Application Private Cloud for Government - AWS-Fuseforward
FuseForward offers a suite of cloud technologies and services that help public sector simplify operations on Amazon Web Services. The patented technologies enable us to securely migrate, manage, and operate application workloads on AWS as a fully-managed service.
We also offer consulting, migration, disaster recovery and professional services for AWS.
Features
- One vendor: FuseForward
- No capital investment
- Templated, proven approach
- Best-of-breed components
- Ready-made using patented systems
- Environment provisioned for you
- Deployed in a fraction of time & cost
- We operate and maintain it for you
Benefits
- Speed-to-Value
- Operated and Maintained
- Cost Certainty
- Fully Managed
Pricing
£240 to £320 a virtual machine a month
Service documents
Request an accessible format
Framework
G-Cloud 12
Service ID
8 5 4 5 5 5 4 5 5 3 5 1 3 5 0
Contact
Fuseforward Cloud Services Ltd
Sales Team UK
Telephone: +447825602408
Email: kevin.fitzpatrick@fuseforward.com
Service scope
- Service constraints
-
FuseForward will manage the environment up to the application layer.
If the customer needs support or service in the application layer, they can purchase Application Managed Services based on a hourly rate. - System requirements
-
- 3rd party software licenses
- Application Manager
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Response times within 15 minutes.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- We create Slack channels for each customer. Users cannot create change requests through Slack.
- Web chat accessibility testing
- N/A
- Onsite support
- No
- Support levels
-
Essential Support: 5x8 Service Desk, SLA 99%, from $250 GBP per month
Business Support: 5x8 Service Desk, SLA 99.95%, Account Manager, from 1,000 GBP per month
Enterprise Support: 5x8 Service Desk, SLA 99.95%, Account Manager, Cloud Support Engineer, from 2,500 GBP per month - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
We send the customer a "Welcome Email" that includes an on-boarding document that has the SLA, support and sales contact information, escalation procedures and description of the services purchased.
Online training is then done to cover the ticketing system, slack and the FuseConsole portal. - Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- At the point equipment is ready to be physically destroyed, AWS will securely destroy media within the secure area of their data centres. Customers can seek independent verification that data is sanitised and destroyed appropriately, by reviewing documents within the AWS the Artefact service such as SOC2 reports.
- End-of-contract process
- FuseForward requires 30 day written notice to terminate an agreement.
Using the service
- Web browser interface
- Yes
- Using the web interface
- FuseConsole allows for the creation of privileged users and end users and assigns permissions for what applications they can access. It also provides analytics for both the cloud environment and the KPI's of the application.
- Web interface accessibility standard
- None or don’t know
- How the web interface is accessible
- Our Console supports for tablet services but is not currently validated against any accessibility standards.
- Web interface accessibility testing
- N/A
- API
- Yes
- What users can and can't do using the API
- Users can use the APIs in the platform to build applications using our Master Data management, or automation systems, application system an automation systems.
- API automation tools
-
- Ansible
- Terraform
- API documentation
- Yes
- API documentation formats
- Other
- Command line interface
- Yes
- Command line interface compatibility
-
- Linux or Unix
- Windows
- Using the command line interface
- The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.
Scaling
- Scaling available
- Yes
- Scaling type
- Automatic
- Independence of resources
- We can setup auto-scaling groups for application or web instances so additional instances are added or removed from the auto-scaling group when the CPU or RAM hits a pre-determined threshold.
- Usage notifications
- Yes
- Usage reporting
-
- SMS
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- HTTP request and response status
- Memory
- Network
- Number of active instances
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- Amazon Web Services (AWS)
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- EU-US Privacy Shield agreement locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- Virtual Machines
- Databases
- Log Files
- Transaction Logs
- Backup controls
- Backups are fully managed by the FuseForward team of engineers. Users can make a change request for backups via the ticketing system.
- Datacentre setup
- Multiple datacentres with disaster recovery
- Scheduling backups
- Users contact the support team to schedule backups
- Backup recovery
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Bonded fibre optic connections
- Legacy SSL and TLS (under version 1.2)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
Availability and resilience
- Guaranteed availability
-
FuseForward’s cloud services will meet the service levels described in this Service Level Agreement (SLA). Our cloud services are provided using our FuseForward management platform and underlying cloud hosting infrastructure.
Essential - 99% SLA
Business - 99.5% SLA
Enterprise - 99.95% SLA
In the event of a failure to meet the cloud service uptime, the customer needs needs to request service credits against their next bill. - Approach to resilience
-
AWS data center physical security begins at the Perimeter Layer. This Layer includes a number of security features depending on the location, such as security guards, fencing, security feeds, intrusion detection technology, and other security measures.
