Implementing the CESG Cloud Security Principles

Size: px
Start display at page:

Download "Implementing the CESG Cloud Security Principles"

Transcription

1 Implementing the CESG Cloud Security Principles February 2015 Eduserv Public

2 Contents Introduction... 4 The principles... 4 About our claims Data in transit protection Asset protection and resilience Physical location and legal jurisdiction Data centre security Data at rest protection Data sanitisation Equipment disposal Physical resilience & availability Separation between consumers Governance framework Operational security Configuration and change management Vulnerability management Protective monitoring Incident management Personnel security Secure development Supply chain security Secure consumer management Authentication of consumers to management interfaces and within support channels Eduserv Public Page 2 of 16

3 9.2 Separation and access control within management interfaces Identity and authentication External interface protection Secure service administration Audit information provision to consumers Secure use of the service by the consumer Eduserv Public Page 3 of 16

4 Introduction As a buyer of cloud services, you are responsible for understanding your information assurance and security requirements and for assessing how well the suppliers you choose can meet them. The CESG Cloud Security Principles are one of the key tools that help you undertake that assessment. CESG have released a document entitled Implementing the Cloud Security Principles 1 which describes a set of 14 cloud security principles 2 and how they can be implemented. This document summarises how we implement each of the principles and, where appropriate, how we can help you to implement them within your own systems. The principles The 14 cloud security principles identified by CESG are as follows: 1. Data in transit protection Consumer data transiting networks should be adequately protected against tampering and eavesdropping via a combination of network protection and encryption. 2. Asset protection and resilience Consumer data, and the assets storing or processing it, should be protected against physical tampering, loss, damage or seizure. 3. Separation between consumers Separation should exist between different consumers of the service to prevent one malicious or compromised consumer from affecting the service or data of another. 4. Governance framework The service provider should have a security governance framework that coordinates and directs their overall approach to the management of the service and information within it. 5. Operational security The service provider should have processes and procedures in place to ensure the operational security of the service. 6. Personnel security Service provider staff should be subject to personnel security screening and security education for their role. 1 https://www.gov.uk/government/publications/implementing-the-cloud-security-principles 2 https://www.gov.uk/government/publications/cloud-service-security-principles Eduserv Public Page 4 of 16

5 7. Secure development Services should be designed and developed to identify and mitigate threats to their security. 8. Supply chain security The service provider should ensure that its supply chain satisfactorily supports all of the security principles that the service claims to implement. 9. Secure consumer management Consumers should be provided with the tools required to help them securely manage their service. 10. Identity and authentication Access to all service interfaces (for consumers and providers) should be constrained to authenticated and authorised individuals. 11. External interface protection All external or less trusted interfaces of the service should be identified and have appropriate protections to defend against attacks through them. 12. Secure service administration The methods used by the service provider s administrators to manage the operational service should be designed to mitigate any risk of exploitation that could undermine the security of the service. 13. Audit information provision to consumers Consumers should be provided with the audit records they need to monitor access to their service and the data held within it. 14. Secure use of the service by the consumer Consumers have certain responsibilities when using a cloud service in order for this use to remain secure, and for their data to be adequately protected. About our claims In reading our responses to the individual principles, it should be noted that many of the claims we make about our Secure Cloud Compute services have been independently validated and tested. We also make extensive use of assured products. Independent verification and use of assured products are two of the key strategies that CESG suggest buyers use to assess claims made by suppliers. Secure Cloud Compute: Has an appropriately scoped IS027001:2005 certification by a UKAS accredited certifying body (reviewed by PGA) Eduserv Public Page 5 of 16

6 Has been CESG PGA certified at BIL Has been CESG PGA certified at BIL (where the Enhanced Segregation service option is selected) Has undergone a comprehensive and appropriately scoped ITHC by an Independent CHECK provider (validated by CESG) Makes comprehensive use of assured products (consistent with their Target of Evaluation) such as EAL4 compute, network and firewalls and CPA assured firewalls Has undergone a design review by CESG (Enhanced Segregation). We work extensively with government and third sector organisations, where information security is a primary concern. Security is therefore a key priority across all our operations, ranging from our data centre, network and cloud infrastructures to our managed services and application development capability. We have a well-established Service and Security Operations framework for managing IL2 and IL3 Infrastructure services and for supporting IL2 and IL3 RMADS accreditation. It is centred on our ITIL Service Management approaches, our ISO27001-certified Infosec Management System and our documented SyOPs, with appropriate consideration of IL3 security operations compliance. The latter includes HMG Security Policy Framework standards and recommended practice in relevant CESG Good Practice Guides (GPG-13, GPG-20 and GPG-35). The key elements of our framework include: Service support and delivery: consideration of incident management, change and release management; availability management and IT service continuity management Security Operations: vulnerability and operational risk assessment, system access controls and security incident management procedures. Protective monitoring services to DETER level, including appropriate event log and incident recording, review, analysis and action re threats. We have a Network and Security Operations Centre located within our offices, staffed by a dedicated, specialist team appropriately trained and security cleared. It utilises a broad range of tools to monitor all key Eduserv data centre LAN and WAN network connections and customer-specific network and security service solutions. 1 Data in transit protection Principle: Consumer data transiting networks should be adequately protected against tampering and eavesdropping via a combination of network protection and encryption. We offer a number of options for making secure connections to our Cloud Compute services, as follows: IPsec VPN encrypted overlay over an Internet connection CPA/PEPAS approved encrypted overlay over an Internet connection PSN Assured connection Eduserv Public Page 6 of 16

