Ampliphae

Encryption Intelligence

Allows you to manage encryption risk, address weak encryption that puts your data at risk today, and implement an effective mitigation strategy to migrate your organisation to quantum-safe encryption technologies. Post-quantum encryption discovery, planning and implementation for cloud, IoT and applications. Continuously updated realtime cryptographic inventory for the whole organisation.

Features

• Simple cloud deployment and web-based operations
• Continuous monitoring of encryption for the whole organisation
• Discovery and assessment of encryption technology
• Continuously updated encryption inventory / cryptographic inventory
• Management of sophisticated encryption policies
• Alerts and notifications for out-of-policy encryption
• Integration to security infrastructure - SIEM, SOC, Identity systems
• Quantified policy-based risk scoring for every network communication
• Reports and dashboards for encryption landscape overview
• Inventory of encryption used internally and externally

Benefits

• Manage your organisation's encryption risk profile
• Improve cyber-security by addressing weak encryption now
• Understand future quantum risk and begin to prepare
• Produce a prioritised migration plan for post-quantum encryption
• Self-service cryptographic encryption inventory reporting
• Policy-based encryption management for the organisation
• Tight integration with existing security tooling and investment
• Comply with best practices and global legislative requirements
• Educate your technical and business teams about quantum risk
• Proactive alerts ensure encryption issues are addressed promptly

£35,000 a unit

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@ampliphae.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

204354828350113

Contact

Trevor Graham
02895929186
info@ampliphae.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: The Encryption Intelligence product requires the collection of data from the organisation infrastructure into the centralised SaaS cloud platform, which is analysed for delivery of valuable insights and control. This is achieved by deployment of infrastructure probes (e.g. network resident). These probes are software packages which can be deployed locally in virtualised infrastructure. The appropriate type and number of probes is dependent on the Buyer network and will be agreed with the Buyer at the time. ; Where network probes are to be deployed, it is necessary that the Buyer has authority to connect the probe(s) in the appropriate locations.
• System requirements: Requires use of a web browser to access GUI interface

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Questions can be submitted through our website or via email, and will be responded to during Business Hours (9am-5pm UK time, Mon-Fri excluding Public Holidays). Target response time for questions is 4 hours to 3 business days depending on the priority.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: "Registered Ampliphae customers have access to our online support knowledgebase and incident handling website (Freshdesk). Incidents can be raised 24x7 via the website, and will be responded to during Business Hours (Mon-Fri 9am-5-pm UK time, excluding Public Holidays). Incidents will be prioritised, with target response and resolution times dependent upon impact and priority. There is no additional cost for this support. ; Additional support options including telephone, out of hours, and on-site assistance are available at additional cost, based on the provided SFIA rate card. ; Level 1 support is charged at "Service Management - Assist" level; Level 2 support is charged at "Service Management - Enable". Technical Account Manager can be allocated at additional cost, charged at "Client Interface - Enable" or "Client Interface - Ensure/advise" depending on duties.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: At Ampliphae we want our customers to get the most out of using our service from the beginning, and as such we provide a comprehensive set of planning and onboarding services. ; Prior to deployment our customer success team will engage with the buyer technical team to gain an understanding of the buyer's infrastructure, and with our deployment guide, help to size and scope the deployment. ; We provide a simple self-deployment process for the buyer technical team to get up and running quickly, and we have a suite of documentation to enable customers to deploy and start using the product effectively. ; If required we can provide telephone support to assist with self-install, on-site installation and deployment services at extra cost, from SFIA rate card.; Ampliphae also offers a G-Cloud Lot 3 service called Encryption Risk Advisory which includes a complete deployment of Encryption Intelligence, data collection for up to 8 weeks, and production of a detailed report and recommendations. This is an excellent on-ramp for the Encryption Intelligence product.
• Service documentation: No
• End-of-contract data extraction: All data can be extracted from the system in a number of ways, for example: export to csv file or via the API. ; Note that the data held in Encryption Intelligence is of an historical and trend nature, not live production data which would continue to be used after the contract ends.
• End-of-contract process: We will remove Buyer access to all Ampliphae applications and platforms.; Ampliphae will securely delete all customer data from the Ampliphae Cloud Platform and remotely disable all data collection probes.; The Buyer can delete local data collection probes from their virtualised infrastructure to free up that capacity.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The Encryption Intelligence service interface allows the Buyer to self-serve for key tasks such as adding or removing users, and to access the reports and dashboards detailing encryption usage and risk across the organisation.
• Accessibility standards: None or don’t know
• Description of accessibility: Not Applicable
• Accessibility testing: None
• API: Yes
• What users can and can't do using the API: The REST API provided is primarily for integration with other systems to retrieve additional data about devices and applications (such as identity, location, etc.) and to provide notifications and alerts to other systems (such as SIEM).
• API documentation: No
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: Ampliphae makes use of elastically scalable public cloud provided by Microsoft Azure, so the load placed on the Cloud platform by one tenant is independent of all others.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: All data can be extracted from the system in a number of ways, for example: export to csv file or via the API. Note that the data held in Encryption Intelligence is of an historical and trend nature, not live production data which would continue to be used after the contract ends.
• Data export formats: CSV
• Data import formats: Other

