NOMIOS UK&I LIMITED

AWS Fortinet Marketplace

Infradata are one of the first Fortinet Partners to be able to provide further value for a customer in their AWS environment. Ranging from reducing a customer’s AWS consumption costs through to AWS design and roll out of new solutions. Design completed by SC/DV cleared engineers

Features

  • Bespoke pricing & duration
  • Individual end-user license agreement
  • 3-step process
  • Fast and friction-free purchase
  • Bespoke consumption reporting

Benefits

  • Reduce AWS consumption cost
  • 10% + Discount on multi-year agreements
  • Reduces complexity of transacting for existing AWS customers
  • Includes Bring Your Own License (BYOL)
  • AWS optimisation
  • Dedicated account management team

Pricing

£1 an instance an hour

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at j.irwin@infradata.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

7 1 4 0 6 3 1 8 6 0 3 0 2 5 8

Contact

NOMIOS UK&I LIMITED Jack Irwin
Telephone: 07958580004
Email: j.irwin@infradata.com

Service scope

Service constraints
None
System requirements
Basic AWS Consumption Knowledge

User support

Email or online ticketing support
Email or online ticketing
Support response times
Support is a 24x7x365 service. Response times are bespoke to individual customer requirements
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
AWS and Fortinet provide 24x7x365 support for Fortinet images running on AWS.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Infradata will provide a bespoke AWS workshop with the customer to explain how this service works, and what additional Infradata services are required. This may include design, migration, implementation, testing, managed services.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
End users are able to consult with AWS regarding extracting their data at the end of an agreement with AWS.

Users may also export their configuration from their Fortinet instance to de deployed elsewhere.
End-of-contract process
Included in a private offer will be an agree upon contract term. Once this contract term expires, the consumption costs will return back to the original cost prior to the original private offer agreement.

Using the service

Web browser interface
Yes
Using the web interface
Users interact with the AWS marketplace portal to select the product they require, we then issue a private offer to their portal which they then choose to consume by accepting the Terms & Conditions that accompany the offer.

The AWS Fortinet product is then initialised and is ready for setup by the customer via the web interface. The product can be fully configured via the web portal.

Should the customer require technical assistance they can open a ticket either directly with fortinet or ourselves, both of which are web portal based.
Web interface accessibility standard
WCAG 2.1 A
Web interface accessibility testing
None to date.
API
Yes
What users can and can't do using the API
The FortiOS API allows for complete control of the product via the API, as does the AWS API.
API automation tools
  • Ansible
  • Terraform
  • Other
Other API automation tools
Python
API documentation
Yes
API documentation formats
PDF
Command line interface
No

Scaling

Scaling available
No
Independence of resources
AWS continue to scale as their customers grow. For full information on how demand is controlled, please reach out to your AWS account manager,
Usage notifications
No

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • Network
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
Use AWS EBS to create a snapshot
Backup controls
Users interact directly with the AWS portal to create "snapshots" of the Fortinet image as it is running. They are then able to "restore" this backup at a later date if required.

Please note EBS instances and snapshots are out of the scope of the Infradata provided service and must be purchased directly from Amazon.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users schedule backups through a web interface
Backup recovery
Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
The Amazon AWS SLA is the most relevant SLA as the Fortinet image resides upon an AWS EC2 compute instance that is governed by this SLA.

Amazon offer a 99.99% monthly uptime for EC2 instances.

Should availability fall below this level then Amazon offer service credits based upon the severity of the degradation.
Approach to resilience
The AWS cloud is a globally available platform in which you can choose the geographic region in which your data is located. AWS data centers are built in clusters in various global regions. AWS calls these data center clusters Availability zones (AZs).

Availability Zones are designed for fault isolation. They are connected to multiple Internet Service Providers (ISPs) and different power grids. They are interconnected using high speed links, so applications can rely on Local Area Network (LAN) connectivity for communication between Availability
Zones within the same region.
Outage reporting
As an AWS customer, you will have access to your own dashboard regarding all service reporting.

The dashboard also provides forward looking notifications, and you can set up alerts across multiple channels, including email and mobile notifications, so you receive timely and relevant information to help plan for scheduled changes that may affect you.