7 PSN Protected encrypted connectivity via the PSN IPED PSN Protected encrypted overlay over a PSN Assured IL2 connection Dedicated private link GSi connectivity We can assist customers in using TLS 1.2 to protect websites and other services and can assist with the purchase and management of appropriate certificates to support this. We also have the capability to layer encryption, e.g. TLS over IPsec VPNs. Other, bespoke, options exist to extend transit protection down to a customer s tenancy. 2 Asset protection and resilience Principle: Consumer data, and the assets storing or processing it, should be protected against physical tampering, loss, damage or seizure. 2.1 Physical location and legal jurisdiction Eduserv is a UK not-for-profit company and our cloud services are operated solely within UK jurisdiction. We are ISO27001 certified and use appropriate management infrastructure, network connectivity, staff security clearances and processes to deliver our cloud services in line with the Cabinet Office Security Policy Framework (SPF), the CESG Good Practice Guides, DETER protective monitoring and the DPA principles. Our cloud delivery infrastructure is hosted in our primary data centre in Swindon and our secondary (disaster recovery) site in Slough. All data is held exclusively in the UK. 2.2 Data centre security Our primary Swindon Data Centre is certified to ISO9001:2008, ISO14001:2004, OHSAS18001:2007, ISO27001:2005 and is used to host the majority of our services including both cloud services and colocation. It caters for OFFICIAL data assessed at Business Impact Levels IL0 to IL3. We operate layered physical security controls and 24/7 manned intrusion detection and monitoring. Staff are security cleared to at least Basic Check Verification. This has been audited and assessed as fully compliant by a CESG PGA accreditor and independently assessed using SAPMA as exceeding the requirements for IL3 assets at a SEVERE threat level. Our Disaster Recovery (DR) site, which is also used to store off-site backups of customer data, is based in Slough and is owned and operated by Equinix. The data centres at this site are certified to ISO9001:2008, ISO14001:2004, OHSAS18001:2007, ISO27001:2005, ISO50001:2011 and PCI-DSS and are protected by high-security fences, CCTV surveillance and biometric entrance points protected by ballistic glass, mantraps and bulletproof doors. Physical access to Eduserv servers at this site is limited to Eduserv staff. Eduserv Public Page 7 of 16

8 2.3 Data at rest protection Physical access to media and storage devices is restricted to Eduserv staff. Virtual access to customer data held in our cloud services is limited to the customer s tenancy, with control mechanisms set within the VM operating systems. This approach uses assured products (vcloud Director and vsphere) and has been independently validated through the ITHCs undertaken as part of our PGA IL2 and IL3 certification. We can advise customers about data encryption, including both data at rest and during onboarding and off-boarding. This can include advice about the use of encrypted filesystems on customer VMs and the use of row level/cell level DB encryption if necessary. 2.4 Data sanitisation Eduserv has a robust off-boarding process for both colocation and cloud customers, covering physical kit, virtual machines, networking configurations and all other aspects of a customer s physical or virtual estate. All customer data is securely destroyed as part of the off-boarding process. For cloud customers, the process destroys the customer's virtual tenancy in such a way that none of the customer's assets can be re-used or recovered. As part of our off-boarding process, existing backups of customer data are usually deleted in line with the agreed data-retention period, however they can be deleted earlier on customer request. 2.5 Equipment disposal Our hardware decommissioning process ensures that all decommissioned storage media is physically shredded prior to leaving our data centres in line with IS Physical resilience & availability Our data centre in Swindon, which hosts our primary cloud IaaS platforms, has a power, cooling and cross connect infrastructure built to the standards of a Tier III data centre (99.982% availability over a rolling 12 month period). Our Secure Cloud Compute service has been accredited at 4 (PGA 2-2-4) for availability or 3 (PGA IL3-3-3) where the Enhanced Segregation service option is selected. These have been independently validated by a CHECK provider. For Secure Cloud Compute customers, our minimum infrastructure availability service level is 99.9% service uptime per calendar month. Customers may request service credits if they can demonstrate uptime below this level. For Managed Infrastructure customers, our minimum VM availability service level is 99.7% service uptime per calendar month (suspended during any period when the customer has administrator or root access to a VM). Services that make use of load balancing across multiple VMs will achieve significantly better uptime. Eduserv Public Page 8 of 16

9 Our Disaster Recovery service allows for the failover of Managed Infrastructure customer services to our secondary site in the event of a major failure at our primary data centre. This service provides an RPO of 15 minutes and an RTO of 2 hours. 3 Separation between consumers Principle: Separation should exist between different consumers of the service to prevent one malicious or compromised consumer from affecting the service or data of another. We offer both public (community) and private cloud IaaS services and associated service management options. Our Secure Cloud Compute service is a multi-tenanted community cloud offering (as defined by NIST), where the community is limited to public good organisations in the government, third, health and education sectors. Our Private Cloud Compute service delivers Managed IaaS using a single-tenanted private cloud offer (as defined by NIST). Our multi-tenanted services make use of a combination of logical and physical separation of customers using VMware vcloud Director and vsphere to segregate tenancies (in line with CESG assurance and Common criteria (EAL 4+)). Our Secure Cloud Compute service uses vshield Edge devices (virtual firewall routers), edge firewalls and VLANs to segregate traffic between different customers. When selected, our Enhanced Segregation service option provides a physically separate platform that has been subjected to a CESG design review, using PVLANs to segregate traffic between different customers. These approaches to separation were independently validated by a CHECK provider as part of our PGA IL2 and IL3 accreditation. 4 Governance framework Principle: The service provider should have a security governance framework that coordinates and directs their overall approach to the management of the service and information within it. Our cloud services and wider business operations have the appropriate management infrastructure, network connectivity, staff security clearances and processes to deliver our cloud services in line with the Cabinet Office Security Policy Framework (SPF) baseline control set at the DETER segment. Information Security is governed by a dedicated Information Security team using our formally documented Information Security Management System that has been continuously certified to IEC/ISO27001:2005 by a UKAS accredited certifying body. Eduserv s Executive has delegated direct responsibility for the overall security of Eduserv s cloud services to our Chief Information Security Officer. Risk management for our cloud services is managed through a monthly Security Working Group and RMADS are maintained for each service. Technical compliance checks and protective monitoring at DETER are in Eduserv Public Page 9 of 16

10 place and the services are subject to independent ITHCs by CHECK providers that are subject to external accreditation by the Pan Government Accreditor on an annual basis. 5 Operational security Principle: The service provider should have processes and procedures in place to ensure the operational security of the service. 5.1 Configuration and change management We have a robust and mature change process that is fully integrated throughout all areas of the business asset change lifecycle and that is independently validated as part of ISO Our Configuration Management Database (CMDB) is the central information repository for technical data about all Eduserv configuration items. Change and configuration management activities conducted by Eduserv include: Logging and scheduling of service requests received via the customer change authority. Impact and risk analysis of proposed changes in liaison with relevant 3rd parties, including change approval, security review and regression planning. Maintenance of a log of changes; a summary of relevant changes is provided to customers in their monthly report. Our Managed Protective Monitoring service (which is based on AccelOps and is an optional component of our Managed Infrastructure service) includes an inventory management solution with the ability to cover a customer's on-premise and cloud devices and all aspects of hardware (serial numbers, licences, BIOS, processors, memory, etc.) and software (vendor, version, licence, patch levels, etc.) information. This can be used by customers to support their own configuration and change management processes. 5.2 Vulnerability management As part of our centralised patch management and monitoring process, Eduserv ensures that operating system patches and enhancements are assessed and applied to our management and customer infrastructure in a regular, timely manner with the minimum impact to service. As part of this, we apply routine patch management through automated patch schedules deployed to low impact environments at N+2 days and to high impact environments at N+9 days. This process has been independently validated as part of ISO We maintain our situational awareness of new and emerging threats through engagement with vendors, CERTS and specialist groups. We have a dedicated OpSec team and dedicated technical information security specialists and adopt a proportionate and prioritised vulnerability management approach based on severity, exposure and compensating controls. Our Managed DDoS Protection service (which is optionally offered alongside our Managed Infrastructure service) includes a DDoS mitigation service, a content delivery network (CDN) Eduserv Public Page 10 of 16

