growth in mind, so as not to become resource bound. VM and infrastructure performance are monitored by the Bridge Host team at Bridgeway, to ensure service availability and responsiveness.
IronWorks was designed and developed with scalability, availability and confidentiality in mind. Built with NodeJS and on Docker containers, the solution is self-healing and self-managing through the use of Kops and Kubernetes for enterprise- and carrier-grade deployment, with reliability and scaling configurations automatically ensuring a smooth customer experience.
Usage notifications Yes
Usage reporting
  • API
  • Email
  • Other

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types Other
Other metrics
  • Number of managed devices, users, applications, etc.
  • Compliance and non-compliance status and reasons
  • Number and lists of active and inactive users
  • OS and application versions and usage splits
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold MobileIron

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach Security vetting of consultancy personnel (SC and NPPV3 by default, other vetting options available upon request). ISO27001 approved datacentre. Documented processes and internal policies. Physical and electronic security systems and controls. Encryption of data at rest (AES-256). Role-based access controls of personnel data access. GDPR-ready data handling processes, policies and user training.
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • MobileIron backup and recovery tools are used for daily backups
  • IronWorks database is backed up as part of the service
Backup controls Different backup and storage arrangements are available on request. A charge may be incurred by alternate arrangements.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Supplier controls the whole backup schedule
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network SSH

Availability and resilience

Availability and resilience
Guaranteed availability Service part-refund for non-performance. SLAs determined by chosen option, customer need and mutual agreement. Current MobileIron technical support SLAs are covered here: https://www.mobileiron.com/en/legal/support-maintenance-SaaS-products
Bridgeway's support SLAs for Bridge Support are listed here: https://www.bridgeway.co.uk/services/support-services
Approach to resilience Bridge Host resilience available on request.
IronWorks resilience: Location and configuration of the service components are tracked and monitored through existing AWS, Kubernetes and Kops tools. Changes to the service are discussed internally at initial design, during development and before implementation. Security changes are discussed amongst a wider group, including the consultancy team and SMT to identify any weaknesses before implementation
Outage reporting Email alerts and customer ingest logs/dashboards track service outages (whether these are IronWorks or MobileIron outages or those on hosting equipment).

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Access restricted by Role Based Access Control (RBAC). Devices authenticate with centrally managed (and issued) digital certificates. 2FA and SAML SSO available.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards Cyber Essentials currently, but moving to ISO27001 compliance in 2019.
Information security policies and processes We follow ISO27001 and industry best-practice, with a few additional bespoke controls and policies of our own. Contact details and reporting structure available on request.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Location and configuration of the service components are tracked and monitored through existing service management, Kubernetes and Kops tools. Changes to the service are discussed internally through change advisory board process at initial design, during development and before implementation. Security changes are discussed amongst a wider group, including the consultancy team and SMT to identify any weaknesses before implementation.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Bridgeway monitor numerous security sources to remain abreast of the latest threats and attacks. Risks are assessed, prioritised and alerted to relevant personnel so that remedial action can be planned, change control process applied, and systematically implemented
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Bridgeway's own approach available on request. Integration with customer's GPG-13 compliant protective monitoring service also available. Please contact us for further details and pricing.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Available on request

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used VMware
How shared infrastructure is kept separate Independent instances run in dedicated VMs, ensuring segregation of data. For sensitive data, we would use a single, i.e. dedicated, VM per host server instead - this may incur an additional charge.

Energy efficiency

Energy efficiency
Energy-efficient datacentres No

Pricing

Pricing
Price £20 to £32 per person per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Full service, but time-limited and without on-boarding service.
Link to free trial https://www.bridgeway.co.uk/bridgehost-trial

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