Vysiion Ltd

Cloud Gateway

A hybrid cloud connectivity Platform-as-a-Service (PaaS), providing a fully managed security suite and connectivity platform between everything on your network estate, multiple cloud service providers, the PSN and the internet. Features includes: Remote Access Service, Web Application Firewall (WAF), Enhanced Security Options, and Consultancy Services.


  • Cloud Connect: Rapid, secure connectivity to any cloud service provider
  • SD-VPN: Intelligent software-defined network provision
  • Firewall-as-a-Service: All traffic is sanitised, monitored and logged
  • Secure Web Gateway: Secure connectivity to the internet
  • Portal: Customisable dashboard for complete visibility, analytics, and incident management
  • Managed Service: VeriSM-aligned service model, with up to 24/7/365 support
  • PSN accredited connectivity
  • Web Application Firewall (WAF) optional add-on
  • Remote Access Service (RAS) optional add-on
  • Enhanced encryption management and consultancy services


  • Centralised Security Model: Full policy enforcement and visibility
  • Technology Agnostic: Connect via any means (MPLS, internet, 4G/5G, broadband)
  • Vendor Agnostic: Connect to any/many cloud service providers
  • Scalable and Elastic: No physical hardware constraints
  • Digital Transformation: Enables blended on- prem/cloud, continuous change
  • Fully Managed Service: 24/7/365 support available, backed by enterprise SLA's
  • Flexible, Responsive Platform: Promotes choice and expedites pace of change
  • Central Ingress Point: Eliminates shadow IT and duplicate connectivity
  • Enhanced Visibility: A single, timely and accurate source of truth
  • Accredited connectivity to PSN environments


£10,666 an instance a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at cloudsales@vysiion.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

7 3 6 5 1 5 6 6 5 7 3 4 5 6 6


Vysiion Ltd Vysiion Public Sector Team
Telephone: 01249 446500
Email: cloudsales@vysiion.co.uk

Service scope

Service constraints
No constraints. The service operates on a 'bring your own' basis.
System requirements
Any end user deivce capable of IP based connectivity

User support

Email or online ticketing support
Email or online ticketing
Support response times
Bespoke SLAs depending on customer requirement.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
Standard support and technical account management under SLAs (Mon-Fri 09:00-17:30 excl bank holidays) is included in the annual fee for the PaaS. Up to 20 small changes per month are included in the standard charge. Additional or complex changes are priced on application, and are charged at the prevailing daily rate.
Enhanced 24/7/365 support is charged at 25% of the Annual Recurring Charge. Ad-hoc consultancy and technical architecture services are charged at the prevailing daily rate.
Support available to third parties

Onboarding and offboarding

Getting started
Having engaged with the customer early in the process to fully understand their requirements, we implement a VeriSM based transition process to produce and provision the service quickly and efficiently. After completing UAT, we can provide training to the customer via a number of methods, depending on what best suits their needs. This could be on-site workship sessions, conference calls, or written documentation. A period of Early Life Support is agreed with the customer, so that we can help the users gain experience in using the service, backed up by an ITIL based support organisation that can continue to provide advice and assistance once go live has passed.
Service documentation
Documentation formats
End-of-contract data extraction
Log information, analytics and anything else that is customer specific can be copied to a repository of the customer’s choice at which point the source data will then be deleted upon confirmation of successful copy/transmission.
End-of-contract process
"The customer has the opportunity to renew the service or cease the contract. If the desire is to cease then the customer has two options;

1 – Turn the service off with immediate effect and billing ceases inside the agreed billing cycle (end of month for example)

2 – Continue operating the service working with the customer and new provider, to an agreed plan, to migrate service. This will be charged at consultative rates as required until such time as Cloud Gateway can be safely turned off"

Using the service

Web browser interface
Using the web interface
When live service commences, the client receives a dedicated URL to access their own instance of the Cloud Gateway Portal. The Portal delivers reporting and analytics of all network and security events, accessible via a web interface. It allows network administrators and users to control and keep track of real-time network performance as well as being alerted to live incidents on the network. The Portal also provides a ticketing function where helpdesk incidents can be raised, feeding directly to our support team for resolution. Users cannot see or change the rules which govern firewall and security policy, nor can they see logs via the Portal. New functionality and features are added to the Portal regularly to improve user experience.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
Web interface accessibility testing
Command line interface


Scaling available
Scaling type
Independence of resources
We enforce customer segregation by using dedicated tenancies. This ensures that their Cloud Gateway service is not affected or shared by other users.
Usage notifications
Usage reporting
  • Email
  • Other


