Aptum Technologies (UK) Ltd

Aptum AWS IAAS Managed Services

Aptum Managed Amazon Web Services (AWS) provides operational management of infrastructure within the AWS Cloud, including best practice advice, configuration assistance and troubleshooting, along with OS patching, anti-malware, monitoring and backup services. Aptum Hybrid Cloud Manager enables hybrid estates with on-premise, Private Cloud and Azure as well as AWS support.

Features

  • Aptum Hybrid Cloud Manager enhances AWS and enables multi-cloud
  • AWS Direct Connect -Private connection option
  • Managed DevOps option
  • Alert Logic Managed Detection & Response (MDR) option
  • OS Troubleshooting & Patching
  • Database Monitoring
  • Monitoring & Alerting
  • Identity & Access Management
  • Escalation Support
  • Monthly Reporting

Benefits

  • Hybrid Cloud Manager enhances AWS’ native management platform
  • Assess best destination by workload- AWS, Azure, Private Cloud, Hybrid
  • Build and operate workloads following AWS best practice
  • Alert Logic MDR option enables a consistent posture across estate
  • Design, streamline and 24/7 support a tailored DevOps environment
  • Solutions are monitored by our 24/7/365 operations team
  • Hybrid Cloud- Direct Connections and HCM across Azure, AWS, Private
  • Leverage multiple data centres to minimise risk of failure
  • Review usage and cost optimisation opportunities in Hybrid Cloud Manager

Pricing

£0.01 a virtual machine an hour

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@aptum.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

6 5 6 6 1 3 6 2 1 3 6 2 8 5 6

Contact

Aptum Technologies (UK) Ltd John Cave
Telephone: 0800 840 7490
Email: gcloud@aptum.com

Service scope

Service constraints
N/A
System requirements
AWS subscription must be purchased through Aptum

User support

Email or online ticketing support
Email or online ticketing
Support response times
Support is 24/7/365. Questions are responded to on a priority basis. Out of hours, we prioritise service impacting questions.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
No
Support levels
Access to Aptum portal for Azure and to online ticket system, backed by 24/7/365 phone support. Customers make just one call to our support teams and we'll keep you informed as we work on your issue through to resolution. We also provide an aligned Account Manager and a Customer Experience Manager who will manage the ongoing relationship and also are part of our incident management process. Cloud Solution Engineers, Network Architects and Network Engineers are available for complex changes and new projects.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Upon ordering Managed AWS through the management portal, you will be eligible to receive management services for resources in the Managed Cloud subscription

Additional charging options include a four stage design & build consultancy - Consult, Architect, Deploy & Test, as well as custom training options.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Users may choose to migrate their data to an alternative solution. If this solution is provided by Aptum we have migration services available to users. If the replacement solution is not provided by Aptum then data can be copied from VMs using SFTP or equivalent prior to contract end. An SQL dump can also be used as a means to extract data prior to such a transfer.
End-of-contract process
The end of contract process would be triggered by written notice of termination from the customer. On the service termination date the AWS subscription would end at which point all accounts and resources would be deleted. We can assist with migration of the data as a chargeable professional services engagement. Off boarding of all instances' data and resources would be the responsibility of the customer.

Using the service

Web browser interface
Yes
Using the web interface
Aptum’s Hybrid Cloud Management (HCM) portal provides a single pane-of-glass across Aptum’s Azure, AWS, Cloud and Private Cloud portfolio as well as on-premise solutions. HCM enables you to accelerate your cloud initiatives by delivering the visibility and control to plan and deliver migrations, secure data and automate critical tasks. HCM analyses costs, making recommendations to manage and optimize spend, complementing the AWS management Portal which is also provided as part of the Aptum AWS service.
Web interface accessibility standard
WCAG 2.1 AA or EN 301 549
Web interface accessibility testing
All aspects of the AWS portal are managed and maintained by Amazon.
API
Yes
What users can and can't do using the API
Using the AWS API, users can manage all aspects of their AWS service.
API automation tools
  • Ansible
  • Chef
  • Terraform
  • Puppet
API documentation
Yes
API documentation formats
HTML
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
Using the command line interface
Using the AWS command line interface, users can manage all aspects of their AWS service.

