Cloudhouse Limited

Cloudhouse Guardian - Subscription Licensing

Guardian is a vendor agnostic SaaS monitoring tool, providing a single source of truth across security, configuration drift risk and changes for public, hybrid and on premise IT assets. Driving consistent reliable compliant systems at scale.

Features

• Detect Misconfiguration across devices and digital assets
• Manage configuration state and monitor configuration drift
• Define and monitor organisation custom policies against digital assets
• Benchmark assets against the Centre for Internet Security Standards
• Assure Compliance against organisation policies, standards
• Process Auditing of operations and actions against digital assets
• Change Management Auto Reconciliation

Benefits

• Detect misconfigurations against policies and standards
• Detect misconfigurations against policies and standards
• Provide Compliance and hardening reports against digital assets
• Audit change management process across digital assets
• Automatically generate incident tickets against configuration and policy failures

£213 to £250 a licence

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at alex.turner@cloudhouse.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

135684144302118

Contact

Alex Turner
+44 (0)7801 323 540
alex.turner@cloudhouse.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Guardian integrates with Service Now creating incidents and on resolution auto reconciling changes against tickets.; Guardian integrates and can create tickets in Jira.; Supports Slack for notifications.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: None
• System requirements:
  • SaaS Appliance runs on GCP, Azure, AWS or on Premise
  • Local connection manager VM machine required within client network
  • Monitored Digital assets require connection to local connection manager

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Same day
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support & Maintenance of the product is provided as part of the SaaS licence. SLA's Sev 1 Response 1 hour, Resolution 3 days, Sev 2, Response 1 day, Resolution 10 days, Sev 3, Response 3 days, Resolution 1 month, Sev 4, Response 5 days, Resolution 3 months. We will provide a named account manager and a named support contact.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We would run a deployment engagement to support the user onboarding and deploying the product. Thereafter we would provide training, support and account management for the customer.; There is an on-line documentation system: https://help.cloudhouse.com
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: At the end of contract the customers appliance instance and it's associated services will be securely deleted. The customer can request a data export if required. We will confirm that this process has been completed and issue a deletion certificate.
• End-of-contract process: At the end of the contract we will remove the Clients Instance. We hold the data for 30 days before deletion. Guardian is priced on a per node basis, where a node is a digital asset. Nodes are licensed on an annual subscription basis. The node licence cost include support & maintenance of the Guardian application. There is an additional Professional Services charge for the kick start project (circa 10 days). This and additional consultancy is charged at a standard day rate.

Using the service

• Web browser interface: Yes
• Supported browsers: Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Web based GUI; ; See the following documentation; https://help.cloudhouse.com
• Accessibility standards: None or don’t know
• Description of accessibility: Standard Web browser interface
• Accessibility testing: None
• API: Yes
• What users can and can't do using the API: Please see details of the API here https://help.cloudhouse.com/upguard/using-the-api.html; ; All GUI functionality is available via the API
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: It is expected that the services will be configured against the clients digital assets. Assets will be Grouped and Reported as per the client's operational and organisations requirement. Client specific Policies will be created and applied across the digital estate as required by the Enterprise and its operations, security and compliance policies and procedures. We can change the customer Logo and Logon Message

Scaling

• Independence of resources: The SaaS appliance is a horizontally scalable Kubernetes Cluster and every customer has their own database instance.

Analytics

• Service usage metrics: Yes
• Metrics types: Node Licence usage is monitored and report as required to customer to ensure compliance with the Subscription agreement.
• Reporting types:
  • API access
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Guardian supports integration and extraction of data into other products and services, via it's API, and REST Endpoint Integration model, for example to Slack, Email, Jira, Service Now.
• Data export formats:
  • CSV
  • Other
• Other data export formats: JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Import from Active Directory
  • CMDB's
  • Import from ServiceNow, Azure, AWS, GCP

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Primary availability is derived from the availability of GCP.; ; Cloudhouse shall use commercially reasonable endeavours to make the Hosting Services available to Customer as described in the Subscription Services, on a “as is” and “as available” basis without any representations, warranties, or covenants of any kind whatsoever on behalf of Cloudhouse, as provided by the Third Party Provider and subject to the Third Party Terms.
• Approach to resilience: This information is available on request.
• Outage reporting: Via email or support integration service if this has been defined and implemented for the customer, e.g. Slack

