Thales Service Definition for IL3 Encrypted Overlay for Cloud Services



Similar documents
Thales Service Definition for NOC Services for Cloud

Get Better Protected... Secure data sharing made possible with Updata s Encryption Overlay Service.

Thales Service Definition for PSN Secure Gateway Service for Cloud Services

GOVERNMENT HOSTING. Cloud Service Security Principles Memset Statement.

Remote Access Service (RAS)

Hosted Desktop as a Service

Connecting to the Cloud. Lot 4 - Specialist Cloud Services. Version: 3.0, Issue Date: 01/12/2014. Classification: Open

Networks that Support Modern Policing

Service Definition Document

A. Reference information. A0. G-Cloud Programme unique ID number for the service and version number of this scoping template

Primary Storage in the Cloud. Lot 1 - Infrastructure as a Service. Version: 5.0, Issue Date: 07/12/2014. Classification: Open

e2e Secure Cloud Connect Service - Service Definition Document

1 Introduction to Skype For Business Service Definition Functionality & Features Administration Access Methods...

How To Secure Cloud Compute At Eduserv

Assurance in the Cloud: Outsourcing Risk in a Shifting Landscape

easy to adopt, easy to use, easy to leave service description API accessible Cloud Storage IaaS version 5.1

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 2.1, Issue Date: 05/02/201405/02/2014. Classification: Open

Network Services Internet VPN

Service description RFL Virtual Data Centre

How to gain accreditation for a G-Cloud Service

DIGITAL MARKETPLACE (G-CLOUD 7) OFFERING. Sopra Steria OneMobile SaaS Service. Introduction. Service Definition. Sopra Steria in the public sector

L O C K H E E D M AR T I N API accessible Cloud Storage. Infrastructure as a Service. Commercial-in-Confidence

GPG13 Protective Monitoring. Service Definition

Vodafone Total Managed Mobility

SCC Information Assurance Practice, CLAS Consulting, Check Testing and Accreditation Services

PSN Protective Monitoring. Service Definition

Dedicated Compute Cloud. Lot 1 - Infrastructure as a Service. Version: 1.0, Issue Date: 09/12/2014. Classification: Open

Converged Private Networks. Supporting voice and business-critical applications across multiple sites

Virtual Desktop Infrastructure Platform as a Service

Growth Through Excellence

Big Data Analytics Service Definition G-Cloud 7

Cloud Enablement. Lot 4 - Specialist Cloud Services. Version: 2.0, Issue Date: 05/02/2014. Classification: Open

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 1.0, Issue Date: 05/02/201405/02/2014. Classification: Open

white paper CLOUD SERVICES AND THE GOVERNMENT SECURITY CLASSIFICATIONS POLICY

service description Document Management in the Cloud Software as a Service

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

Desktop Services (Production) Lot 2 - Platform as a Service. Version: 2.0, Issue Date: 05/02/2014. Classification: Open

An Introduction to SIP

Specialist Cloud Services. Acumin Cloud Security Resourcing

IT Enterprise Services

G-Cloud Service Definition. Atos Oracle Cloud ERP Implementation Services

SQL Server Database as a Service (DBaaS)

G-Cloud 7 Service Definition. Atos Oracle Cloud ERP Implementation Services

G-Cloud Service Definition. Atos Infrastructure as a Service (IL3) for Cloud IaaS

OFFICIAL SECURITY CHARACTERISTIC MOBILE DEVICE MANAGEMENT

G Cloud III Framework Lot 4 (SCS) Project Management

Accessing and sending data securely across security domains

Web Conferencing and Collaboration as a Service

ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION.

Prepared by: CACI Digital Services Date issued: March CACI Managed Cloud Hosting Overview

The Information Security Specialists

The trusted technology partner in the Public Sector

service description , SharePoint and File Archive in the Cloud Software as a Service

MDM & ENTERPRISE MOBILITY SERVICE DESCRIPTION G-CLOUD 7 OCTOBER 3, 2015

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things

IBM G-Cloud Microsoft Windows Active Directory as a Service

The rise of the hybrid network model

Intelligent WAN 2.0 principles. Pero Gvozdenica, Systems Engineer, Vedran Hafner, Systems Engineer,

Service Definition Nine23 MDM

Choosing Ascentor as your cyber security partner. Secure your information Strengthen your business

E-commerce Home Office Small Business Network Solution

Secure LAMP Application Server Service

National Approach to Information Assurance

Group Member Access LCH.Clearnet Ltd Network Connectivity Guide (BT Radianz)