Scaling

Scaling available
No
Independence of resources
As a global business we have well staffed, highly trained technical support teams able to handle any peaks in support queries. AWS is a hyper scale platform, the AWS hypervisor ensures full memory and process separation between customers as well as virtual machines.
Usage notifications
Yes
Usage reporting
Email

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
Cost
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Amazon Web Services

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Files
  • Folders
  • Volumes
  • VMs
  • MSSQL databases
  • System State
Backup controls
Users add AWS VMs to the backup through the AWS portal. Users contact the support teams to schedule backups.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
AWSsolutions are backed up with SLAs from AWS.

When thinking about your AWS solution, it is important to design for availability to ensure every step has been taken to minimize downtime caused by maintenance or faults.

The Amazon Servicee Level Agreement found at the UK AWS website applies to the AWS services purchased through your Aptum AWS and Managed AWS subscriptions.
Approach to resilience
AWS resources are created in defined geographic regions. Within each region, multiple datacentres allow redundancy and availability. This approach gives flexibility as you design applications to create VMs closest to users and to meet any legal, compliance, or tax purposes. We provide best practice advice to leverage this architecture effectively.
Outage reporting
Outages to the AWS platform are displayed through the AWS portal. Customers receive email alerts through configured monitoring.

The dynamic nature of AWS means that failover between regions can be configured in the event of a region wide outage.

The failure of individual instances or applications will also result in email alerts being generated from configured monitoring .

Identity and authentication

User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
When a ticket is raised via phone, customers will always be asked to authenticate themselves using a series of security questions unique to them.

Usernames and passwords are used to restrict access to customer facing portals for Aptum systems. Role based access control (RBAC) is used to define user access rights within Aptum systems. Aptum adopts a principle of segregation of duties.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Netitude
PCI DSS accreditation date
2012
What the PCI DSS doesn’t cover
Managed AWS is not covered by Aptum PCI accreditation. For those services covered by Aptum PCI certification, Aptum operates a shared responsilibity in relation to PCI DSS, however the following requirements are out of scope its Attestation of Compliance; protect stored cardholder data, encrypt transmission of cardholder data across open, and public networks. The customer is responsible for these requirements.
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
SOC1
SOC2
PCI DSS
Information security policies and processes
Led by the General Counsel and Privacy Officer who reports to the President of the company, Aptum’s Information Security team develop, release and manage security policies based on risk assessment and in line with security good practice. The Information Security team owns the Information Security Management System (ISMS) and are responsible for assessing information risk and applying the appropriate controls. All staff must complete training on key policies such as the Acceptable Use Policy when they join and at regular defined intervals.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Our processes for Configuration and Change Management are managed through our service management tool, which follows ITIL methodology and best practice. Upgrades and feature enhancement to Aptum systems are carried out within isolated test environments and then applied to production environments once a programme of Quality Engineer Testing has been completed.

Aptum configuration standards are aligned to the centre for internet security (CIS) benchmarks.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Aptum uses industry leading security technology within it’s Vulnerability Management program. The Information Security team carries out daily, weekly and monthly check on its infrastructure depending on asset criticality. Any identified vulnerabilities are fed into the incident management lifecycle where vulnerabilities are assessed and tickets raised with the IT teams to address any weaknesses. Patching of Aptum systems is carried out on a monthly risk-based cycle. Out of band patching is completed as soon as possible. Information about potential threats is sourced from multiple credible sources including security vendors.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Aptum utilises multiple security monitoring tools across its network. A Security Incident and Event Monitoring tool powered by IBM qRadar receives critical log information from across the infrastructure which alerts the Security team to any potential threats. McAfee’s Network Security Monitor is used to monitor the Intrusion Detection System sensors placed within the workstation environment to detect any suspicious activity from workstations, and alerts raised are triaged and handled as needed. This process is aligned to NCSC C1: Security Monitoring
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Aptum operates a five stage security incident response plan - triage, investigate, contain, report and remediate. Where appropriate incidents are also reviewed by a company wide remediation panel who review all service impacting events.

Incidents are reported by automated monitoring systems, Aptum staff or by our customers and partners through our central service management tool and tracked and escalated as necessary through to resolution.

Reports are provided to impacted customers in the report phase via the central ticketing system.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Third-party
Third-party virtualisation provider
AWS
How shared infrastructure is kept separate
AWS Hypervisor provides memory and process separation between virtual machines and users.

Energy efficiency

Energy-efficient datacentres
No

Pricing

Price
£0.01 a virtual machine an hour
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
AWS Free Tier includes 750 hours of Linux and Windows t2.micro instances each month for one year. To stay within the Free Tier, use only EC2 Micro instances.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@aptum.com. Tell them what format you need. It will help if you say what assistive technology you use.