Apptio, Inc.

Apptio Cloudability

Apptio Cloudability is a cloud financial management solution that helps companies monitor, manage, and rightsize cloud expense across any size business. The platform offers teams full visibility into cloud costs so they can reduce waste, optimize for efficiency, and bring solutions to market faster.

Features

  • Cloud Cost management for AWS, Azure and GCP
  • Dashboards & Reporting:Cloud agnostic Tagging, Views and Allocation engine
  • Budgets & Forecasts:Predict spend and stay on Budget
  • Anomaly Detection:Identify surprises in your spend
  • Containers:Accurately identify container costs and allocate to teams
  • Business Mapping:Define business rules for allocation & Governance
  • Scorecards:Track your maturity & see how you compare to others
  • Saving Plans & Reservations:Maximise commitments and save across providers
  • Rightsizing:Match resources to workload needs
  • Workload Placement:Find the optimal location for a task

Benefits

  • Proven record of savings of 20-40% on cloud spend
  • Automate invoicing, showback and chargeback
  • Self-service reporting and friendly UI can save 25+hrs a month
  • Cost performance analysis
  • Increase committed coverage to 80%+ with RI/Saving Plan
  • ML recommendations for AWS, Azure and GCP resource wastage
  • Forecasting, budgeting, anomaly detection and alerting by team
  • Huge wealth of experience from former AWS and GCP architects
  • Best practice cloud cost managment using FinOps
  • Migration recommendations (rehost , Azure HB, DB Freedom)

Pricing

£0 a unit

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gryan@apptio.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

9 9 2 4 8 2 5 4 4 3 5 9 0 6 1

Contact

Apptio, Inc. Gerry Ryan
Telephone: 02030148300
Email: gryan@apptio.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Apptio provides a platform that seamlessly unites data, people and processes across technology, finance and business in a way that is intuitive, intelligent and impactful.
Easily interact with data and associated capabilities
Automate cumbersome and complex process to deliver insights
Satisfy end-to-end requirements for optimal financial management
Cloud deployment model
Public cloud
Service constraints
None
System requirements
None

User support

Email or online ticketing support
Email or online ticketing
Support response times
See service terms
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
See service agreement
Web chat accessibility testing
See service agreement
Onsite support
No
Support levels
For active subscriptions to Apptio Cloud Solutions, customer support is included without additional charge in accordance with the below (“Cloud
Support’). Cloud Support provides the same terms as Enterprise Customer
Support with the following exceptions:
1. Contact support via the Help Center (https://support.apptio.com). Cloud Support does not include phone support.
2. Cloud Solutions ‐ Customer Support Targeted Response Times:
Priority Level Contact
Method
Initial Response
Time
Solution Definition (one or more of the following)
1 (Critical) Help Center 8 hours
 Issue is resolved
 Satisfactory workaround is provided
 Product patch is provided
 Fix incorporated into future release
2 (High)
Help Center 24 hours
 Issue is resolved
 Satisfactory workaround is provided
 Product patch is provided
 Fix incorporated into future release
3 (Medium) Help Center 48 hours
 Issue is resolved
 Satisfactory workaround is provided
 Fix incorporated into future release
 Answer to question is provided
4 (Low) Help Center 72 hours  Answer to question is provided
 Enhancement request logged
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Apptio Jumpstart Service:
Apptio will perform the Professional Services engagement set forth herein to onboard and enable Subscriber on standard Cloudability
application functionality. After initial enablement, Apptio will conduct a series of work sessions on Financial Operations (FinOps) best
practices, designed to help Subscriber establish their FinOps function.
Project Tasks
Apptio
Tasks
Kickoff
 Conduct Engagement Kickoff call
Phase 1: Onboarding and Enablement
 Conduct the following four (4) enablement Work Sessions:
o Week 1: Implementation & Foundational product training – Review current setup, and identify tasks to complete implementation including credentials, user preferences, current activity, and daily mail and API key generation. Review tagging, account groups, views, business mappings, and shared goals
o Week 2: Foundational product training – Review dashboards, and widgets, reports, alerts, true cost, and tag explorer
o Week 3: Foundational product training – Review containers, anomaly detection, scorecards, reservation portfolio, rightsizing, RI planner, automation, and workload placement
o Week 4: Foundational product training – Review current month, forecasts, and budgets, and user rollout
 Each Work Session is approximately 50 minutes in length
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
1)At the end of a contract, customer access to the Apptio Cloudability SAAS solution will cease. Customer data can be extracted and/or deleted on request.
End-of-contract process
Access to the Cloudability SAAS service and contracted support is typically included. Additional professional service options may be available.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Chrome
  • Safari 9+
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices
No
Service interface
Yes
Description of service interface
See service attachment
Accessibility standards
None or don’t know
Description of accessibility
See service attachment
Accessibility testing
See service attachment
API
Yes
What users can and can't do using the API
https://developers.cloudability.com/
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
See attachment