11 and a Web Application Firewall (WAF) capability integrated into a single cloud-based service. The service protects customers against DDoS attacks, allows them to serve content to endusers with high availability and high performance and helps them to meet PCI-DSS requirements. 5.3 Protective monitoring We run protective monitoring against all our cloud platforms (covering all the management and customer infrastructure) in line with the RMADS that were independently validated as part of our IL2 and IL3 PGA. Our Managed Protective Monitoring service uses a dedicated team to provide the setup, configuration and ongoing operation of log monitoring, event analysis and automated alerting in line with CESG s Good Practice Guide no.13 (GPG-13). All relevant logs are collected, analysed, reported on and archived appropriately. Our protective monitoring activities were independently reviewed as part of the ITHCs undertaken as part of our IL3 PGA. Any issues identified through protective monitoring are fed into our incident management process. 5.4 Incident management We operate a well-defined and established ITIL incident management process to log, assign and diagnose incidents based upon urgency and impact (severity/extent) and to restore service operation as quickly as possible with the minimum disruption, in line with the agreed hours of service and target Incident recovery service level. This process has been validated as part of ISO Incident management is carried out by the Eduserv Primary Support Group (supported by our Third Line Support Team and Infrastructure Engineering Group as appropriate), whose duties include: Incident detection and recording including agreement of Incident priority and logging on incident ticketing system Diagnostics, investigation and incident assignment incident assessment and referral of issues to the relevant resolution team Incident recovery VM reboot or the restoration from backup media of a VM configuration or the implementation of a fix, in line with change management procedures and in conjunction with the customer and relevant 3rd parties Call update and escalation with respect to the target incident recovery service level. Critical incident review and monthly security event reviews. In line with our Shared Security Policy, any incident that runs the risk of jeopardising the integrity of our services is investigated and reported to the Eduserv Information Security team and the appropriate authorities. The first responder principles are applied at the point an incident is detected by either Eduserv or any tenant. Eduserv Public Page 11 of 16

12 Incidents will be managed using Eduserv s Information Security Management process and a chain of custody maintained for all evidence collected and preserved. Eduserv will use the services of a professional forensic investigation company as necessary. Incidents will reviewed by the Security Working Group to identify trends and agree any remediation identified as necessary. 6 Personnel security Principle: Service provider staff should be subject to personnel security screening and security education for their role. All Eduserv staff who have privileged roles with respect to customers' information security are SC-vetted. This process is independently verified by Defence Business Services National Security Vetting and includes an unspent criminal conviction declaration and checks on identity, right to work, educational qualifications, career history and references. All Eduserv staff are covered by our disciplinary procedure and staff who have privileged roles with respect to customers' information security are required to sign our SyOPs and work in accordance with our System Administration Policy. Eduserv is ISO27001 certified, as part of which all staff receive training and awareness about their security responsibilities. 7 Secure development Principle: Services should be designed and developed to identify and mitigate threats to their security. Eduserv services are maintained and developed in light of evolving and emerging threats through our Product Development Board and our Security Working Group. Our development is done in-house following development guidelines. All code is developed in an IDE and is held in our version control systems. Internal testers are responsible for the routine testing of systems and robust release management practices are in place. Our development processes are within scope of our ISO27001 certification and have therefore been independently validated. 8 Supply chain security Principle: The service provider should ensure that its supply chain satisfactorily supports all of the security principles that the service claims to implement. Eduserv makes limited use of third parties and, where there is a significant information security risk, only outsources services or operations to providers who are established and reputable and who have information security systems at least equivalent to Eduserv s. Any such provision is included in our risk assessments and managed as part of our security requirements checklist. Eduserv Public Page 12 of 16

13 The providers of outsourced services and operations are responsible for implementing relevant information security controls and we monitor their performance. We do not allow unescorted access by providers to any of our facilities. Our use of third parties is within scope of our ISO27001 certification and has therefore been independently validated. 9 Secure consumer management Principle: Consumers should be provided with the tools required to help them securely manage their service. 9.1 Authentication of consumers to management interfaces and within support channels Depending on which services have been purchased, customers may be given access to our cloud platforms' management user interfaces, our cloud platforms' APIs and/or a service desk. Our cloud platforms' management interfaces are accessed via a web interface. Our service desk is available by a web interface, telephone and . Customer-access to the Secure Cloud Compute management interfaces is only provided to self-managed customers, i.e. to customers who have not purchased our Managed Infrastructure service, and is protected using TLS 1.1. There is no customer access to the Secure Cloud Compute management interfaces where the Enhanced Segregation service option has been selected. Web access to our service desk is protected using TLS 1.2. Although access to our service desk is available via both telephone and , all calls requiring privileged action must be initiated using the web interface (except out of hours when they can be raised by telephone provided a correct passphrase is quoted). Customer passwords are only shared with the customer via a telephone call (initiated by us) and therefore do not remain visible within the service desk system. Access to our cloud platforms APIs (self-managed customers only) is protected using TLS 1.1. In all cases, we enforce appropriate password complexity rules. 9.2 Separation and access control within management interfaces Our cloud platforms' management interfaces use role-based access control to limit functionality to specific user accounts. These roles can be used by customers (and by Eduserv) to tailor functionality to particular classes of user. These role-based permissions are inherited from the API. We use assured products (vsphere and vcloud Director) to deliver this functionality. As noted in section 9.1, customers who make use of our Managed Infrastructure service, i.e. who ask us to manage their infrastructure on their behalf, get no access to the cloud platform management interface (and usually get restricted access to their VM operating systems, Eduserv Public Page 13 of 16

