Managed Secure Access Server Edge
Secure access service edge (SASE) is a network architecture that combines VPN and SD-WAN capabilities with cloud-native security functions.
WhiteSpider's service gives organisations access to benefits of SASE, delivering transformational impact by turning IT departments into agile, responsive service delivery organisations.
Features
- Cisco Digital Network Architecture (DNA)
- Automated end-to-end segmentation, quality of service, and analytics
- Segmentation of applications and traffic to enhance security
- User and device policy for applications, automated across the network
- Simplifies network delivery and managment
Benefits
- Reduced cost of operations through centralised control of all devices
- Greater agility through automated deployment of services
- Visibility and Control: Detailed realtime insights into applications and traffic
- On-hand Expertise: Gain access to WhiteSpider's industry leading experts
- Secure your organisation with end-to-end segmentation
- Facilitate a consistent user experience anywhere
Pricing
£60 to £240 a device a month
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
1 8 5 1 4 1 9 1 7 5 2 5 1 7 0
Contact
Whitespider
Jonny Malcolm
Telephone: 02037732380
Email: jonny.malcolm@whitespider.com
Service scope
- Service constraints
- No known constraints
- System requirements
- None
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Priority 1: 4 working hours
Priority 2: 8 working hours
Priority 3: 2 working days
Priority 4: 3 working days - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
Customers have different support options. These include:
1. 'In Hours' support. 8*5 Weekday support which is the base level, 9am-5pm on week days (excludes Public Holidays)
2. 'Extended' support. 15*5 Weekday support, 7pm-10pm on week days. This is additional cost, priced per customer
2. 'OOH' Support. This 24*7 support, again additional cost priced per customer.
All of these will have a Support Engineer - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- We provide full on-boarding including user and administration training on all applications and services available.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- Once the contract comes to an end, all data collated will be returned in a pre-agreed format.
- End-of-contract process
-
The customer will agree a set of services for a set period of time with costs based on a number of devices. The services will be provided for the duration of the contract at the price agreed. Prior to the end of the contract we will contact the customer to discuss contract extensions. If this is not needed, the service terminates at the end of the contract and all data is returned to the customer in a pre-agreed format.
Additional costs will only be incurred for work outside of the agreed contract scope.
Using the service
- Web browser interface
- No
- API
- No
- Command line interface
- No
Scaling
- Scaling available
- No
- Independence of resources
- All hosted services are load balanced across all tiers in a multi-tenanted environment.
- Usage notifications
- No
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- HTTP request and response status
- Network
- Number of active instances
- Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- In-house
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- No
- Equipment disposal approach
- A third-party destruction service
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
- Network configuration data
- Backup controls
- Backups are automated daily, and also once changes have been made on a device. The schedule and triggers for backups can be configured as required.
- Datacentre setup
- Single datacentre with multiple copies
- Scheduling backups
- Users contact the support team to schedule backups
- Backup recovery
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- Availability will be based on the solution and service provided to the customer.
- Approach to resilience
- Resiliency is dependant on the scope of the service contract agreed.
- Outage reporting
-
Any failures or outages are reported on a dashboard.
Email alerts will be issued to users
Identity and authentication
- User authentication
-
- 2-factor authentication
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
- The service utilised standard Role Based Access Control
- Access restriction testing frequency
- At least once a year
- Management access authentication
- Username or password
- Devices users manage the service through
- Dedicated device over multiple services or networks
Audit information for users
- Access to user activity audit information
- You control when users can access audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- You control when users can access audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
-
The approach to security for the service includes:
- Defining appropriate Role Based Access controls to the system
- Continually monitoring for potential cyber threats and implementing safeguards
- Maintaining secure environment and processes for handling customer data
- Ensuring software development follows appropriate standards and testing - Information security policies and processes
-
The following processes are in place to ensure appropriate security is maintained:
Documentation and Software
- Document control: Managing storage and revision of all documentation
- Approvals: Defined approval process for all documentation and software revisions
- Code Development: Processes for managing the development and release of software code
Customer Data
- Access control: Ensure that users have appropriate access for their role to customer data
- Physical Security: Employees are appropriately checked prior to being given access. The Premises are secured, with full CCTV and visitors escorted in the premises
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
The process ensures changes are undertaken by an engineer with appropriate level of expertise and experience who understands the impact.
Change process is:
a. Change request created with all necessary details, including roll-back plans
b. Change reviewed by approval board
c. Change planned and implemented
d. Change tested, and rolled back if necessary - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
We determine potential threats through subscribing to relevant organisations to receive vulnerability alerts and information. Examples include Cisco's PSIRTs and VMWare Knowledge Base
An automated process gathers all vendor vulnerability alerts on a daily basis and compares this to the infrastructure components within the service. The results of this are:
1. Automatically posted on a dashboard
2. New critical and relevant vulnerabilities automatically generate alerts to the Customer and WhiteSpider, along with appropriate corrective actions
3. Vulnerabilities are assessed and reported on monthly basis - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- A custom developed monitoring and management solution uses a range of diagnostic and analysis tools to identify potential compromises. Device events, traffic anomalies, performance issues or security events detected will be reported on a dashboard. Once an alert is determined, either by automated analysis or manual interpretation, the customer is notified and and incident raised. respond accordingly to inform ten customer where required and or resolve/prevent the compromise. Incidents raised are classified within P1-P4 categorisation and responded to as per our defined SLAs.
- Incident management type
- Supplier-defined controls
- Incident management approach
-
Incidents are detected and reported either by WhiteSpider's monitoring service (alerts issued automatically) or by end-users who report by phone, email or web portal.
Alerts are issued to the service desk, allocated a priority and impact and passed onto the relevant support teams.
Depending on SLAs, allocated priority and complexity, the incident may be passed to 3rd line support. Escalation process are followed if the issue is not resolved as SLA thresholds are reached.
Once resolved, tickets are closed, customer informed and - if required - detailed incident reports creat-d and either emailed to customer or presented in person.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- No
Energy efficiency
- Energy-efficient datacentres
- No
Social Value
- Tackling economic inequality
-
Tackling economic inequality
WhiteSpider provides expert services in infrastructure and cloud. As with many organisations in our sector, we are experiencing high levels of demand for our services, and as such are growing our business rapidly.
To support this growth, and provide our customer with the high levels of expertise that they expect, we invest very heavily our employees to develop and train them to the requisite skill levels. As we recruit based on attitude and future potential more than technical capability, our team comes from all backgrounds and each educational level. As such each employee’s training is unique and customised to their capability and role. - Equal opportunity
-
Equal opportunity
The service that we provide helps our customers provide a more stable, resilient services to their users so getting better experience. To provide this, we have a growing team of highly skilled engineers. We are at the forefront of our field in terms of skills and capability.
Our approach to developing and growing the team is to employ staff with limited skills and experience from all backgrounds, and through training and on the job support, develop them into skilled engineers. These engineers can then access more highly paid roles with the industry should they seek to move in the future.
Pricing
- Price
- £60 to £240 a device a month
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- Users have full access to all services for a limited time period on a limited number of devices.