Pro2col Ltd

Progress MOVEit Cloud

Progress MOVEit Cloud provides secure collaboration and automated file transfers of sensitive data and advanced workflow automation capabilities without the need for scripting. Encryption and activity tracking enable compliance with regulations including PCI and GDPR. Extend file transfer capabilities to all users whilst retaining control and visibility.

Features

  • Support for FTP/SFTP/FTPS/ASx/HTTPS
  • AES 256-bit encryption of files both in-transit and at-rest
  • Cryptographic tamper-evident database logs all activities
  • Unlimited Simultaneous Local/Remote Users across all protocols
  • Authentication with Azure AD, LDAP, SAMLv2, ODBC, Local Accounts
  • Granular permissions for access to files and folders
  • Secure Folder Sharing for simple, secure, controlled collaboration
  • 99.9% uptime with high availability and SOC 2 approved
  • Automated workflows with conditional logic
  • Desktop client for drag-and-drop file downloads and uploads

Benefits

  • Share files with internal and external users easily and securely
  • Single platform for one-off file sharing and collaboration
  • Secure access to files with authentication and granular permissions
  • Automate workflows between any combination of systems and people
  • Meet information security compliance requirements with visibility and control
  • Reduce the risks of non-documented scripts and manual processes
  • No patching and up-to-date security ciphers and software versions
  • Reduce IT operational costs including hardware, software maintenance and support
  • Reduce the risks of downtime for this critical business system
  • Reduce IT load for system management and partner onboarding

Pricing

£135.00 a user

Service documents

Framework

G-Cloud 12

Service ID

7 7 9 6 3 8 4 2 8 0 3 8 2 7 9

Contact

Pro2col Ltd

G-Cloud Team

​0333 123 1240

gcloud@pro2colgroup.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Uptime of 99.9%, with 43 minutes of maintenance scheduled per month.
Automation in the cloud is only available on dedicated infrastructure.
Minimum of 25 users on MOVEitCloud Professional or Premium
System requirements
  • Microsoft IE, Edge, Chrome, Mozilla Firefox or Safari
  • MOVEit Client - Microsoft Windows or OS X (Optional)
  • Ad-Hoc Plug-in - Microsoft Outlook (Optional)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Pro2col provide first line support during UK working hours - Monday to Friday 9am to 5.30pm with a response SLA of one hour. Out of hours support is handled by the vendor from Galway Ireland and Boston USA. Progress commit to a one hour response time for production affecting issues / restricted operations.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
One hour response SLA during UK office hours (09:00-17:30). Support is included in the MOVEitCloud subscription. A technical account manager will be provided by Pro2col. Cloud support engineers will be dynamically assigned tickets based on availability and capability.
MOVEit Cloud comes with 24/7 support as standard for Severity 1 tickets.
Pro2col provide additional services at an additional cost. We have a range of Managed Service options to cater for all requirements: Lite, standard and complete. Bespoke pricing is also available to meet your specific business objectives. The service can include training, partner on-boarding, workflow design and more.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Progress provide online training videos and comprehensive administrator documentation. Pro2col provide a range of services to support administrators, helpdesk teams and end users at the point of on-boarding. These are customised to meet your particular requirements. Generally, there is limited requirement for end-user training as the solution is intuitive and easy to use. Pro2col are certified training partners for Progress and also offer vendor agnostic FTP training.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Either the customer or Progress can provide an extract of the information at the end of the contract period. Progress will retain User Data for 30 days post the end of the contract and then it will be destroyed.
End-of-contract process
Pro2col will send reminders for renewal three months prior to a subscription terminating and regular follow ups thereafter. Should the user choose to terminate the contract the user or Progress will extract the User Data and will not have system access from the date of contract expiration.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The web interface for MOVEit Cloud can be accessed via a mobile device. In addition there are free native Android and iOS applications available for MOVEit.
Both mobile and desktop services support person to person use cases like:
•Uploading and downloading of files
•Uploading videos and pictures
•Sending Secure Mail and attachments
•Performing file and and folder editing tasks and
•Shared Folders with other users

The mobile app does allow for taking photos or videos and then uploading these to securely transfer and share them.
Service interface
Yes
Description of service interface
The service interface is browser based. In addition, you can monitor the availability of the service at any time by
visiting http://status.moveitcloud.com
Accessibility standards
WCAG 2.1 A
Accessibility testing
None, however MOVEit has been certified as compliant with the Americans with Disabilities Act (ADA) standards for web and windows application design.

The MOVEit Transfer complete compliance statement can be found at:
https://docs.ipswitch.com/MOVEit/Transfer2020/Help/Admin/en/index.htm#23583.htm
API
Yes
What users can and can't do using the API
MOVEit provides a REST, Java and .NET API.
The REST API enables you to develop, integrate and deploy secure file transfer and management applications that leverage your organisation or system-wide MOVEit Transfer solution.
Using the Transfer REST API, you can connect systems and clients to MOVEit Transfer using simple HTTP calls. In general, REST APIs are language and platform independent and can be the best choice to converge information systems, circumvent the unending need for client-server dependency maintenance, and span any combination of environments (including IoT, mobile, and much more).
For the REST API: https://docs.ipswitch.com/MOVEit/Transfer2019_2/API/Rest/
For The Java API: https://docs.ipswitch.com/MOVEit/Transfer2019/API/Java/index.html
For the .NET API: https://docs.ipswitch.com/MOVEit/Transfer2019/API/dotNet/html/2627398e-357a-6af8-3283-d7bf66e0ff05.htm
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
MOVEit Cloud provides a vanilla, best practice security configuration, but can be configured to meet bespoke requirements. Customisation includes areas such as branding, email templates, password policy, user group permissions, archive policy, user management, package settings for one off transfers. In MOVEit Automation, all workflows are customised based on source, host and logic.