Scaling

Independence of resources
SaaS solution hosted on containers in the cloud means we scale automatically and have separated tenancy

Analytics

Service usage metrics
Yes
Metrics types
Cost and Usage Dimensions
Cost and Usage Metrics
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
CSV
Data export formats
CSV
Data import formats
Other

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Apptio's standard SLA is 99.5% for Production uptime and the Service Agreement specifies an SLA of 99.5% excluding Routine maintenance, and is contracted.
Approach to resilience
The Apptio datacenters include a primary and a backup typically located in different geographic areas. This provides assurances that if there is a natural disaster in an area, the customer can be failed over quickly and efficiently.
Outage reporting
Public dashboard

Identity and authentication

User authentication needed
Yes
User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
See attachment
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
No audit information available
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
A-LIGN
ISO/IEC 27001 accreditation date
03/02/20
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
16/9/2016
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
N/a
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • SOC2 Type II Report and SOC3 Report
  • FedRAMP Certification
  • General Data Protect Requirements (EUGDPR)
  • California Consumer Privacy Act (CCPA)
  • EU-US Privacy Shield
  • ITIL Alignment

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Apptio’s Information Security team, Legal department, and Internal Compliance/Audit department all work together to ensure that industry best security practices are met. Apptio’s Software-as-a-Service (SaaS) environment follows stringent guidelines to protect the confidentiality, integrity, privacy, and availability of your data. We have the following reporting structures: SOC2 Type II Report and SOC3 Report​, ISO27001:2013 Certification, FedRAMP Certification, Cloud Security Alliance – STAR Level One Certification, General Data Protect Requirements (EUGDPR), California Consumer Privacy Act (CCPA), EU-US Privacy Shield, ITIL Alignment

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Apptio's change management process is robust in that any change that affects the Apptio application or its environment is fully documented. This includes changes to the Apptio application, customer data and all system components that make up every data touch point within the production environments. Broadly categorized, all changes incorporate the concepts of request, approval and provision. All production environment changes must be reviewed and approved by Senior Director of Technical Operations and Director of Information Security prior to deployment. A version control repository is used for Apptio system configurations to maintain a history and audit trail.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Vulnerability scans are conducted on a monthly basis to identify changes in security posture, implemented patch effectiveness and missing patches within the environment. Vulnerability scans of our entire environment ensures patches are up-to-date and to identify any configuration deviations, etc. from our security baseline. These monthly scans are for internal consumption only. All Apptio servers and endpoints utilize anti-virus and Anti-Malware. In both categories, these systems are centrally managed and checks for new definition updates occur daily. Apptio uses IDS on border control points. We also utilize NIDS on all network segments and HIDS on all hosts.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Apptio's Incident Response policy addresses both digital and physical security incidents. In every case, there are the core incident response team members, which include members of the Information Security and Technical Operations teams. The nature of the incident could dictate additional personnel required to help manage the incident, either in a technical or administrative role. In the event of an incident, this defined process outlines the various phases in managing the incident, to include notification of the affected parties, proper containment/mitigation and executive level involvement. This process is reviewed annually.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Apptio's Incident Response policy addresses both digital and physical security incidents. In every case, there are the core incident response team members, which include members of the Information Security and Technical Operations teams. The nature of the incident could dictate additional personnel required to help manage the incident, either in a technical or administrative role. In the event of an incident, this defined process outlines the various phases in managing the incident, to include notification of the affected parties, proper containment/mitigation and executive level involvement. This process is reviewed annually.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£0 a unit
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
28 day free trial

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gryan@apptio.com. Tell them what format you need. It will help if you say what assistive technology you use.