Infrastructure or application metrics
Metrics types
  • HTTP request and response status
  • Network
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Reseller providing extra support
Organisation whose services are being resold

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least every 6 months
Penetration testing approach
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
What’s backed up
Log files and system configurations
Backup controls
Users do not control backups. All backup and recovery administration is handled by Cloud Gateway as part of our fully managed service.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
IPsec or TLS VPN gateway
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
99.95% service availability. Where any service availability issues arise for connectivity from a user site, service credits will only be applicable to that site. Where any service availability issues arise for connectivity to the internet or cloud hosted providers, service credits will be applicable to all user sites.
Approach to resilience
The service is built using overlays inside a resilient cloud architecture. Consequently each component, each set of components, each stack and each full tenancy is designed to be resilient at multiple points. This is achieved in its simplest form by having more than one of each component part available (akin to traditional High Availability), but also by leveraging cloud resilient functions such as Multiple Availability Zones, Multiple Regions, or both.
Outage reporting
The service sends alerts to our monitoring and engineering teams to inform them of any potential outages. The issues are sanitised to see if they require manual intervention by our team, or whether automatic recovery has occurred. If manual intervention is required then a proactive alert ticket is raised within our service desk portal. Our service desk portal shows tickets that are being worked on and these can be viewed by the client at any time. In addition, e-mail alerts can be created against any incidents relating to an outage, which will then be sent to approved recipients.

Identity and authentication

User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
Access restrictions in management interfaces and support channels
Our service has a robust set of multi-layered security functions at its core. Access to and from any service is managed, maintained and enforced in line with customer approved policy.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
Devices users manage the service through
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Vysiion is ISO27001 and Cyber Essentials Plus accredited and has a full suite of associated accredited information security policies that are managed and maintained by our Head of Business Services. We design and implement solutions which meet stringent security requirements and meet current industry standards as well as aligning with customers’ information policies and procedures to ensure we protect our customers’ systems and data from security breaches and cyber attacks. We continually monitor and review our security practices, working closely with officially appointed security advisors and accreditation bodies, and as such are very familiar with current legislation and standards, best-practice guidelines and the approaches required to protect UK government assets. Our employees are security cleared to enable them to deliver services to the highest information security requirements.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We follow current ITIL standards aligned Change and Configuration processes for all changes
All changes to infrastructure and systems are managed through these processes ensuring that standardised methods and procedures are followed for all. The process ensures that all changes are formally assessed, authorised and controlled to minimise any adverse service impact.
Our Change Advisory Board assess and validates all Changes from a business, technical, security and delivery perspective, drawing on subject matter experts when required.
A Forward Schedule of Change is maintained.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Potential threats are assessed through live monitoring and alerting within our platform. This is backed up with vulnerability scan's every 2 weeks across the whole platform to test, track and confirm patches have been deployed while also testing security configurations. We also obtain information from our security vendors directly (subscription and notification emails) RSS feeds. We deploy patches manually or via auto updates into our cloud infrastructure.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We identify potential compromises through live monitoring and alerting on our platform. Our monitoring and alerting rules are based on the AWS CIS Foundations benchmarks with additional controls and alerts for any non AWS infrastructure. These events are sent to our SIEM where alarms are triggered based a set of configured rules. Depending on severity the incident will be addressed immediately or in line with customer agreed change control.
Incident management type
Supplier-defined controls
Incident management approach
We operate under the VeriSM framework, utilising ITIL best practices and DevOps methodologies.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Who implements virtualisation
Third-party virtualisation provider
Amazon, Microsoft, Fortinet
How shared infrastructure is kept separate
Our service is built on a variety of cloud platforms. It is separated by customer, and each customer has their own dedicated hosting environment, such that no two customers will ever share the same service components.

Energy efficiency

Energy-efficient datacentres
Description of energy efficient datacentres
Cloud Gateway provides on-net connectivity by means of a point of presence in ARK and Equinix data centers, based in the UK.
Equinix data centres meet ISO 50001 Energy Management and ISO 14001 Environmental Management Standards.


£10,666 an instance a month
Discount for educational organisations
Free trial available
Description of free trial
Yes: We will provide a free fully dedicated platform with access to one cloud provider of the client's choice, for up to 4 weeks, to test connectivity. If technical consultancy is required, this is chargeable at the prevailing daily rate.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at cloudsales@vysiion.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.