Cisco Satellite Services Platform Delivering Managed Services over Satellite

IT Services. We re the IT in OrganIsaTion. Large Organisations

Lot 1 Service Specification MANAGED SECURITY SERVICES

HughesNet Broadband VPN End-to-End Security Using the Cisco 87x

Product Factsheet MANAGED SECURITY SERVICES - FIREWALLS - FACT SHEET

How To Help Your Business Succeed

Assured Public Cloud Foundry. Lot 2 - Platform as a Service. Version: 1.0, Issue Date: 05/02/2014. Classification: Open

PROTECTIVE MONITORING SERVICE G-CLOUD SERVICE DEFINITION

Managed Services. 24x7 UK Based Service Operations Centre

Managed Backup. Lot 4 - Specialist Cloud Services. Version: 3.0, Issue Date: 05/02/2014. Classification: Open

Xerox Print Monitoring Service (XPMS)

Converged Private Networks. Supporting voice and business-critical applications across multiple sites

Auxilion Service Desk as a Service. Service Desk as a Service. Date January Commercial in Confidence Auxilion 2015 Page 1

Arqiva G-Cloud 6 - Service Definition. G-Cloud Arqiva Systems and Network Monitoring Service

and Collaboration as a Service. Lot 3 - Software as a Service. Version: 2.0, Issue Date: 05/02/2014. Classification: Open

Cloud Storage. Lot 1 - Infrastructure as a Service. Version: 3.0, Issue Date: 03/12/2014. Classification: Open

Sungard Availability Services (UK) Service Description. for. Managed Cloud Services for UK Government Infrastructure-as-a-Service

USER EXPERIENCE MONITORING Service Definition

Video Conferencing as a Service (VCaaS)

The Public Services Network (PSN) Delivering together

IT Enterprise Services

Managed Security Services SECURING YOUR BUSINESS

Supporting voice and business-critical applications across multiple sites

e2e Managed Customer Private Cloud Infrastructure Service Definition Document

D-G4-L4-126 Police contact management and demand reduction review Deloitte LLP Service for G-Cloud IV

Onsight IntelliDefense SECURING YOUR BUSINESS

Committees Date: Subject: Public Report of: For Information Summary

Secure Remote Backup (IL3) G-Cloud Lot3 IaaS

Enterprise Broadband Customer Service Description

Cloud Enablement. Lot 4 - Specialist Cloud Services. Version: 3.0, Issue Date: 05/02/2014. Classification: Open

Protecting Your Enterprise Networks: A Comprehensive Approach for End-to-End Security

SERVICE DEFINITION G-CLOUD 7 SECURE FILE TRANSFER DIODE. Classification: Open

ENVIRONMENTAL POLICY. The Forest of Marston Vale are rejuvenating the local area that has been scarred by decades of clay extraction and brick making.

Government Security Classifications FAQ Sheet 2: Managing Information Risk at OFFICIAL. v2.0 March 2014

Security Consultants / Security Managed Services

Expert. Trusted. Effective. IT managed services tailored to you. From Modern Networks.

Transcription:

Thales Service Definition for UK IL3 Encrypted Overlay Thales Service Definition for IL3 Encrypted Overlay for Cloud Services April 2014 Page 1 of 11

Thales Service Definition for UK IL3 Encrypted Overlay CONTENT Page No. Introduction... 3 Overview of Service... 3 The IL3 Encrypted Overlay Service Offering... 3 Value Statement... 5 Why Thales?... 5 Case Studies... 7 Key Features... 8 Encryption standard... 8 Scalability... 8 Additional Service Offerings... 8 Impact Levels:... 8 Certifications & Standards:... 9 Service Management... 9 Service Levels... 9 Availability... 10 Service Termination... 10 Responsibilities... 10 Contact Details... 10 Page 2 of 11