14 though this can be adapted in certain circumstances). The use of our Managed Infrastructure service is mandated at IL3. 10 Identity and authentication Principle: Access to all service interfaces (for consumers and providers) should be constrained to authenticated and authorised individuals. Named user accounts are set up prior to any customer service being made live, with secure information being exchanged out of band. All access to our cloud platforms' management user interfaces, our cloud platforms' APIs and our service desk is subsequently restricted to that limited set of named accounts. Access to the cloud platforms management interfaces is protected using usernames and passwords and self-managed customers (at IL2 only) are able to choose their own passwords. User accounts are managed using Active Directory and are limited to dedicated tenancies which are not re-used. Our protective monitoring service provides alerts and reporting about logins and failed logins. We have measures in place to deter brute force attacks and the cloud platforms' management interfaces and service desk were subject to independent validation as part of the ITHCs undertaken for PGA at IL2 and IL3. Multi-factor authentication is currently available as a bespoke solution and is on our development roadmap for G-Cloud. Federated access control to our cloud platforms management interfaces, based on SAML 2, is available as an option for self-managed customers (at IL2 only). 11 External interface protection Principle: All external or less trusted interfaces of the service should be identified and have appropriate protections to defend against attacks through them. Our Secure Cloud Compute service was independently pen-tested to appropriate levels as part of the accreditation ITHC, with testing undertaken by CHECK providers and the scope validated by the PGA. Where the Enhanced Segregation service option is selected, the underlying platform has also been subjected to a CESG design review. Access to our Secure Cloud Compute management interface and API is available over the Internet, Janet and dedicated links. Access to customer VMs hosted on that platform is limited to the networks associated with their particular tenancy. Where the Enhanced Segregation service option is selected, access to our Secure Cloud Compute management interface and API is only available to Eduserv staff. Access to customer VMs hosted on that platform is limited to the PSN or an appropriately accredited link. Eduserv Public Page 14 of 16

15 All our cloud services are protected at the network edge by carrier-class next generation firewalls. 12 Secure service administration Principle: The methods used by the service provider s administrators to manage the operational service should be designed to mitigate any risk of exploitation that could undermine the security of the service. Our Secure Cloud Compute service is underpinned by logically separated management and customer infrastructure. This infrastructure is managed directly from devices which are also used for normal business use (with access controlled as outlined in our responses to principles 9 and 10). Bastion hosts are on the roadmap for this service. Where the Enhanced Segregation service option is selected, our Secure Cloud Compute service is underpinned by physically separated management and customer infrastructure platform. It is managed using dedicated devices on a segregated network, accessed via dedicated VPN and endpoints. Both platforms were independently pen-tested to appropriate levels as part of the accreditation ITHC, with testing undertaken by CHECK providers and the scope validated by the PGA. Our Enhanced Segregation service option has also been subjected to a CESG design review. 13 Audit information provision to consumers Principle: Consumers should be provided with the audit records they need to monitor access to their service and the data held within it. We do not currently provide audit information to customers as a standard part of our service. However, our Managed Protective Monitoring service can be used to provide customers with log monitoring, event analysis, automated alerting and monthly reports in line with CESG s Good Practice Guide no.13 (GPG-13). 14 Secure use of the service by the consumer Principle: Consumers have certain responsibilities when using a cloud service in order for this use to remain secure, and for their data to be adequately protected. Customer responsibilities were documented as part of our accreditation RMADS at IL2 and IL3. These include our Shared Security Policy and Tenant Information Assurance Conditions. Our Eduserv Terms of Business for Managed Cloud and Digital Development Services 3 make general reference to the need for customers to adhere to good security practices. 3 Eduserv Public Page 15 of 16

16 We do not currently make detailed security guidance directly available to customers as part of our cloud services Knowledge Base but it is on our documentation roadmap to do so. Eduserv Public Page 16 of 16

Service Definition Document

Service Definition Document Service Definition Document QinetiQ Secure Cloud Protective Monitoring Service (AWARE) QinetiQ Secure Cloud Protective Monitoring Service (DETER) Secure Multi-Tenant Protective Monitoring Service (AWARE)

More information

Managed DDoS Protection

Managed DDoS Protection G-Cloud Service Definition Managed DDoS Protection Managed DDoS Protection v6.0 Page 1 of 19 Contents Contents... 2 1. Definitions... 4 2. Service Summary... 5 2.1. Functional Overview... 5 2.2. Non-Functional

More information

GOVERNMENT HOSTING. Cloud Service Security Principles Memset Statement. www.memset.com

GOVERNMENT HOSTING. Cloud Service Security Principles Memset Statement. www.memset.com GOVERNMENT HOSTING Cloud Service Security Principles Memset Statement Summary - March 2014 The Cabinet Office has produced a set of fourteen Cloud Service Security Principles to be considered when purchasers

More information

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 2.1, Issue Date: 05/02/201405/02/2014. Classification: Open

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 2.1, Issue Date: 05/02/201405/02/2014. Classification: Open Protective Monitoring as a Service Version: 2.1, Issue Date: 05/02/201405/02/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 201416/12/2014. Other than for the sole purpose of evaluating

More information

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 1.0, Issue Date: 05/02/201405/02/2014. Classification: Open

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 1.0, Issue Date: 05/02/201405/02/2014. Classification: Open Protective Monitoring as a Service Version: 1.0, Issue Date: 05/02/201405/02/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 2014. Other than for the sole purpose of evaluating this

More information

GPG13 Protective Monitoring. Service Definition

GPG13 Protective Monitoring. Service Definition GPG13 Protective Monitoring Service Definition Issue Number V1.3 Document Date 27 November 2014 Author: D.M.Woodcock Classification UNCLASSIFIED Version G-Cloud 6 2014 Copyright Assuria Limited. All rights

More information

Thales Service Definition for PSN Secure Email Gateway Service for Cloud Services

Thales Service Definition for PSN Secure Email Gateway Service for Cloud Services Thales Definition for PSN Secure Email Gateway Thales Definition for PSN Secure Email Gateway for Cloud s April 2014 Page 1 of 12 Thales Definition for PSN Secure Email Gateway CONTENT Page No. Introduction...

