Computacenter (UK) Ltd

Computacenter - Check Point Cloudguard IaaS AWS

Computacenter provides Check Point CloudGuard for AWS delivering advanced, multi-layered security for AWS cloud environments, protecting cloud assets from attacks whilst enabling secure connectivity from enterprise networks. It is designed for the dynamic security requirements of cloud deployments, whilst providing the same level of protection enjoyed on premises.

Features

  • Stateful inspection firewall, and industry-leading Intrusion Prevention System
  • Antivirus, and Anti-bot protect cloud from malicious attacks
  • Application Control mitigates DDOS attacks, protects cloud services
  • IPSec VPN & Mobile access secures communication to the cloud
  • Data Loss Prevention protects sensitive data from theft/unintentional loss
  • Provides most advanced protection against malware/zero-day attacks
  • vSEC provides lateral threat prevention internal to public cloud
  • Centralized management for cloud/on-premise infrastructure
  • Consolidated logs and reporting for hybrid cloud environments

Benefits

  • Easily extend security to your Amazon AWS cloud
  • Protect Amazon AWS Cloud-hosted apps against malware
  • Provide CPU-level security in software-defined networking environments
  • Prevent cross-application malware infection within AWS
  • Full protections of the Check Point Software Blade architecture
  • Safeguard against data and infrastructure breaches
  • Securely connect enterprise and mobile users
  • Advanced protection against malware and zero-day attacks
  • Single pane-of-glass management drives a lower security cost
  • Consistent policy and threat visibility across cloud and on-premise deployments

Pricing

£504.00 a unit a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at government@computacenter.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

6 3 3 2 9 3 2 5 1 7 6 9 0 2 1

Contact

Computacenter (UK) Ltd Karen Baldock
Telephone: +44 (0) 1707 631000
Email: government@computacenter.com

Service scope

Service constraints
No obvious constraints, it requires underlying Amazon AWS compute power in the form of their Amazon AWS cores to be able to run as this is simply just the yearly licensing fee and associated software.
If you want to deploy more than two IaaS gateways, you will need distributed management
System requirements
  • AWS Compute power (AWS Cores)
  • Appropriate connectivity from your network
  • A Check Point User Center Account and ID

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response time will be agreed in SLA with the customer
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
By browsing to support.checkpoint.com and clicking the chat now button and logging in to the UC associated with the cloud software you are having a problem with
Web chat accessibility testing
None
Onsite support
Yes, at extra cost
Support levels
Check Point Standard Support: SLA 9x5 Buisness Day. Response Time Severity 1: 30 Minutes, Severity 2,3,4 4 Hours. Latest hotfixes yes, Major Upgrades and Enhancements Yes.

Check Point Premium Support: SLA 7 x 24 Every Day. Response Time Severity 1: 30 Minutes, Severity 2,2 Hours and Severity 3 & 4 4 Hours. Latest hotfixes yes, Major Upgrades and Enhancements Yes.

Check Point Elite Support: SLA 7 x 24 Every Day. On Site Engineer for Critcal SRs Response Time Severity 1: 30 Minutes, Severity 2 30 minutes and Severity 3 & 4 4 Hours. Latest hotfixes yes, Major Upgrades and Enhancements Yes.

Check Point Diamond Support: SLA 7 x 24 Every Day. Designated Diamond Engineer Response Time Severity 1: 30 Minutes, Severity 2,3,4 based on level of support(Standard, Premium or Elite. Latest hotfixes yes, Major Upgrades and Enhancements Yes.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Users have documentation and getting started guides.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Users can extract all of their data in a file. And delete their technology instances.
End-of-contract process
At the end of the contract, the user will still be able to use the technology but not be entitled to any updates, hotfixes or support.

Using the service

Web browser interface
Yes
Using the web interface
Users can set network management, System management, Configure Advanced Routing, Manage users, High availability tools, maintenance and software updates on the web interface
Web interface accessibility standard
None or don’t know
How the web interface is accessible
You can access the web interface from the management IP address of the instance.
Web interface accessibility testing
Not applicable
API
Yes
What users can and can't do using the API
Users can use APIs to allow the system to access, manipluate, delete, change, add resource on applications or gateways via web servcies.
API automation tools
Ansible
API documentation
Yes
API documentation formats
  • HTML
  • PDF
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
Using the command line interface
Users can implement Linux and other commands to process or access information or tasks.

Scaling

Scaling available
Yes
Scaling type
Automatic
Independence of resources
Check Point Virtual Machine Scale Set (VMSS) will auto scale the traffic across the load balancers.
Usage notifications
Yes
Usage reporting
  • API
  • Email
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Check Point Software Technologies

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Other
Other data at rest protection approach
Any data on the device is securely stored within a hardened machine image under the Gaia OS.
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Snapshot
  • System BackUp
  • Save configuration
Backup controls
Users can set which back ups are used and when the back ups take place.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users schedule backups through a web interface
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
Data is protected between ourselves, AWS and the customers network through security VPN tunnels.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
We also protect our data using Threat prevention gateways.

