Avari Solutions

Securenvoy Data Discovery

Data Discovery can scan structured and unstructured data, protecting sensitive data in local PCs, file-shares, exchange, PST/OST files, SharePoint, and any ODBC compliant database. Our solution can discover the same data in cloud services such as Box, Dropbox, Hosted Exchange, Azure, Office 365, OneDrive, SharePoint, and Google Drive

Features

  • Scan any data-type; without regard for its structure or extension
  • Locate data across the enterprise within a single management station
  • End-user education and real time feedback mechanisms
  • Structured and unstructured data scanning
  • Enterprise reporting on file-owners, locations and file types
  • DLP Policies included as standard
  • Cloud or on-premise solution and computationally inexpensive
  • Supports GDPR, PCI, PII and HIPAA audit and compliance
  • Real-time visualisation of events in enterprise dashboard
  • Automated remediation

Benefits

  • Understand your data and its value
  • Control data flow to third-parties and between business units
  • Protect vital intellectual property and assets
  • Comprehensive enterprise reporting

Pricing

£10.00 a unit a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ross.garman@avari.solutions. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

8 9 0 9 8 3 3 9 9 8 4 4 3 4 9

Contact

Avari Solutions Ross Garman
Telephone: 08450360040
Email: ross.garman@avari.solutions

Service scope

Software add-on or extension
Yes
What software services is the service an extension to
Identifies and protects sensitive data residing in Local PC’s, Files-shares, Exchange, PST/OST files, SharePoint, and any ODBC compliant database; as well as cloud services such as Box, Dropbox, Hosted Exchange, Azure, Office 365, OneDrive, SharePoint, and Google Drive
Cloud deployment model
Hybrid cloud
Service constraints
None
System requirements
SecurEnvoy Data Discovery Essentials requires 8GB memory and 2 CPU

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 1 Hour
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AAA
Phone support
Yes
Phone support availability
9 to 5 (UK time), 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Support levels: On Site Support Engineer £1200 per day plus travel/accommodation; On Site Training £1,200 per day; Maintenance and all upgrades +20% of contract value includes 9-5 support.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
User documentation available online via https://www.securenvoy.com/en-gb/resources. Onsite training is also available, as well as training videos; Adhoc scheduled Webinars; consultancy and training is also available.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
End-of-contract data extraction SecurEnvoy Data Discovery Essentials does not hold any documents or content.
End-of-contract process
Simply uninstall the SecureIdentity platform; no additional cost

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Yes
Compatible operating systems
  • Linux or Unix
  • MacOS
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
SecurEnvoy Data Discovery Essentials works on third party applications installed on mobile devices such as email, O365, Box, Alfresco.
Service interface
Yes
Description of service interface
The service has multiple interfaces depending on its type and the audience (administrator, end user). All interfaces use the latest web technologies like HTML 5, Javascript, Angular 7 etc and follow a clean, user friendly, minimalist design. User experience is optimized with simple and quick task based workflows.
Accessibility standards
WCAG 2.1 AAA
Accessibility testing
Internal testing only
API
Yes
What users can and can't do using the API
Available on request
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Custom REGEX patterns can be created and custom/bespoke searches. Custom classification can be setup. Libraries are available for licencing and integration into bespoke applications. Customisation is available when contracted. In DLP custom classifications can be setup.

Scaling

Independence of resources
Independence of resources

Each SecureIdentity platform instance is private and it scales according to usage.

Analytics

Service usage metrics
Yes
Metrics types
Service usage analytics available via SecureIdentity DLP dashboard
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Auth0, Idaptive, Okta, Varonis, Imprivata, Centrify, Onelogin, Ping, Zscaler

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Export of fingerprints are available on request. There maybe a charge for this service.
Data export formats
CSV
Data import formats
  • CSV
  • Other
Other data import formats
Other data export formats

Data-in-transit protection

Data protection between buyer and supplier networks
Private network or public sector network
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
99.9% up time with mirror servers
Approach to resilience
Available on request
Outage reporting
Through a monitoring and alerting system.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Administrator and Departmental Head have a separate interface.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Security policies and processes implemented in accordance with ISO:27001.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All components are fully tested prior to deployment. Continual monitoring and testing throughout component life-cycle.
Vulnerability management type
Undisclosed
Vulnerability management approach
Adhere to ISO:27001 standard.
Protective monitoring type
Undisclosed
Protective monitoring approach
Defined within ISO:27001 controls.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Defined within ISO:27001 controls.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£10.00 a unit a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
30-day free trial for up to five endpoints and one file server.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ross.garman@avari.solutions. Tell them what format you need. It will help if you say what assistive technology you use.