More information

A. Reference information. A0. G-Cloud Programme unique ID number for the service and version number of this scoping template

A. Reference information. A0. G-Cloud Programme unique ID number for the service and version number of this scoping template G-Cloud Service Pan Government Security Accreditation Scope This form is intended for Suppliers of services on the G-Cloud to complete. Upon receipt, the G-Cloud Programme will check Section A, Reference

More information

Lot 1 Service Specification MANAGED SECURITY SERVICES

Lot 1 Service Specification MANAGED SECURITY SERVICES Lot 1 Service Specification MANAGED SECURITY SERVICES Fujitsu Services Limited, 2013 OVERVIEW OF FUJITSU MANAGED SECURITY SERVICES Fujitsu delivers a comprehensive range of information security services

More information

IBM G-Cloud Microsoft Windows Active Directory as a Service

IBM G-Cloud Microsoft Windows Active Directory as a Service IBM G-Cloud Microsoft Windows Active Directory as a Service Service Definition IBM G-Cloud Windows AD as a Service 1 1. Summary 1.1 Service Description This offering is provided by IBM Global Business

More information

PSN Protective Monitoring. Service Definition

PSN Protective Monitoring. Service Definition PSN Protective Monitoring Service Definition Issue Number V3.0 Document Date 29 September 2015 Author: R.N. Connor Classification UNCLASSIFIED Version G-Cloud 7 2015 Copyright Tenian Limited. All rights

More information

Secure LAMP Application Server Service

Secure LAMP Application Server Service Service Definition Document GCloud 7 : Product : G7 3.LAMP.008 Summary Secure LAMP Application Server Service Secure managed Web Software service, deliverying a LAMP application Service. Supports a wide

More information

A Decision Maker s Guide to Securing an IT Infrastructure

A Decision Maker s Guide to Securing an IT Infrastructure A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose

More information

Virtual Desktop Infrastructure Platform as a Service

Virtual Desktop Infrastructure Platform as a Service www.steria.com/uk Virtual Desktop Infrastructure Platform as a Service creativity simplicity independence respect openness contents 1 Overview... 4 1.1 Benefits of Virtual Desktop Infrastructure... 5 2

More information

IBX Business Network Platform Information Security Controls. 2015-02- 20 Document Classification [Public]

IBX Business Network Platform Information Security Controls. 2015-02- 20 Document Classification [Public] IBX Business Network Platform Information Security Controls 2015-02- 20 Document Classification [Public] Table of Contents 1. General 2 2. Physical Security 2 3. Network Access Control 2 4. Operating System

More information

Projectplace: A Secure Project Collaboration Solution

Projectplace: A Secure Project Collaboration Solution Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the

More information

Thales Service Definition for NOC Services for Cloud

Thales Service Definition for NOC Services for Cloud Thales Service Definition for UK NOC Services Thales Service Definition for NOC Services for Cloud April 2014 Page 1 of 13 Thales Service Definition for UK NOC Services CONTENT Page No. Introduction...

More information

G-Cloud Service Definition. Atos Infrastructure as a Service (IL3) for Cloud IaaS

G-Cloud Service Definition. Atos Infrastructure as a Service (IL3) for Cloud IaaS G-Cloud Service Definition Atos Infrastructure as a Service (IL3) for Cloud IaaS Atos Accredited Secure Cloud Infrastructure as a Service (IL3) Robust, secure, scalable Cloud computing and consumption-based

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

Remote Access Service (RAS)

Remote Access Service (RAS) Remote Access Service (RAS) Contents 1 Introduction to Remote Access Service...2 2 Service Definition...3 2.1 Functionality & Features... 3 2.2 Access Methods... 3 3 Differentiators...4 4 Commercials...5

More information

SERVICE DEFINITION G-CLOUD 7 SECURE FILE TRANSFER DIODE. Classification: Open

SERVICE DEFINITION G-CLOUD 7 SECURE FILE TRANSFER DIODE. Classification: Open SERVICE DEFINITION G-CLOUD 7 SECURE FILE TRANSFER DIODE Classification: Open Classification: Open ii MDS Technologies Ltd 2015. Other than for the sole purpose of evaluating this Response, no part of this

More information

Thales Service Definition for IL3 Encrypted Overlay for Cloud Services

Thales Service Definition for IL3 Encrypted Overlay for Cloud Services Thales Service Definition for UK IL3 Encrypted Overlay Thales Service Definition for IL3 Encrypted Overlay for Cloud Services April 2014 Page 1 of 11 Thales Service Definition for UK IL3 Encrypted Overlay

More information

Vodafone Total Managed Mobility

Vodafone Total Managed Mobility Vodafone Total Managed Mobility More productivity, less complexity Vodafone Power to you What s inside? What you get see how your business benefits 4 In detail find out how it all works 5 Service lifecycle

More information

Service description RFL Virtual Data Centre

Service description RFL Virtual Data Centre Service description RFL Virtual Data Centre IaaS G-Cloud 6 1 Contents Overview... 3 Highlights... 3 Description... 3 Use cases... 3 Use cases... 5 Use cases... 5 Pricing... 5 Information assurance... 5

More information

Security from a customer s perspective. Halogen s approach to security

Security from a customer s perspective. Halogen s approach to security September 18, 2015 Security from a customer s perspective Using a cloud-based talent management program can deliver tremendous benefits to your organization, including aligning your workforce, improving

More information

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4

More information

Dedicated Compute Cloud. Lot 1 - Infrastructure as a Service. Version: 1.0, Issue Date: 09/12/2014. Classification: Open

Dedicated Compute Cloud. Lot 1 - Infrastructure as a Service. Version: 1.0, Issue Date: 09/12/2014. Classification: Open Dedicated Compute Cloud Version: 1.0, Issue Date: 09/12/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 201416/12/2014. Other than for the sole purpose of evaluating this Response,

More information

service description Email, SharePoint and File Archive in the Cloud Software as a Service

service description Email, SharePoint and File Archive in the Cloud Software as a Service easy to adopt, easy to use, easy to leave service description Email, SharePoint and File Archive in the Cloud Software as a Service version 4.0 Contents Overview... 3 Example use cases... 3 Pricing...

More information

Web Conferencing and Collaboration as a Service

Web Conferencing and Collaboration as a Service Service Definition Document GCloud 7 : Product : G7 3.LAMP.008 Summary Web Conferencing and Collaboration as a Service Web Conferencing and project collaboration service designed for mobile and desktop

More information

Embrace the G-Cloud. Ultra Secure Colocation Services for the Public Sector. thebunker.net Phone: 01304 814800 Fax: 01304 814899 info@thebunker.