Thales Service Definition for UK IL3 Encrypted Overlay Introduction Overview of Service The IL3 Encrypted Overlay Service Offering Thales UK: The secure solution to provide assurance aligned to the new Government Classification Policy The IL3 encrypted overlay provides secure channels for communicating in the cloud, which is vital for maintaining the confidentiality of your corporate, customer or personal data. Deploying Thales Premises Equipment (CPE) certified to Commercial Product Assurance (CPA Foundation Level), at your chosen locations will assist you in building your own private and secure cloud. Thales works with its customers to define, design and deploy IL3 encrypted communication channels. The service offering is suitable for IL3-3-4 Pan Government Accreditor (PGA) accreditation, for use on the Public Services (PSN) or to provide secure communications between customer sites. In line with the new Government Classification Policy (GCP), the service will be protected to handle data labels up to OFFICIAL-SENSITIVE. Therefore the encrypted overlay is appropriate for all OFFICIAL information. The Thales IL3 Service, further depicted in Figure 1, provides cryptographic overlays intended to support the exchange of information between networks at IL3-3-4. The service is intended as a PSN service. Products that have been evaluated under the CESG Commercial Product Assurance (CPA) scheme have been used to create the service, which will be configured and managed in accordance with the commensurate CESG Security Procedures. Page 3 of 11

Thales Service Definition for UK IL3 Encrypted Overlay Thales PSNSP(IL3) SOC Thales PSNSP(IL2) Management Platform Thales IL2 NOC Management IL3 PSN Z Thales IL3 SOC Threat Mitigation & Analysis IL2 Thales DNSP Thales PSN SubCA for IL3 Encryption Domain HUB Thales IL3 NOC Management IL3 PSN Services Thales SubCA for IL3 Inter-Provider Encryption Domain Gateways Peers with other IL3 service providers over the GCN G N C Thales PSNSP(IL3) Management Platform Thales PSNSP(PKI) Platform IL3 PSN Z Z PSN DNSP Z IL3 IL3 Z IL3 Key IL2 C2 IL2 PSN (DNSP) G2 IL2 Management M2 Z IL3 Encryption Endpoint (CPA Foundation) IL2 NTE IL3 C3 IL3 PSN G3 IL3 Management M3 IL3 PSN Transit IL3 PSN Transit VPN IL3 Management VPN Private IL3 VPN Figure 1 - Solution Overview The Thales IL3 service is based on the use of Cisco ISR, Cisco ASR and Juniper SRX security devices which have been evaluated and approved under the CPA Foundation scheme and implement the PSN INTERIM IPSEC profile. It is anticipated that migration to the CESG PRIME IPSEC profile will be implemented within this product set in the future, at which point the service will be extended to use PRIME. A Cisco ISR/ASR or Juniper SRX device is deployed to each customer site as a CPE ( Premises Endpoint). This device will establish one or more IPSEC tunnels in order to provide the service. A hub and spoke model is used to implement the service with each CPE (spoke) establishing a tunnel to a central Encryption Domain Hub device. For resilience and load balancing purposes there are two hubs, and each CPE will establish a connection to both. These Encryption Domain hubs are physically connected to Thales Inter-Provider Encryption Domain (IPED) devices. Thales operates a pair of IPED devices, which are associated with Page 4 of 11

Thales Service Definition for UK IL3 Encrypted Overlay both PSN GCN connections ensuring that there are no single failure points in the service, which offers IL4 for availability. However, providing IL4 availability to each site requires the customer to specify high-availability CPE provision. Management of the endpoint CPE devices is performed using a dedicated IPSEC VPN network. The management platforms are configured to work in a High Availability pair from geographically separate locations with diverse connectivity to the network. The management system operates in a hot standby mode of operation. Events originating from all CPE devices, as well as the management systems, can be aggregated and processed by the Thales UK Cyber Security Operations Centre (CSOC) which provides a protective monitoring capability. The Thales UK CSOC capability is an additional service, with further details available upon request. Note that an integral part of the encryption overlay is the use of X.509 certificates (for IPsec end-point authentication) and these are supplied and controlled by Thales PSN accredited PKI (Public Key Infrastructure) service; all RSA key-pairs associated with the X.509 certificates are created by the CPE devices. The management processes including all actions required to manage the certificate (and key) lifecycle are compliant with the PSN Certificate Policy. The IL3 encrypted overlay service includes the provision of trusted certificates for each CPE device. Please use the contact details provided below to learn more about the Thales Certificate Authority solution, or alternatively see the Thales PKI consultancy service that is listed via the G-Cloud CloudStore. Value Statement This Thales UK cloud service offering provides secure network communication channels that have previously been awarded PGA accreditation for IL3-3-4 PSN networks. The overlay can provide G-Cloud customers secure communication channels to build or expand their own private and secure cloud. The overlay is appropriate for the secure transmission of data labelled up to OFFICIAL-SENSITIVE. Alternatively, the solution can be integrated with Thales s existing PSN DNSP offering. Although not listed on the CloudStore, the Thales DNSP enables connectivity to the GCN for G-Cloud customers or G-Cloud Service Providers who meet PSN connectivity compliance standards. The solution maintains high levels of Confidentiality, Integrity and Availability to help protect data in transit. Both solutions can also be subject to further assurance and protection through the application of the available Thales UK NOC (CloudStore listed) and CSOC monitoring services (not CloudStore listed). Why Thales? In 2010, Thales aligned its National Security and Resilience (NS&R) business line to the Government Sector offerings into the Public and Critical National Infrastructure (CNI) markets. Our Credibility We currently provide secure end-to- end networks to the UK Government and advise on a number of security related matters. Our Capability - We are at the forefront of PSN development, our skills and expertise in WAN, LAN and secure services are already providing the market with secure WAN connectivity services to PSN operational standards Page 5 of 11