Scaling

Independence of resources
For a complete guarantee, MOVEit Cloud offers a dedicated platform. MOVEit Cloud incorporates business continuity and disaster recovery assurances and leverages a highly available load-balanced web-farm environment to minimise downtime and prevent data loss. MOVEit Cloud is hosted in a geographically dispersed server infrastructure complete with continuous data center replication to ensure strict up-time and SLAs are met.

Analytics

Service usage metrics
Yes
Metrics types
MOVEit Cloud provides active dashboards of file and package transfer statuses. Interactive mode allows selectable and sortable status reports in addition to the full view.
You can use Live View to:
• Track volume of transfers (outgoing and incoming) at a glance
• Track latency of ongoing or recent transfers
• Track large and important transfers
• Quickly troubleshoot any incidents that could occur during daily operations.
MOVEit provides a range of pre-built reports plus the option to build customised report templates.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Progress

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
User information can be exported using the REST API. Reports can be downloaded in HTML or CSV format. Files can be downloaded using one of the supported file transfer protocols. FTP/FTPS/SFTP/HTTPS.
Data export formats
  • CSV
  • Other
Other data export formats
Files will be exported in their native format
Data import formats
  • CSV
  • Other
Other data import formats
Files can be uploaded in their native format

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks
SSH/SFTP encryption and file hashing.
The minimum strength of the encryption used during web transport is configurable.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
MOVEit Cloud has an uptime of 99.9% and a support response SLA of two hours, inside of support hours. Should this SLA not be met, the user is entitled to service credits as outlined below.

Monthly Uptime Performance Target Service Credit
99.0 to 99.9% three (3) days
95.0 to 98.9% ten (10) days
Less than 95.00% thirty (30) days
A service credit will represent the right to extend the agreement
at no cost to you for the length of time shown.
Approach to resilience
MOVEit Cloud leverage the resilience of Azure. Further information available on request.
Outage reporting
You can monitor the availability of the service at any time by
visiting http://status.moveitcloud.com (“Status Site”). Progress use the Status Site to make announcements about all service availability-impacting work including scheduled maintenance and emergency maintenance. It will include details about the nature of the work being performed and offer guidance on the expected maintenance completion. You can sign up for proactive alerts available.
In addition, you can set up email notifications within the system around specific triggers including workflows.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Access to administration accounts can be restricted by IP address mask and accessing protocol. MOVEit Cloud also blocks accounts and IP addresses which fail to authenticate successfully after a number of attempts.
Access restriction testing frequency
Less than once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
360 Advanced
PCI DSS accreditation date
March 2020
What the PCI DSS doesn’t cover
Customer bespoke configuration changes
Other security certifications
Yes
Any other security certifications
  • Pro2col is IS0 27001 certified, covering provision of additional services
  • FIPS 140-2 certified cryptography

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Progress Software operates an Executive Security Committee which has directed that a security program and supporting policy framework be operated to protect the security interests of company infrastructure, the software it produces, and customer solutions it operates. The company information security program is responsible for protecting the confidentiality, integrity, and availability of information handled by company technology systems and outwardly facing technology products. It is established that this function will identify, assess, monitor, and remediate security issues in a manner that keeps risks under control and within company and customer appetite. The program is operated according to applicable laws, regulations, and industry best practices. The function shall leverage colleagues from across the company to effectively manage risk, and efforts remain transparent to leadership. The following program components underpin the Progress’ Information Security Program.
In addition, Pro2col are ISO27001 and Cyber Essentials certified. Information Security is a key part of all employee contracts, onboarding and regular training. A copy of our policy is available on request.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Progress has a dedicated MOVEit Cloud team who assess impact before each software release is applied. That release is then applied to a non-production version and assessed for outcome before changes are made live.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
The Progress public product security policy statement can be read at:
https://community.progress.com/s/article/Product-Security-Policy-Statement
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Progress leverage AlertLogic for IDS, CiscoAMP for anti-virus, NewRelic and GrayLog to monitor application performance, and security-related tools within Azure. Further details are available upon request.
Incident management type
Supplier-defined controls
Incident management approach
Progress has a multi-phase incident response plan:
• Phase 1: Detection, Assessment and Triage
• Phase 2: Containment, Evidence Collection, Analysis and Investigation and Mitigation
• Phase 3: Remediation, Recovery, and Post-Mortem.
Incidents are reported to senior management and dealt with based on the recommendation of the MOVEit Cloud operations teams. MOVEit Cloud complies with all requirements of the GDPR and obligations for incident reporting as a data processor.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£135.00 a user
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Evaluations can be provided either as a BYOL model for hosting in your own cloud infrastructure or in our hosted test environment. These run for 30 days and will include the modules requested. MOVEit Cloud evaluations also run for 30 days.
Link to free trial
Please contact sales@pro2colgroup.com

Service documents

Return to top ↑