Geode Networks Ltd

Zero Trust Network Access

Akamai Enterprise Application Access (EAA) is a new approach to remote access. It provides a unique, secure, and more convenient alternative to traditional remote-access technologies such as VPNs, RDP, and proxies. EAA ensures no one can get to applications directly because applications are hidden from the Internet and public exposure.

Features

• Users kept off the corporate-network with unique cloud proxy architecture
• Centralise security & access control across on-prem, IaaS-SaaS apps
• Native multi-factor auth for enterprise apps
• Local server load balancing
• Single sign-on for all enterprise apps across on-prem, IaaS-SaaS
• Complete audit of user activity
• Dynamic Acceleration

Benefits

• Your infrastructure is invisible on the Internet.
• Reduce attack surface with no lateral movement
• Lock down firewall or security groups to all inbound traffic
• Control access rights for users to specific apps
• Leverage SSO to seamlessly access on-prem, IaaS and SaaS applications
• Visibility of users’ client information, geolocation and actions taken.
• Improve app performance through optimizations.
• Reduction of capex and opex by leveraging simple cloud service.

£2 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at msollars@geodeservices.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

170471593800872

Contact

Marc Sollars
01189 838620
msollars@geodeservices.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements: A virtual machine in the DC or cloud environment

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support coverage is 24/7. Our response times are provided according to the ticket level - P1 through P4.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Standard Support is included with all Services at no cost. Named Enhanced Support includes all of Standard Support plus an aligned technical support engineer for proactive support, faster response SLA's, live support 24/7, unlimited support request, two training courses. Technical Advisory Support services are a designated technical account manager available during business hours. ; ; We also provides pre- and post-sales technical consultation, assistance with strategic initiatives through ongoing engagement, scheduled periodic status meetings, conducting regular Engagement Reviews, with our Technical Customer Reviews.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide fully managed integration of the service which includes a knowledge transfer of the basics. We also offer full portal administration training and have formal training courses that customers can attend.; ; Self service training is also available via the management portal.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: By request, all configuration settings can be exported in XML format.
• End-of-contract process: Customer access to the service via the portal is stopped and the service ceases to perform. There are no costs associated with contract ending, unless the customer chooses to renew.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The interface permits management of users and applications on the service.
• Accessibility standards: None or don’t know
• Description of accessibility: The interface has been designed to modern web standards but no specific accessibility assessment has been made.
• Accessibility testing: None
• API: Yes
• What users can and can't do using the API: Every configuration and report can be done through an open API
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Administrators can customize which locations they can use, which security constraints they want to set, and which policies they want the users to abide by. In addition customers can tailor the look and feel of the services landing page and application dashboards to reflect their corporate identity.

Scaling

• Independence of resources: Akamai - operate over 250,000 servers globally - all of which act as part of our platform. Our DNS platform always directs requests to servers that are available and not under high load. Due to the wide scale of the platform, there is significant overcapacity to allow for peak usage.

Analytics

• Service usage metrics: Yes
• Metrics types: Category, Location, Domains, Resolved IP, Autonymous System Name, Lists, Policies, Actions, Detected By, Confidence, Machine Name

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Akamai

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: Akamai acts as a conduit between customers infrastructure and end-users and doesn’t store data that customers haven't selected to be cached. Data selected by the customer is cached to be shared between end-users that ask for the same information. As such, it is not considered as “secret"" and is not encrypted at rest.; ; Akamai's corporate and production networks are fully separated, Akamai employees don't have access to cached customer data. To access the production environment, Akamai employees must receive a grant from our proprietary access-control system. Grants are time-limited and all requests are reviewed quarterly for consistency and accuracy.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: SIEM, Reports, CSV, Syslog
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Reports
  • SIEM
  • Syslog
• Data import formats: Other

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Akamai 99.9% availability
• Approach to resilience: We operate over 250,000 servers globally in 3,750 locations within 134 countries - all of which act as part of our platform. Our DNS platform always directs requests to servers that are available and not under high load. Due to the wide scale of the platform, there is significant overcapacity to allow for peak usage.
• Outage reporting: Akamai will send notifications via the Luna Portal, Akamai Community, email and/or any other pre-established channels of communication for Service Outages that affect G10.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Administrative access to the Luna platform will restrict access to management portal
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Akamai accredited by Cisco Systems Inc
• PCI DSS accreditation date: 28/06/2017
• What the PCI DSS doesn’t cover: Customers are instructed that only products running on the Secure Content Delivery Network, and Enterprise Application Access are in-scope for PCI and that no other systems are intended or should be used for the transmission, processing, or storage of cardholder data. Nevertheless, Akamai's products and services running on the Secure Content Delivery Network, and Enterprise Application Access may be configured to be used by customers in their cardholder data environment, and may be included in the scope of customers' PCI assessments.
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • PCI DSS
  • FedRAMP
  • Service Organisation Control 2 Type II
  • HIPAA
  • ISO27002

