Thales Safenet Trusted Access
Thales STA is a cloud-based Access-Management service combining MFA, SSO, policy, management into a single service. Validating identities, enforcing policies, applying smart SSO, organisations can ensure secure access to cloud/on-prem applications from one console. Applying pre-defined application/user based policies removes complexity and frustration while increasing security and user productivity.
Features
- Multi-factor Authentication - MFA/2FA - Widest variety of Token Options
- Smart Single Sign On - SSO with context based adaptability
- Application and user access event reporting
- Application and user based policy creation - pre-defined integrations
- Self-service user provisioning portal
- Highly scalable cloud based licensing
- Certificate based authentication option - PKI
- Powerful reporting and real-time dashboards
Benefits
- Additional layer of security for all users prevents illegitimate access
- Simplifies and enhances application access without compromising security
- Improved compliance through visibility into access events
- Increase user productivity and reduce IT resource pressures
- Extend access secruity to all internal and external users
- High assurance authentication to cloud and on-prem applications
- Reduced IT fatigue with valid data and less noise
Pricing
£16.30 a user
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
1 1 2 2 5 2 9 9 9 3 8 3 3 8 7
Contact
INTEGRITY360 LIMITED
Davide Poli
Telephone: 02083721000
Email: bidreviewboard@integrity360.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Public cloud
- Private cloud
- Hybrid cloud
- Service constraints
- N/A
- System requirements
- N/A
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- 1 hour
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- SafeNet Trusted Access offers customers 5 9’s of uptime: 99.999% availability for access requests and 4 9’s of uptime: 99.99% for the SafeNet Trusted Access management console. Thales offers a Standard Support Plan (24 hours x 7 days a week) which is included in the subscription price. This warranty coverage includes options for the return or exchange of products (RMA Services) that do not perform as specified, and also provides certain access privileges to Gemalto Technical Support centers.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- We offer training and professional services
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Data is destroyed by Thales under GDPR guidelines
- End-of-contract process
- The service is terminated. Authenticators will continue to operate but there is no service for them to authenticate with
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- Linux or Unix
- MacOS
- Windows
- Windows Phone
- Other
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Authenticator on pre-windows 10 does not support push notification
- Service interface
- Yes
- User support accessibility
- None or don’t know
- Description of service interface
- Browser based administration console
- Accessibility standards
- None or don’t know
- Description of accessibility
- End-user portals are designed to meet all WCAG 2.0 level AA guidelines that apply to the type of functions provided. MobilePASS+ for Windows supports keyboard navigation, Microsoft narrator, JAWS screen reading, high contrast themes and all colour contrasts and font sizes are easily readable.
- Accessibility testing
- N/A
- API
- Yes
- What users can and can't do using the API
- It can be used for the creation of authentication agents and management tasks
- API documentation
- Yes
- API documentation formats
- Open API (also known as Swagger)
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- Whitelabeled service. Authentication token pin length and patterns can be adjusted.
Scaling
- Independence of resources
- The service offered is isolated within a multi-tier and multi-tenanted infrastructure
Analytics
- Service usage metrics
- Yes
- Metrics types
- Authentication success and failure. Token status and usage numbers.
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller (no extras)
- Organisation whose services are being resold
- Thales, Gemalto, Safenet
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
- Physical access control, complying with SSAE-16 / ISAE 3402
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Reports can be exported from the admin console
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- Tab Delimited
- HTML
- SysLog
- Windows Event Viewer
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- IPsec or TLS VPN gateway
- Other
- Other protection between networks
-
Port 443 HTTPS Agent
LDAP Sync - Dedicated TCP Port8456 - AES256 - Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Other
- Other protection within supplier network
- Use Secure Communication Protocols (HTTPS, TLS)
Availability and resilience
- Guaranteed availability
- 99.999% UK DC - 99.99% EU DC
- Approach to resilience
- Cannot release information
- Outage reporting
- Web based status page. Email, SMS, WebHook notifications and status updates. Post outage incident report
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Access restrictions in management interfaces and support channels
- Full role based administration access
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Other
- Description of management access authentication
- Full role based administration access with authentication policies
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Schellman
- ISO/IEC 27001 accreditation date
- 29/06/2020
- What the ISO/IEC 27001 doesn’t cover
- N/A
- ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- 29/08/2019
- CSA STAR certification level
- Level 1: CSA STAR Self-Assessment
- What the CSA STAR doesn’t cover
- N/A
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
- SOC2
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
- SOC2
- Information security policies and processes
- As per ISO 27001 standards
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
Configuration and Change Management Board (CAB) model, as per SOC2 standards.
Thales maintains a formally documented Change Management policy and procedure that outline how changes to Thales cloud computing environments are controlled.
All proposed changes to production environments/applications are subject to this policy. No changes may be made to production environments/applications without approval from the Change Management Approvers group.
All changes are tested and signed-off by the tester and/or applicable business owner. Evidence of testing and the requisite approvals are attached to the change request ticket. Emergency changes follow a standard change management process following an expedited timeline. - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- Thales undergoes periodic application and network penetration testing by third parties. The assessment methodology includes structured review processes based on recognized “best-in-class” practices as defined by such methodologies as the ISECOM's Open Source Security Testing Methodology Manual (OSSTMM), the Open Web Application Security Project (OWASP), Web Application Security Consortium (WASC), and ISO 27001:2013 Information Security Standard
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
A third-party service provider scans the network externally and alerts the Thales Security Team regarding changes in the baseline configuration to increase audit levels. Additional levels of network traffic monitoring are conducted on a 24x7 basis across key points within the infrastructure and automated reports are delivered on a daily basis to the network administrator.
Monitoring logs exist to track activity in the key applications and firewalls. These logs are reviewed by Thales Cloud Services Operations (CSO) security team. - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- Thales implements a formal Incident Management Process with a dedicated Incident Response Team for Cloud Services. When an incident occurs, the defined incident management process is initiated by the team. Corrective actions are implemented in accordance to the defined policies and procedures. Customers are notified following a formalized Communication Policy.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
-
- Public Services Network (PSN)
- NHS Network (N3)
- Health and Social Care Network (HSCN)
Social Value
- Fighting climate change
-
Fighting climate change
In line with its values, its purpose of "building a future we can all trust", and its social responsibility strategy, Thales has been committed to a proactive and responsible approach to environmental protection for more than 15 years. This commitment, written into the Code of Ethics, is reflected in a Group-wide policy aimed at reducing the environmental impact and risks arising from its activities and products.
Since 2019 Thales has adopted a low-carbon strategy based on reducing direct emissions, eco-responsible offerings for our customers and contributing to a better understanding of climate phenomena.
Thales works to offer its customers innovative and eco-responsible functions and services that will enable them to reduce their own greenhouse gas emissions.
Thales’s resource management policy guides its efforts to preserve water, reduce its use of raw materials, produce less waste, recycle more, become a more energy-efficient business, and shrink its carbon footprint. - Equal opportunity
-
Equal opportunity
Thales is committed to creating a respectful, equitable, stimulating work environment, where creativity is encouraged, and where valuing each person's authentic self is a prerequisite for individual well-being and collective success. Trust within teams reflects the trust customers place in Thales.
Thales is committed to:
Accelerating the recruitment of women at every level of the organisation
Promoting women to higher levels of responsibility
Increasing the representation of women on management committees
Pricing
- Price
- £16.30 a user
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- 30 day trial for up to 10 users
- Link to free trial
- Unique portal created upon request