Embrace the G-Cloud. Ultra Secure Colocation Services for the Public Sector. thebunker.net Phone: 01304 814800 Fax: 01304 814899 info@thebunker. Embrace the G-Cloud Ultra Secure Colocation Services for the Public Sector 1 Phone: 01304 814800 Fax: 01304 814899 info@ Contents Introduction What is G-Cloud? Types of accreditation: Business Impact Levels

More information

1 Introduction 2. 2 Document Disclaimer 2

1 Introduction 2. 2 Document Disclaimer 2 Important: We take great care to ensure that all parties understand and appreciate the respective responsibilities relating to an infrastructure-as-a-service or self-managed environment. This document

More information

Secure Hosting Services

<cloud> Secure Hosting Services Global Resources... Local Knowledge Figtree offers the functionality of Figtree Systems Software without the upfront infrastructure investment. It is the preferred deployment solution for organisations

More information

service description Document Management in the Cloud Software as a Service

service description Document Management in the Cloud Software as a Service easy to adopt, easy to use, easy to leave service description Document Management in the Cloud Software as a Service version 4.0 Contents Overview... 3 Example use cases... 3 Pricing... 4 Trial service...

More information

SERVICE DEFINITION G-CLOUD 7 THALES PSN MAIL GATEWAY. Classification: Open

SERVICE DEFINITION G-CLOUD 7 THALES PSN MAIL GATEWAY. Classification: Open SERVICE DEFINITION G-CLOUD 7 THALES PSN MAIL GATEWAY Classification: Open Classification: Open ii MDS Technologies Ltd 2015. Other than for the sole purpose of evaluating this Response, no part of this

More information

Caretower s SIEM Managed Security Services

Caretower s SIEM Managed Security Services Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During

More information

DOBUS And SBL Cloud Services Brochure

DOBUS And SBL Cloud Services Brochure 01347 812100 www.softbox.co.uk DOBUS And SBL Cloud Services Brochure enquiries@softbox.co.uk DOBUS Overview The traditional DOBUS service is a non-internet reliant, resilient, high availability trusted

More information

Security Controls for the Autodesk 360 Managed Services

Security Controls for the Autodesk 360 Managed Services Autodesk Trust Center Security Controls for the Autodesk 360 Managed Services Autodesk strives to apply the operational best practices of leading cloud-computing providers around the world. Sound practices

More information

Cloud Computing Governance & Security. Security Risks in the Cloud

Cloud Computing Governance & Security. Security Risks in the Cloud Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

VMware vcloud Air Security TECHNICAL WHITE PAPER

VMware vcloud Air Security TECHNICAL WHITE PAPER TECHNICAL WHITE PAPER The Shared Security Model for vcloud Air The end-to-end security of VMware vcloud Air (the Service ) is shared between VMware and the customer. VMware provides security for the aspects

More information

SERVICE DEFINITION. TLS i-sat Remote/Secure Cloud Printing (SaaS)

SERVICE DEFINITION. TLS i-sat Remote/Secure Cloud Printing (SaaS) SERVICE DEFINITION TLS i-sat Remote/Secure Cloud Printing (SaaS) Contents Introduction..3 Highlights.3 Overview. 4 Example Use Cases...5 Trial Service.6 Information Assurance 6 Product Features...7 Technical

More information

¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ à Securities and Exchange Board of India

¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ à Securities and Exchange Board of India CIRCULAR CIR/MRD/DP/13/2015 July 06, 2015 To, All Stock Exchanges, Clearing Corporation and Depositories. Dear Sir / Madam, Subject: Cyber Security and Cyber Resilience framework of Stock Exchanges, Clearing

More information

BSM for IT Governance, Risk and Compliance: NERC CIP

BSM for IT Governance, Risk and Compliance: NERC CIP BSM for IT Governance, Risk and Compliance: NERC CIP Addressing NERC CIP Security Program Requirements SOLUTION WHITE PAPER Table of Contents INTRODUCTION...................................................

More information

SCC Information Assurance Practice, CLAS Consulting, Check Testing and Accreditation Services

SCC Information Assurance Practice, CLAS Consulting, Check Testing and Accreditation Services SCC Information Assurance Practice, CLAS Consulting, Check Testing and Accreditation Services Contents 1 Introduction...2 2 IA, CLAS Consulting and CHECK Testing...3 3 Information Assurance...4 4 Accreditation...5

More information

Connecting to the Cloud. Lot 4 - Specialist Cloud Services. Version: 3.0, Issue Date: 01/12/2014. Classification: Open

Connecting to the Cloud. Lot 4 - Specialist Cloud Services. Version: 3.0, Issue Date: 01/12/2014. Classification: Open Connecting to the Cloud Version: 3.0, Issue Date: 01/12/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 201415/12/2014. Other than for the sole purpose of evaluating this Response,

More information

Supplier Security Assessment Questionnaire

Supplier Security Assessment Questionnaire HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.

More information

A guide to procuring Accredited Cloud Services

A guide to procuring Accredited Cloud Services A guide to procuring Accredited Cloud Services Contents 2 Introduction 3 Chapter 1: What are Accredited Cloud Services? 4 Chapter 2: Preparing to procure Accredited Cloud Services 6 Chapter 3: Comparing

More information

Information security controls. Briefing for clients on Experian information security controls

Information security controls. Briefing for clients on Experian information security controls Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face

More information

Platform as a Service

Platform as a Service Platform as a Service Service Definition Version: 1.0 Version date: October 2015 Classification: Public Backup-as-a-Service Systems Monitoring DR-as-a-Service Storage-as-a-Service Hosted Exchange Colocation

More information

G-Cloud Service Definition. Canopy Unmanaged Enterprise Private Cloud (IL3 Capable) IaaS

G-Cloud Service Definition. Canopy Unmanaged Enterprise Private Cloud (IL3 Capable) IaaS G-Cloud Service Definition Canopy Unmanaged Enterprise Private Cloud (IL3 Capable) IaaS Canopy Unmanaged Enterprise Private Cloud IaaS Canopy Unmanaged Enterprise Private Cloud delivers the efficiencies,

More information

Guardian365. Managed IT Support Services Suite

Guardian365. Managed IT Support Services Suite Guardian365 Managed IT Support Services Suite What will you get from us? Award Winning Team Deloitte Best Managed Company in 2015. Ranked in the Top 3 globally for Best Managed Service Desk by the Service

More information

GOVERNANCE AND SECURITY BEST PRACTICES FOR PAYMENT PROCESSORS

GOVERNANCE AND SECURITY BEST PRACTICES FOR PAYMENT PROCESSORS GOVERNANCE AND SECURITY BEST PRACTICES FOR PAYMENT PROCESSORS A White Paper by i2c, Inc. 1300 Island Drive Suite 105 Redwood City, CA 94065 USA +1 650-593-5400 sales@i2cinc.com www.i2cinc.com Table of

More information

Get Better Protected... Secure data sharing made possible with Updata s Encryption Overlay Service.