Thales Service Definition for UK IL3 Encrypted Overlay Our Flexibility - We understand that flexibility is key to delivering a transition path to PSN networks and services. Thales has a proven track record in seamlessly transitioning Local Authority Wide Area s to modern MPLS solutions defined under the PSN frameworks. Thales was the first organisation on the PSN framework to deploy an IL3 PSN WAN. Our Service Portfolio - We have invested heavily in developing our PSN network and services portfolio with the flexibility to provide bespoke services to meet customer requirements. In addition to NOC and PSN offerings, Thales UK offers a variety of G-Cloud services which include: Secure web and mail gateway solutions Secure inter domain gateway solutions IL3 Encrypted Overlays Information Assurance Cyber Incident Response Cyber Laboratories Vulnerability Assessment and Penetration Testing Project Management, Programme Management and Governance Public Key Infrastructure for Cloud Services Our Security services We are able to provide services from IL0 through to IL6. Our track record in providing secured end-to-end services spanning the full breadth of UK security Impact Level enables us to deliver our customer with a cost efficient service. Thales secure network solutions enable Impact Levels IL0 IL4 to be delivered and managed across a common infrastructure, enabling our customers to achieve whole life cost savings. Our Business Transformation - Our Services are deployed in a large number of Government organisations including but not exclusively; Sheffield Schools, Insolvency Service, Highways Agency, Driving Standards Agency and National Health Service. Over the past few years Thales has been executing a programme of self-funded investment ( 10m+) in the development of capability and service facilities to support the Public Sector and CNI capabilities. Those investments included the: Deployment of the latest generation Cyber Security Operations Centre Building a Secure Data Centre hosting environment (up to IL5) Thales offers customers the benefits of: Dynamic ways of working underpinned by Tier one status and financial stability Systems integrator style network tail provision to provide local and cost effective points of presence Reassurance of ISO 27001 and IL3 accreditation Established List X status A team of network specialists with extensive experience of working seamlessly with managed service providers / system integrators Page 6 of 11

Thales Service Definition for UK IL3 Encrypted Overlay A pedigree of designing, building and operating secure network and communications infrastructures Quality services measured against performance metrics Conformance to industry standards and processes Ownership and accountability for seamless network connectivity provision Ethical and cultural code compatibility Thales is certified to ISO 27001 standards ensuring the provision and operation of Secure Services. Thales has within its own workforce the core component competencies and skills to provide a managed service. Case Studies Proven capability in delivering secure systems and network connectivity: Thales as a trusted Telecommunications Service Provider operates and supports the South Yorkshire Digital Region network on behalf of its customer Digital Region. The network has over 10,000 LAN connections with over 15,000 users across public and private sectors. David Cowell, COO, DRL says: The South Yorkshire Digital Region is a Next Generation broadband network infrastructure that reaches 40,000 businesses, 540,000 homes and 1.3 million people around Sheffield, Rotherham, Barnsley and Doncaster. Thales was selected in 2009 as the Prime Contractor to design, build, and manage the network. Thales has shown itself to be an effective and competent Prime contractor throughout the build phase effectively managing subcontractors to deliver the network on time and to budget. Now that the network is live and in the operate phase, Thales has shown itself to be flexible and open to new initiatives and ideas. I am happy to recommend them to future potential customers. Thales is experienced in working collaboratively with other members of a customer s supply chain to deliver end-to-end capability. Thales has gained PSN IL3 PGA accreditation and has been instrumental in the design and sign-off of PSN IL3 Gateway services. Page 7 of 11