In the event of AWS hardware maintenance activities that may impact one of your Amazon EC2 instances, for example, you would receive an alert with information to help you plan for, and proactively address any issues associated with the upcoming change.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Username or password
Access restrictions in management interfaces and support channels
AWS IAM enables you to implement security best practices, such as least privilege, by granting unique credentials to every user within your AWS Account and only granting permission to access the AWS services and resources required for the users to perform their jobs.

AWS IAM is secure by default; new users have no access to AWS until permissions are explicitly granted.

AWS IAM is also integrated with the AWS Marketplace, so that you can control who in your organization can subscribe to the software and services offered in the Marketplace.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Devices users manage the service through
Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
URS
ISO/IEC 27001 accreditation date
04/06/2020
What the ISO/IEC 27001 doesn’t cover
All elements of Infradata Services BV are covered by 27001 certification, including operations, managed services, and support.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • Cyber Essentials
  • SOC1, SOC2, SOC3 for AWS

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Infradata are both ISO 27001 and Cyber Essentials accredited.

Our CISO reports directly to the Group MD as does each country manager. Individuals within each country and directly responsible for ensuring compliance with both our Group ISO certifications and any local accreditations required, such as Cyber Essentials.

We use a combination of policies, education and technology to ensure that our cyber security posture remains consistent and is constantly updated. We are also an internal user of our Managed SOC service and receive alerts and actions from them when necessary.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Change details are documented in Amazon’s CM workflow tool. Changes deployed into production environments are:

• Reviewed: peer reviews of the technical aspects of a change
• Tested: when applied will behave as expected and not adversely impact performance
• Approved: to provide appropriate oversight and understanding of business impact from service owners.

Changes are typically pushed into production in a phased deployment starting with lowest impact sites. Deployments are closely monitored so impact can be evaluated. Service owners have a number of configurable metrics that measure the health of the service.

Rollback procedures are documented in Change Management ticket.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
AWS Security regularly scans all Internet facing service endpoint IP addresses for vulnerabilities (they do not include customer instances). AWS Security notifies the appropriate parties to remediate many identified vulnerabilities. External vulnerability threat assessments are performed regularly by independent security firms.

These scans are done in a manner for the health of the underlying AWS infrastructure and are do not replace customer’s own vulnerability scans required to meet their specific compliance requirements. Customers can request permission to conduct scans of their cloud infrastructure as long as they are limited to the customer’s instances and do not violate the AWS AUP.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Systems within AWS are extensively instrumented to monitor key operational and security metrics. Alarms are configured to automatically notify operations and management personnel when early warning thresholds are crossed on key metrics. When a threshold is crossed, the AWS incident response process is initiated. The Amazon Incident Response team employs industry-standard diagnostic procedures to drive resolution during business-impacting events. Staff operates 24x7x365 coverage to detect incidents and manage the impact to resolution.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
AWS utilises a three-phased approach to manage incidents:

1. Activation and Notification Phase: Incidents for AWS begin with the detection of an event.

2. Recovery Phase - the relevant resolvers will perform break fix to address the incident. Once troubleshooting, break fix and affected components are addressed, next steps include follow-up documentation and actions.

3. Reconstitution Phase - Once the relevant fix activities are complete we will assign Post mortem and deep RCA of the incident. Results of the post mortem will be reviewed, and relevant actions will be captured in a Correction of Errors document.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
Other
Other virtualisation technology used
AWS specific technology as described below.
How shared infrastructure is kept separate
Security within AWS: the operating system (OS) of the host platform, the virtual instance OS or guest OS, firewalls, and signed API calls. This helps prevent data contained within EC2 from being intercepted by unauthorized systems or users and to provide EC2 instances that are as secure as possible without sacrificing flexibility of configuration.

While customers can place interfaces into promiscuous mode, the hypervisor will not deliver any traffic to them that is not addressed to them. Even two virtual instances that are owned by the same customer located on the same physical host cannot listen to each other’s traffic.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
We used public cloud services who adhere to the EU Code of Conduct

Pricing

Price
£1 an instance an hour
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
As part of consuming in AWS with Infradata, we able to provide free trials of specific solutions before you commit to a paid consumption model with us.
Link to free trial
https://www.infradata.co.uk/partners/fortinet/aws-marketplace/

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at j.irwin@infradata.com. Tell them what format you need. It will help if you say what assistive technology you use.