Get Better Protected... Secure data sharing made possible with Updata s Encryption Overlay Service. i Compliant Fully managed Encryption Overlay service enabling data sharing across secure networks. Provides operational efficiencies and cost savings through simplified procurement Get Better Protected...

More information

Ensuring security the last barrier to Cloud adoption

Ensuring security the last barrier to Cloud adoption Ensuring security the last barrier to Cloud adoption Publication date: March 2011 Ensuring security the last barrier to Cloud adoption Cloud computing has powerful attractions for the organisation. It

More information

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto Cloud Computing: What needs to Be Validated and Qualified Ivan Soto Learning Objectives At the end of this session we will have covered: Technical Overview of the Cloud Risk Factors Cloud Security & Data

More information

Primary Storage in the Cloud. Lot 1 - Infrastructure as a Service. Version: 5.0, Issue Date: 07/12/2014. Classification: Open

Primary Storage in the Cloud. Lot 1 - Infrastructure as a Service. Version: 5.0, Issue Date: 07/12/2014. Classification: Open Primary Storage in the Cloud Version: 5.0, Issue Date: 07/12/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 2014. Other than for the sole purpose of evaluating this Response, no

More information

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES Contents Introduction... 3 The Technical and Organizational Data Security Measures... 3 Access Control of Processing Areas (Physical)... 3 Access Control

More information

How to gain accreditation for a G-Cloud Service

How to gain accreditation for a G-Cloud Service www.ascentor.co.uk How to gain accreditation for a G-Cloud Service Demystify the process As a registered supplier of G-Cloud services you will be keenly aware that getting onto the G-Cloud framework does

More information

CLOUD SERVICE SCHEDULE

CLOUD SERVICE SCHEDULE CLOUD SERVICE SCHEDULE 1 DEFINITIONS Defined terms in the Standard Terms and Conditions have the same meaning in this Service Schedule unless expressed to the contrary. In this Service Schedule, unless

More information

Secure Remote Backup (IL3) G-Cloud Lot3 IaaS

Secure Remote Backup (IL3) G-Cloud Lot3 IaaS Secure Remote Backup (IL3) G-Cloud Lot3 IaaS Contents Service Definition... 3 An overview of the Remote Backup as a Service... 3 Key Service Attributes... 4 Information assurance... 5 Details of the level

More information

Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices

Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices The Payment Card Industry (PCI) Data Security Standard (DSS) provides an actionable framework for developing a robust payment card data security process. The Payment Application Data Security Standard

More information

Spyders Managed Security Services

Spyders Managed Security Services Spyders Managed Security Services To deliver world-class Managed Security Services, Spyders must maintain and invest in a strong Security Operations Centre (SOC) capability. Spyders SOC capability is built

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

Service Description for Hosted Server

Service Description for Hosted Server Service Overview tolomy has created its Hosted Server environment using VMware ESXi which provides the foundation for building and managing a virtualised IT infrastructure. These market leading, production-proven

More information

Injazat s Managed Services Portfolio

Injazat s Managed Services Portfolio Injazat s Managed Services Portfolio Overview Premium Managed Services to Transform Your IT Environment Injazat s Premier Tier IV Data Center is built to offer the highest level of security and reliability.

More information

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.

More information

Preparing an RFI for. This RFI has been updated to reflect the new requirements in Version 3.0 of the PCI DSS, which took effect January 2015.

Preparing an RFI for. This RFI has been updated to reflect the new requirements in Version 3.0 of the PCI DSS, which took effect January 2015. Preparing an RFI for Protecting cardholder data is a critical and mandatory requirement for all organizations that process, store or transmit information on credit or debit cards. Requirements and guidelines

More information

GoodData Corporation Security White Paper

GoodData Corporation Security White Paper GoodData Corporation Security White Paper May 2016 Executive Overview The GoodData Analytics Distribution Platform is designed to help Enterprises and Independent Software Vendors (ISVs) securely share

More information

Agilisys G-Cloud Service V

Agilisys G-Cloud Service V Agilisys G-Cloud Service V Service Definition Endpoint Management Lot 1 Infrastructure as a Service (IaaS) April 2014 At Agilisys we deliver success through innovation working with our clients to transform

More information

At its meeting in March 2012, the Committee approved the Internal Audit Plan for 2012-13.

At its meeting in March 2012, the Committee approved the Internal Audit Plan for 2012-13. Audit Committee 28 Internal audit report ICT Security Executive summary and recommendations Introduction Mazars has undertaken a review of ICT Security controls, in accordance with the internal audit plan

More information

Audit Management. service definition document

Audit Management. service definition document Audit Management service definition document Contents Introduction... 3 Service Description... 3 Features and Benefits... 4 Architecture... 5 Service Delivery... 6 Service Provisioning Time... 7 Service

More information

Exhibit to Data Center Services Service Component Provider Master Services Agreement

Exhibit to Data Center Services Service Component Provider Master Services Agreement Exhibit to Data Center Services Service Component Provider Master Services Agreement DIR Contract No. DIR-DCS-SCP-MSA-002 Between The State of Texas, acting by and through the Texas Department of Information

More information

HIPAA Compliant Infrastructure Services. Real Security Outcomes. Delivered.

HIPAA Compliant Infrastructure Services. Real Security Outcomes. Delivered. Real Security Outcomes. Delivered. Deploying healthcare and healthcare related services to the cloud can be frightening. The requirements of HIPAA can be difficult to navigate, and while many vendors claim

More information

Cloud-based Infrastructure and Application Support Service Definition

Cloud-based Infrastructure and Application Support Service Definition +44 (0) 20 3603 7830 hello@equalexperts.com www.equalexperts.com 30 Brock Street London, NW1 3FG Cloud-based Infrastructure and Application Support Service Definition Overview We provide 24/7 support to

More information

SaaS Security for the Confirmit CustomerSat Software

SaaS Security for the Confirmit CustomerSat Software SaaS Security for the Confirmit CustomerSat Software July 2015 Arnt Feruglio Chief Operating Officer The Confirmit CustomerSat Software Designed for The Web. From its inception in 1997, the architecture

More information

WebFOCUS Cloud Express. The WebFOCUS Cloud Express service is delivered as a managed G-Cloud service by Amtex Solutions Ltd.

