Nowcomm Limited

Cloud Data Secure

Secure your preferred cloud eco system with an enterprise class cloud access security broker (CASB).

Features

  • Visibility of Cloud Platform Usage
  • Enforced Cloud Platform Usage
  • Policy Based Management
  • API based Implementation
  • Data Loss Prevention
  • Data Loss Visibility

Benefits

  • Control where your data sits
  • Control where your data is accessed from
  • Classify Data and Assets Together with Cloud Platform Usage
  • Protect Organisation From Unauthorised Cloud Applications

Pricing

£3.33 per licence per month

  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

7 1 2 9 5 1 3 2 5 7 4 8 7 7 4

Contact

Nowcomm Limited

Corinne Stott

0133 2821106

gcloud@nowcomm.co.uk

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Users of cloud based SaaS applications such as Office 365, G suite and sales force
Cloud deployment model Hybrid cloud
Service constraints No
System requirements
  • A per user licence
  • A per SaaS application subscription

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times Questions are all acknowledged within 5 minutes and depending on the priority are responded to from 5 minutes when it is priority 1, to 8 hours with a priority 4 ticket
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels There are 4 main support levels which Nowcomm offer which can be stacked to create the best fit for your organisation. Nowcomm’s Service Desk operates 24*7. 1) Remote Service Desk - providing technical assistance, advice and guidance. 2) Break Fix Support - providing minor software patches and upgrades. Our engineering resources can either be remote or onsite. 3) Monitoring Service - providing proactive monitoring of devices with downtime alerts. 4) Managed Service - providing Moves, Adds, Changes and Deletes, monthly backups and storage, vulnerability scanning, patching and monthly reporting.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Nowcomm onboards customers by gathering all key information required to bring the service live. All system information and supporting documentation is developed and distributed to the customer as part of the onboarding process. Detailed design documentation is derived from this initial documentation. The detailed design is agreed and signed off by both parties prior to implementation.
A full copy of the system documentation is provided following user acceptance testing.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Data is provided upon request by Nowcomm once the contract has ceased. The tenant will be deleted following sign off from the customer. Some customers may want to retain read only copies of some data, this can be arranged following conversations with our technical team.
End-of-contract process All Software functionality is provided for the duration of the contract with Nowcomm. Once the contract has ceased, the organisation will be off - boarded, information securely deleted from the Nowcomm database, and tenant is removed at no extra cost. Bespoke off-boarding requirements can be purchased via "Nowcomm Specialist Cloud Consultancy Services".

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None
Service interface Yes
Description of service interface Cloud portal for management of user application protection policies as well as user access visability and usage details.
Accessibility standards WCAG 2.1 A
Accessibility testing Intergace testing performed by vendor.
API Yes
What users can and can't do using the API We use the cloud providers API to interface into the back end authentication mechanisms to authorise our application to provide additonal policy based protection.
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment No
Customisation available No

Scaling

Scaling
Independence of resources Nowcomm are reselling a global Cisco Platform so organisations are not at service risk. Cisco hold a validated design guide detailing configuration maximum's and minimums to enable customers to scale from small to large enterprise deployment. Nowcomm have a mature staff scaling strategy enabling a response to the demands of our clients from small to enterprise scales.

Analytics

Analytics
Service usage metrics Yes
Metrics types Detailed application authorisations including IP address, geo location, policy enforcement and data breach information. Summary or detailed monthly reports can be provided for an extra cost.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold Cisco

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Data can be exported at request from the Nowcomm Support Team
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability 99.999%
Approach to resilience Available on request
Outage reporting Email alerts and cloud portal

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels All management interfaces are made available via the management VLAN only.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information No audit information available
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Nowcomm is a Cyber Essentials Certified organisation and follows the processes set out within it. Nowcomm are actively working towards Cyber Essentials Plus and 27001 and operates within the guidelines set out.
Information security policies and processes Nowcomm follow the processes from Cyber Essentials as well as key processes and procedures from 27001, 9000 and 14001.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All changes and configuration management follow ITIL V3 best practice.
Vulnerability management type Supplier-defined controls
Vulnerability management approach All external facing services are subject to monthly vulnerability scans. Patching takes place monthly with emergency patching taking place within 1 week of the vulnerability detection. In extreme circumstances and to protect the security of the organisation and customer, Nowcomm will patch on the same day. Vulnerability information is obtained from Cisco's TALOS platform and Cisco TAC. We use independent feeds using QUALSYS scanning engine, correlating all known CVE's, enabling us to establish impact for all managed assets scanned by the platform. Further support can be purchased under the "Nowcomm Monitor, Manage, Support and Optimise" GCloud service.
Protective monitoring type Undisclosed
Protective monitoring approach All external facing services are subject to monthly vulnerability scans. Patching takes place monthly with emergency patching being performed within 1 week of the vulnerability detection. In extreme circumstances and to protect the security of the organisation and customer, Nowcomm may patch on the same day. Vulnerability information is obtained from Cisco's TALOS platform and Cisco TAC. We use independent feeds using QUALSYS scanning engine, correlating all known CVE's, enabling us to establish impact for all managed assets scanned by the platform. Further support can be purchased under the "Nowcomm Monitor, Manage, Support and Optimise" GCloud service.
Incident management type Supplier-defined controls
Incident management approach Incidents are logged with a unique case reference number and tracked from triage through to resolution via our service desk platform. We have pre-approved processes / changes for certain tasks, however day to day operation is bespoke per customer and may change depending on the organisation’s needs. Users can report incidents via email, web or telephone. Reports are provided via email upon request. Major incident reports are provided within 48 hours of the incident resolution. Updates available upon request.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £3.33 per licence per month
Discount for educational organisations No
Free trial available Yes
Description of free trial 30 day, full feature trial.

Service documents

Return to top ↑