The Infrastructure Layer is the data center building and the equipment and systems that keep it running. Components like back-up power equipment, the HVAC system, and fire suppression equipment are all part of the Infrastructure Layer. These devices and systems help protect servers and ultimately your data.
The Data Layer is the most critical point of protection because it is the only area that holds customer data. Protection begins by restricting access and maintaining a separation of privilege for each layer. In addition, we deploy threat detection devices, video surveillance and system protocols, further safeguarding this layer.
Each AWS region has multiple data centers called availability zones (AZs). When deploying a solution, we follow best practices where the production environment for the customer application is setup in high availability (HA). This means the web/app tier and database tiers are deployed across multiple AZ.
If required we can deploy a Disaster Recovery solution into a separate region on AWS. - Outage reporting
-
The AWS service dashboard is available online at the following link:
https://status.aws.amazon.com/
It is also available via the AWS console or API where it can be customized to meet the customer requirements. The personal dashboard can be configured for email alerts.
Identity and authentication
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
- The owner of the FuseForward account needs to provide authorization for access to the ticketing and Slack channel. When the owner removes access we update our CRM database, ticketing system and Slack channel to remove that individual.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
- Devices users manage the service through
-
- Dedicated device on a segregated network (providers own provision)
- Dedicated device on a government network (for example PSN)
- Dedicated device over multiple services or networks
- Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- QAS International
- ISO/IEC 27001 accreditation date
- 17/10/2019
- What the ISO/IEC 27001 doesn’t cover
- N/A
- ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- 27/03/2020
- CSA STAR certification level
- Level 3: CSA STAR Certification
- What the CSA STAR doesn’t cover
- N/A
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- Coalfire Systems Inc
- PCI DSS accreditation date
- Unknown
- What the PCI DSS doesn’t cover
- N/A
- Other security certifications
- Yes
- Any other security certifications
-
- AWS - CSA
- AWS - ISO 27017
- AWS - ISO ISO 27018
- AWS - ISO 9001
- AWS - SOC 1
- AWS - SOC 2
- AWS - SOC 3
- AWS - G-Cloud
- AWS - EU / US Privacy Shield
- AWS - Cyber Essentials Plus
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- ITIL and ISO 27001:2013
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
The scope of Change Management encompasses:
- Roles and responsibilities for all persons involved in managing change requests for the platform and infrastructure as well as applications specifically developed by FuseForward.
- Workflow for all activities required to manage these change requests.
- Out-of-scope topics includes the implementation, release and deployment procedures for approved change requests - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
System monitoring and detection of intrusion activity is carried out by a team of trained individuals who understand the system environment and the possible points of attack. The security management system used is an IDS, which gathers and analyzes information from various areas within the system and network to identify possible security breaches in both the physical and virtual environments.
An IPS is in place to not only provide additional monitoring and analysis of network traffic but also to take immediate action when an intrusion is detected.
Dropping packets
Blocking traffic from the suspected IP address
Resetting the connection - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- Once the intrusion is isolated, the security breach is addressed and the system recovered, the team conducts an evaluation to determine what went wrong, the cause of the intrusion and ways to prevent reoccurrences in the future.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
- All incidents reported to Fuseforward should be recorded in the incident management system.
- The service manager is responsible for ensuring the Incident Management Process is followed and the incident is assigned to appropriate service desk person.
- The Service desk team should have access to; Service Level Agreements, Knowledge Database, and Configuration Management System.
- Upon resolution of an incident, the business partner/end user should be notified that the incident has been resolved.
- Once the incident has been resolved, the user and business partner will have 5 business days to reopen the incident.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Supplier
- Virtualisation technologies used
- Other
- Other virtualisation technology used
- Amazon EC2 relies on Xen Virtualization for launching all of its instances. Every physical machine has a hypervisor running on it. A Xen hypervisor allows multiple instances to share a single hardware platform.
- How shared infrastructure is kept separate
- Virtual private cloud (VPC) and accompanying features — VPC is a software defined network that allows customers to create segmented or micro-segmented network domains to isolate traffic flow between different compute environments and AWS services as well as to join together segments when needed in safe and limited ways.
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
-
The Environmental Layer is dedicated to environmental considerations from site selection and construction to operations and sustainability. AWS carefully chooses our data center locations to mitigate environmental risk, such as flooding, extreme weather, and seismic activity.
n addition to addressing environmental risks, we also incorporate sustainability considerations into our data center design. AWS has a long-term commitment to use 100% renewable energy. When companies move to the AWS Cloud from on-premises infrastructure, they typically reduce carbon emissions by 88% because our data centers can offer environmental economies of scale. Organizations generally use 77% fewer servers, 84% less power, and tap into a 28% cleaner mix of solar and wind power in the AWS Cloud versus their own data centers.
Pricing
- Price
- £240 to £320 a virtual machine a month
- Discount for educational organisations
- No
- Free trial available
- No