WebFOCUS Cloud Express. The WebFOCUS Cloud Express service is delivered as a managed G-Cloud service by Amtex Solutions Ltd. Service Definition The name of the Service is: WebFOCUS Cloud Express An overview of WebFOCUS Cloud Express The WebFOCUS Cloud Express service is delivered as a managed G-Cloud service by Amtex Solutions

More information

BKDconnect Security Overview

BKDconnect Security Overview BKDconnect Security Overview 1 Introduction 1.1 What is BKDconnect 1.2 Site Creation 1.3 Client Authentication and Access 2 Security Design 2.1 Confidentiality 2.1.1 Least Privilege and Role Based Security

More information

Service Description. Communications Data WorkFlow Management Software from Cyclops Cloud. Product Overview

Service Description. Communications Data WorkFlow Management Software from Cyclops Cloud. Product Overview Service Description Communications Data WorkFlow Management Software from Cyclops Cloud Product Overview Cyclops Cloud Communications Data WorkFlow Management Software provides a comprehensive Cloud based

More information

FMCS SECURE HOSTING GUIDE

FMCS SECURE HOSTING GUIDE FMCS SECURE HOSTING GUIDE October 2015 SHG-MNL-v3.0 CONTENTS INTRODUCTION...4 HOSTING SERVICES...4 Corporate Secure Hosting... 4 Hosting Partner... 4 Hosting Location... 4 Physical Security... 4 Risk and

More information

G-Cloud Service Definition. Atos Information Security Wireless Scanning Service

G-Cloud Service Definition. Atos Information Security Wireless Scanning Service G-Cloud Service Definition Atos Information Security Wireless Scanning Service Keeping your wireless networks secure Atos Information Security Wireless Scanning Service The Atos Wireless Scanning Service

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

Open Source Sales Force Automation (SFA) in the Cloud SaaS

Open Source Sales Force Automation (SFA) in the Cloud SaaS Open Source Sales Force Automation (SFA) in the Cloud SaaS Service Overview Our open source Sales Force Automation (SFA) in the cloud service allows customers to perform marketing automation through multi

More information

SERVICE DEFINITION. G-Cloud 7 MANAGED SERVER. Classification: Open

SERVICE DEFINITION. G-Cloud 7 MANAGED SERVER. Classification: Open SERVICE DEFINITION G-Cloud 7 MANAGED SERVER Classification: Open Classification: Open ii MDS Technologies Ltd 2015. Other than for the sole purpose of evaluating this Response, no part of this material

More information

Cloud Software Services for Schools

Cloud Software Services for Schools Cloud Software Services for Schools Supplier self-certification statements with service and support commitments Please insert supplier details below Supplier name Address Contact name Contact email Contact

More information

Growth Through Excellence

Growth Through Excellence Growth Through Excellence Public/Private Cloud Services Service Definition Document G- Cloud 5 REFERENCE NUMBER RM1557v Table of Contents Table of Contents... 3 Executive Summary... 4 About the Company...

More information

Cloud Computing Security Considerations

Cloud Computing Security Considerations Cloud Computing Security Considerations Roger Halbheer, Chief Security Advisor, Public Sector, EMEA Doug Cavit, Principal Security Strategist Lead, Trustworthy Computing, USA January 2010 1 Introduction

More information

Cloud Security: An Independent Assessent

Cloud Security: An Independent Assessent Cloud Security: An Independent Assessent A Quantix White Paper Dec 2010 Call us on: 0115 983 6200 Visit us on-line at: www.quantix-uk.com E-mail us at : enquiries@quantix-uk.com Why are people concerned

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Colocation, Cloud and Managed Services

Colocation, Cloud and Managed Services Colocation, Cloud and Managed About Node4 At Node4 our growing team of passionate individuals are dedicated to delivering the most effective application of technology to optimise business performance.

More information

SaaS architecture security

SaaS architecture security Introduction i2o solutions utilise the software as a service (or SaaS) model because it enables us to provide our customers with a robust, easy to use software platform that facilitates the rapid deployment

More information

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM Las Vegas Datacenter Overview Product Overview and Data Sheet Product Data Sheet Maintaining a Software as a Service (SaaS) environment with market leading availability and security is something that Active

More information

VMware vcloud Air SOC 1 Control Matrix

VMware vcloud Air SOC 1 Control Matrix SOC 1 Control Objectives/Activities Matrix goes to great lengths to ensure the security and availability of vcloud Air services. In this effort, we have undergone a variety of industry standard audits,

More information

SOLUTIONS. Secure Infrastructure as a Service for Production Workloads

SOLUTIONS. Secure Infrastructure as a Service for Production Workloads IaaS SOLUTIONS Secure Infrastructure as a Service for Production Workloads THE CHALLENGE Now more than ever, business and government are facing the challenge of balancing conflicting demands. Market pressures

More information

Open Data Center Alliance Usage: Provider Assurance Rev. 1.1

Open Data Center Alliance Usage: Provider Assurance Rev. 1.1 sm Open Data Center Alliance Usage: Provider Assurance Rev. 1.1 Legal Notice This Open Data Center Alliance SM Usage:Provider Assurance is proprietary to the Open Data Center Alliance, Inc. NOTICE TO USERS

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Compliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.

Compliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2. ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework

More information

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Seven Things To Consider When Evaluating Privileged Account Security Solutions Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?

More information

CSC GOVCLOUD MULTI-TENANT IAAS

CSC GOVCLOUD MULTI-TENANT IAAS SERVICE DESCRIPTION CSC GOVCLOUD MULTI-TENANT IAAS Approved G-Cloud 5 Supplier PAN GOVERNMENT CLOUD PLATFORM CSC is pleased to introduce our GovCloud Service; a pan Government as-a-service Cloud platform,

More information

October 2015 Issue No: 1.1. Security Procedures Windows Server 2012 Hyper-V

October 2015 Issue No: 1.1. Security Procedures Windows Server 2012 Hyper-V October 2015 Issue No: 1.1 Security Procedures Windows Server 2012 Hyper-V Security Procedures Windows Server 2012 Hyper-V Issue No: 1.1 October 2015 This document describes the manner in which this product

More information

93% of large organisations and 76% of small businesses

93% of large organisations and 76% of small businesses innersecurity INFORMATION SECURITY Information Security Services 93% of large organisations and 76% of small businesses suffered security breaches in the last year. * Cyber attackers were the main cause.

More information