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: PCI DSS; HIPAA; FedRAMP; SOC 2 Type II; ISO27002
• Information security policies and processes: The Akamai information security program has established procedures in security testing, software security and deployment of policy and guidance, metrics reporting, change control, incident management, physical security and event monitoring and other activities. Through cooperative efforts within Akamai, security practices are maintained via effective access control mechanisms, thorough network and software architecture design review, strict access controls, pervasive use of authentication and encryption protocols, and employee and contractor background investigations. Formal, scheduled, pro-active reviews of information security practices are conducted through internal assessments and evaluations conducted by Information Security, Engineering, Development, Operations and Executive Leadership. In addition, information security oversight and evaluation is conducted through internal and external audits as well as and post-event analysis. Operational security practices are established and appear pervasive throughout all entities managing the production network.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The Akamai change management process for software changes is chaired by the Director of Operations and the Release Manager. The process reviews all changes and potential customer impact. Any releases are signed off on by appropriate parties, which always include the SVP of Engineering and SVP of Delivery.; ; To minimize the risk of the corruption of information systems and the accidental removal of security controls a formal change control procedure must be followed when making changes to any production system.; ; Changes in the CDN are implemented in phases, to observe impact and prevent interruptions.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The vulnerability management process is set forth to ensure timely deployment of security patches and remediation of vulnerabilities to maintain confidentiality, integrity, and availability of Akamai systems and applications. The lifecycle of the vulnerability management includes tasks such as: investigate new vulnerabilities, remediate vulnerabilities, and close out the records when applicable. If the vulnerability is impacting to Akamai, the Information Security team is responsible for shepherding the vulnerability through all of the stages, ending in the closure stage. Please see this post for more information:; https://blogs.akamai.com/2016/08/vulnerability-management-at-akamai.html
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: New vulnerabilities are identified and tracked. Vulnerabilities are identified by: Receiving vendor and security researcher vulnerability announcements, Monitoring vendor reporting distribution lists and reporting forums, monitoring public reporting forums (CERT, Bugtraq, SANS, etc) These Subscriptions help identify vulnerabilities that might impact Akamai information systems and networks. Additionally, the Information Security teams analyse Akamai's software and architecture to identify potential vulnerabilities. Once a specific vulnerability is identified, it is assigned to an Information Security and a subject matter expert to remedy. Vulnerabilities that do not impact Akamai are marked as such and closed.
• Incident management type: Supplier-defined controls
• Incident management approach: Akamai operates a documented Technical Crisis and Incident Management Process, this document can be shared with customers. Akamai has designed its technical systems and human operations with many safety controls and sensors to help prevent and detect issues in our environment as they arise. If a customer-identified issue cannot be solved by Akamai Support then an incident is declared. For all severity levels, we have an Incident Manager role identified to evaluate the severity of a situation and coordinate with others working on the problem. A Service Incident Report is produced identifying failures and highlighting changes to prevent reoccurrence.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Tackling economic inequality:

  Tackling economic inequality

  Our Corporate Social Responsibility initiatives reflect our mission of opening minds to new possibilities, and create opportunities for the local and global communities within which we work.; ; In partnering with Teneo, you in turn help to support these initiatives. Our growth is spurred on by a passion to make a difference in the world – we know that the bigger we are, the more we can give back. It’s a goal that we all share as a team, and something we’ve always wanted to share more with you.; ; The real passion at Teneo is for investing in education projects that will help some of the poorest people in the world to escape a life of poverty.; ; The catalyst for this was a trip to Ethiopia by our CEO, Piers Carey, in 2011. Piers visited a school in Lalibela built by Plan International, which set off the train of thought that Teneo could make a difference in this area.; ; We typically undertake one major project per year and support that with numerous mid-sized or smaller projects.; ; Our work back at home includes supporting a number of local charities as well as sponsoring local sports teams and contributing to requests for sponsorships from colleagues, customers and partners.

Pricing

• Price: £2 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: The full version of the software for a period of 60days

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at msollars@geodeservices.com. Tell them what format you need. It will help if you say what assistive technology you use.