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Guardian has a role based access hierarchy.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: EY CertifyPoint
• ISO/IEC 27001 accreditation date: May 3 2021
• What the ISO/IEC 27001 doesn’t cover: This certificate covers the hosting of the SaaS Guardian Appliance.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Security Governance is owned and managed by the Chief Technology Officer reporting to the CEO. We are ISO9001 accredited and Section 8.9 of this Standard Data Privacy and Security forms our Governance Framework in our Quality Management System.
• Information security policies and processes: Our ISP covers: Organisational Security, Functional Responsibilities, Separation of Duties, Information Risk Management, Information Classification and Handling, IT Asset Management, Personnel Security, Cyber Incident Management, Physical and Environmental Security, Account Management and Access Control, Systems Security, Collaborative Computing Devices, Vulnerability Management, Operational Security.; ; The Security Team reports to the Head of Engineering, who reports to the CTO.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Changes to components are managed through our development and release process. Artefacts are promoted through an automated build chain, including security scanning and analysis.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We use MS 365 defender and Google security posture to analyse IT systems for vulnerabilities. Our patch SLA's: Critical Severity 3 days, High Severity 2 weeks.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Microsoft Defender EndPoint and other event sources aggregated to a Sentinal SIEM with a 24x7 managed detection and response service.
• Incident management type: Supplier-defined controls
• Incident management approach: We have a fully defined incident management process.; User report incidents via email, slack, phone or web portal. ; Reports are provided via email.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Covid-19 recovery

  Covid-19 recovery; ; In response to Covid-19 we created a fully remote working model for the Company. To do this we significantly increased investment in supporting our workforce. This includes:; ; purchase of specialist equipment and technologies for supporting home working, desks, chairs, monitors, headsets, etc.; Provided local managed offices (aka Regis) for staff who were unable to work at home or preferred a local office service; Fully flexible day working model for all staff, not tied to standard operating hours; Absence categories for supporting family and friends which do not materially impact an employee; Daily in lockdown, now twice weekly employee ‘Huddles’ bringing all staff together to foster a paternal and collaborative culture.; Currently we fully support a hybrid working model, with circa 2 days per week return to the office; Continuing to monitor the overall pandemic situation across the workforce; ; We have significantly improved our workplace environment during the pandemic, moving to a new facility with better air-flow and a more standardised facilities.; ; All staff have access to our Employee Assistance Program - offering confidential advice across a broad range of subjects.

  Tackling economic inequality

  Tackling economic inequality; ; As a small business we are employing two apprentices to establish a model for training and developing careers against our skills base. Firstly, in software development and secondly in Data/Business intelligence.; ; This permits us to provide employment and train staff in areas where we can foresee a skills and competency shortage whilst providing educational attainment for our staff.; ; Our apprentices are fully integrated into the Company and work within their specialist teams on both their own projects and company directed tasks. They have direct mentoring from their colleagues, which operates within our hybrid working model.

  Equal opportunity

  Equal opportunity; ; We have created a diversity and inclusivity program for all staff across the Company.; ; The objectives of this are to demonstrate that Cloudhouse supports the diversity and inclusion of everyone in the workplace, in everything we do, for the benefit of:; ; •Workplace satisfaction and engagement; •Workplace performance; •Candidate attraction; •Client attraction; ; For all staff this includes unconscious bias training for personal awareness and development.; ; We promote and support diversity in the workplace, valuing everyone in the organisation as an individual. We realise that to reap the benefits of a diverse workforce it’s vital to have an inclusive environment where everyone feels able to participate and achieve their potential. Our inclusion and diversity commitments go beyond legal compliance and seek to add value by driving towards a Company environment where everyone is empowered to thrive. Our considerations of the diversity and inclusivity in our workplace start with the recruitment process and continue throughout all aspects of daily work, wellbeing and engagement

  Wellbeing

  Work/life balance; ; We have a number of employee policies designed to allow the employee to find their work-life balance and different types of leave and enhanced leave employees can take advantage of. These are:; ; • Hybrid Working Policy; This policy allows our employees to work from home for the majority of the workweek if they choose to. We provide all the IT equipment and software to allow employees to do this and we will also contribute to home-office set-up if requested.; Employees can also work from our office as much as they choose, so that they may have face-to-face time with colleagues and managers. The office is well equipped for hotdesking, meeting space and stocks free snacks.; ; • Enhanced Family Leave; Employees taking maternity, adoption or shared parental leave will receive 3 months of full pay and three months of half-pay during their 12 months of leave. Employees taking paternity leave may take 2 months of leave with full pay.; ; • Annual Leave; We provide employees with 23 days of holiday (plus bank holidays) upon joining the company and increase this annually to a maximum of 28 days of holiday (plus bank holidays). All employees can also take a paid day off work on their birthday (or day as close as possible to their birthday). ; ; When more support is needed; ; Cloudhouse takes the ongoing support of its employees very seriously and offers a variety of means for employees to communicate with their managers, be supported and seek further help.; • 1:1s and Career Conversations ; • Employee Assistance Programme (EAP); • Private Healthcare ; • Occupational Health

Pricing

• Price: £213 to £250 a licence
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Time limited 10 user trial licence

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at alex.turner@cloudhouse.com. Tell them what format you need. It will help if you say what assistive technology you use.