Thales Service Definition for UK IL3 Encrypted Overlay Key Features Encryption standard PSN Encryption Products Assurance Services (PEPAS) evaluated products form this scalable service offering The solution devices are configured and managed in accordance with CESG Security Procedures PSN Interim IPsec profile is applied with anticipated migration to the CESG PRIME IPSEC profile The endpoint devices are managed using dedicated IPsec VPN network connections The solution is compatible with the Thales UK Certificate Authority service Scalability The service offering can provision IL3-3-4 Premises Equipment at: ADSL connections ranging from 8 Mbps 24 Mbps Fixed connections ranging from 2 Mbps 10000 Mbps Installation and deployment is conducted by experienced Thales security cleared network engineers. The type of connection required, bandwidth and preferred model of CPE, will impact the overall service price. Please see the Pricing Schedule for further details. Additional Service Offerings Thales can offer a range of additional secure network services that include: G-Cloud NOC ( Operations Centre) services G-Cloud Secure Gateway services PSN DNSP connectivity (Enables PSN connectivity for G-Cloud customers or Service Providers who meet PSN connectivity compliance standards) ITIL based Service Management, including Change Management, Service Delivery and a 24x7x365 Service Desk (Not yet listed on G-Cloud) For further information about any of our services and capabilities please see the contact section below. Impact Levels: The IL3 encryption overlay, managed by Thales' own accredited PKI, has the ability to protect and assure data transfer up to OFFICIAL-SENSITIVE. Page 8 of 11

Thales Service Definition for UK IL3 Encrypted Overlay Thales is one of the 3 Inter Provider Encryption Domain (IPED) suppliers, as such, can offer connectivity across the PSN to other IPED suppliers - thus expanding the assured connectivity boundary. Thales currently operates services that are operational and have successfully been awarded Pan Government Accreditation to Business Impact Level IL3-3-4 for the PSN Framework. Certifications & Standards: Thales maintains a number of recognized certifications and standards in support of this service offering. These include List X status, PSN PGA Accreditation and certification to ISO 27001 in the form of CAS(T) (CESG Assured Service Telecommunications). Thales staff hold BPSS (Baseline Personnel Security Standard) and NSV (National Security Vetting) SC Security Clearances. Information Assurance consultants from the Thales Cyber Security Portfolio (CSP) work with the business to maintain and continually improve security standards and practices. (Thales offer a number of Cyber Security and Information Assurance services via the CloudStore) The IL3 encrypted overlay service is also compatible with Thales s PSN DNSP solution for GCN connectivity, as well as for connectivity to the Thales Cyber Security Operations Centre for a robust protective monitoring solution. (Neither service is listed on the CloudStore.) Service Management Thales can also offer an additional Service Management function for the IL3 encrypted overlay, which is not listed on the CloudStore. This additional offering incorporates ITIL V3 best practice to oversee the control, reporting and governance of I.T services. This service wrap can incorporate Incident Management, Event Management, Request Fulfillment, Access Management, Change and Problem Management, 24x7x365 Service Desk and up to 3 rd line technical support. Service Levels To monitor and protect network communications, Thales has established NOC and CSOC services. These are additional to the encrypted overlay service, but operate to reduce the risk of service disruption or compromise. The Thales NOC service is listed on the CloudStore, the NOC conducts analysis of network events to enable rapid fault detection and resolution (including performing corrective action remotely where possible). The CSOC service involves analysis of security events or reports of anomalous network activity to enable evasive action to be taken at an early stage to potential security threats. The data that can be passed to the NOC and CSOC can be analysed to uncover any trends which have an effect on network performance and to assess the impact of any changes. The output of their analysis will be proposals for potential improvements to services. These proposals can then be supported by our Change Management service. Page 9 of 11

Thales Service Definition for UK IL3 Encrypted Overlay Availability Thales understands how critical service availability can be. Availability is measured by Thales using Service Management tools and techniques that monitor network core/aggregation/access ports and edge devices for service failure, faults and unavailable seconds of service downtime. Thales measures availability daily, however monthly overall network availability is aggregated and this is provided monthly to existing Thales customers. Service Termination Please refer to the G-Cloud Framework Terms and Conditions. Responsibilities s will need to provide: Suitably qualified staff with knowledge of the customer security policies to work with the Thales deployment team, enabling the systems to be correctly configured by Thales Access to relevant sites to enable CPE installation Incident escalation contact details Contact Details To discuss or speak to Thales about our IL3 Encrypted Overlay service we would be delighted to hear from you. We can be contacted on: thalesg cloud5@uk.thalesgroup.com Page 10 of 11

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information