Availability and resilience

Guaranteed availability
This is purely dictated by the host cloud provider uptime SLAs
Approach to resilience
Check Point Vsec Gateway for Amazon AWS is designed to be resilient through high availability and load sharing.
Outage reporting
Through Check Point Smart Log you can see outages and any service disruption.

Identity and authentication

User authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Other
Other user authentication
Administrators authenticate through prefered method. Remote users or network users authenticate through AD query or 2FA
Access restrictions in management interfaces and support channels
Within Check Point R80.10 Management Console you can control which admins can access what parts or make changes to whichs parts on the management or policies.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
19/03/2019
What the ISO/IEC 27001 doesn’t cover
Our ISO/IEC 27001 certification covers all our managed service people, processes and IT systems. The areas of our business not covered are those that fall outside the following: The scope of Certificate number IS 516767 is for the Group Information Security Management System in relation to the UK based Information Services Division encompassing data centre, telephony, system development, implementation, operations, administration and maintenance functions for Computacenter Group Systems, UK Corporate IT Systems and Customer Facing IT Systems including the Managed Services – Service Management Tool Suite (SMTS). This is in accordance with the Statement of Applicability v7.0 dated 03/02/2017. The scope of Certificate number IS559935 is for the protection of Computacenter and customer information that is accessed, processed or stored by personnel of the Service Operations Division Operational Support and Data Centre Services teams. This is in accordance with the Statement of Applicability v7.3 dated 04/12/2017. The scope of Certificate number IS 621751 is for protection of information that is accessed, processed or stored by personnel providing Computacenter contracted Desktop Infrastructure Services including Service Management, ITIL Service Lines, Supply Chain Services, Service Operations Engineering Support, Project Support and Operational Security. In accordance with the Statement of Applicability v4.3 dated 12/01/2018.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
GemServ
PCI DSS accreditation date
September 2018
What the PCI DSS doesn’t cover
Only the data centres for the specific controls of Requirements 9 – Restrict physical access to cardholder data and 12 - Maintain a policy that addresses information security for all personnel of PCI DSS v3.2.1, which is not relevant for this service.
Other security certifications
Yes
Any other security certifications
Various which can be discussed

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
The Group ISMS contains a consistent security assurance framework and accompanying baseline set of Information Security Policies that are to be used throughout the Computacenter Group.
Information Security Policies define the minimum security standards for the Computacenter Group. They consist of technical, procedural and staff behavioural rules that work in concert to preserve the security aspects of Computacenter IT Systems and the information that they process.
The Group ISMS Information Security Policy set is divided into categories covering topics such as Information Security Management, End-user responsibilities and Acceptable Usage plus technology specific security requirements.
An 'Acceptable use Policy' (AUP) document is included in the Policy set, as a minimum, which must be read and understood, for ensure employee’s know their obligations and comply with this and any other Security Policies that relate to their role in the organisation.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our Group Change Management service is based on ITIL best practice and has the primary objective of protecting client production services from outage and disruption resulting from change. Our GIO Group Change Management team acts as the primary interface for the client Group Change Management team to control changes to IT Infrastructure.
The process is applied and governed to ensure that changes are recorded, evaluated, prioritised, planned, tested, authorised, implemented, documented and reviewed in a controlled manner with minimal or no service disruption.
Changes are initiated directly within our toolset, using various templated models ensuring best practice policies and ease-of-use.
Vulnerability management type
Undisclosed
Vulnerability management approach
We have in-house vulnerability management processes to cover scheduled and ad-hoc scanning, identification, notification, remediation and reporting.
Customer specific programs are also deployed.
Protective monitoring type
Undisclosed
Protective monitoring approach
Our protective monitoring processes are based and run in accordance with the service and customer requirements.
Incident management type
Supplier-defined controls
Incident management approach
Our incident management processes are based on the requirements of each service and interface with our customer, as required by the contract

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Third-party
Third-party virtualisation provider
None
How shared infrastructure is kept separate
Amazon AWS infrastructure is designed from the facility to applications for hosting millions of customers simultaneously, and it provides a trustworthy foundation upon which businesses can meet their security needs.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
We host our services on AWS to alleviate having to meet these standards and requirements ourselves.

Pricing

Price
£504.00 a unit a year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
15 Day Evaluation license
Link to free trial
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk111841

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at government@computacenter.com. Tell them what format you need. It will help if you say what assistive technology you use.