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: Optionally a quantum-safe IPsec VPN can be implemented between the buyer network and the Cloud platform, at additional cost.
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The Ampliphae application is cloud-hosted in Microsoft's Azure cloud datacentres which are engineered for 99.999% availability. The Ampliphae service will be generally available for use on a 24x7 basis, and any planned outages will be notified in advance. In the event of failure of the cloud application, up to and including loss of a complete Microsoft Azure availability zone, service will be manually restored with a target maximum restoration time of 2 working days. There are no SLA guarantees or refunds.
• Approach to resilience: The Ampliphae cloud platform is made highly available by leveraging Microsoft Azure PaaS capabilities. Microsoft Azure datacentres are engineered to very high levels of availability (details available from Microsoft on request). The Ampliphae application and data is backed up across Microsoft Azure UK datacentres and in the unlikely event of complete loss of the primary Microsoft Azure datacentre, the system can be manually restored to an alternate UK zone from geo-redundant backups.
• Outage reporting: Outages and other service-affecting events for Microsoft Azure are reported online via Microsoft's web site. Outages to the Ampliphae service are notified via email distribution list and/or via announcement on the Ampliphae website.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: Encryption Intelligence has a simple RBAC model with two roles: a full-access admin, and a read-only role which can only access dashboards and summary information.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: NQA
• ISO/IEC 27001 accreditation date: 06/03/2023
• What the ISO/IEC 27001 doesn’t cover: All of our operations are covered.; Support statement: "Development and supply of software solutions and associated professional services"
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Ampliphae has an extensive set of security policies, including Information Security, Data Protection and Physical Security. ; CEO is responsible for overall information security and has appointed an Information Security Lead. ; Ampliphae is certified to ISO 27001, audited annually by NQA.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Config & Change management is included in our information security processes, and audited to ISO27001. ; This includes robust governance processes around tracing all code changes back to an origin request and a process of change review and approval prior to release.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: As part of our ISO27001 information security processes, vulnerabilities and threats are tracked on a regular basis by out Information Security Response Team.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Protective monitoring at the infrastructure level is carried out by Microsoft Azure. ; Protective monitoring of the Ampliphae web applications and probes is carried out within the product.
• Incident management type: Supplier-defined controls
• Incident management approach: Incident management is dealt with as part of our ISO27001 ISMS, and includes reporting arrangements and pre-defined responses to incidents.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Ampliphae has a commitment to reducing our environmental impact, utilising NETpositive to create an action plan, and encouraging our employees to participate in schemes such as Cycle to Work. Our completely remote working model has significantly reduced the environmental impact from our operations in recent years, leveraging modern communications tools to reduce our travel to only essential journeys. The environmental benefits of not operating a physical office are significant and move us a long way towards our goal of net zero carbon emissions due to our operations.

  Covid-19 recovery

  During and since COVID-19, Ampliphae has supported our people to work remotely and flexibly so as to minimise the impact of necessary social distancing in the workplace, and allowing vulnerable people to choose the level of face-to-face contact that is right for them. We extend this support for remote interaction to our customers and suppliers, and will always facilitate remote interactions to reduce risk. During COVID-19 we made a commitment to our apprentice staff to retain them within the business and continue to invest in their development. ; Ampliphae introduced a number of product offerings during the COVID-19 pandemic, specifically aimed at assisting our customers to make the transition to remote working and cloud-based software safely and securely. We offered free consultancy for organisations impacted by COVID-19, to assist with migrating to a cloud-first operating model without exposing the organisation to additional risk due to data transiting outside the organisation into the cloud. Our product offerings are intended to help secure organisation data when it leaves the perimeter and travels over public networks and into the Cloud, which are essential elements of a COVID-19 strategy to support remote and flexible working.

  Tackling economic inequality

  Ampliphae is a micro business established in Northern Ireland (NI), and as such is helping to advance government strategy to encourage economic growth in less-favoured regions. Ampliphae is operating in the Cyber-Security sector, which has been identified by the UK government as a regional focus for Northern Ireland, with a strategy to encourage the growth of a cyber cluster in NI. This is in line with the place-based strategy of UKRI and Innovate UK, who have contributed significantly to the development of Ampliphae's technology through grant support. Ampliphae is addressing the telecoms and networking sector, in line with the UK government Telecommunications Diversification Strategy, which aims to encourage diversity in the supply chain of the UK telecoms sector, especially from UK SMEs. Ampliphae has had a successful strategy for some years of bringing people from non-traditional educational routes into the business and thus enhancing economic participation in high-value job roles - the Higher Level Apprenticeship scheme has been particularly successful for us, and we have brought a number of people into the organisation through that program.

  Equal opportunity

  Ampliphae is committed to equal opportunities for all our people. We have been a signatory of the Tech Talent Charter since 2018, monitoring the diversity of our workforce. ; Ampliphae has had a successful strategy of bringing people from non-traditional educational routes into the business and thus enhancing economic participation in high-value job roles - for example via the Higher Level Apprenticeship scheme.; Ampliphae has a female founder and female Board representation.

  Wellbeing

  Ampliphae supports flexible working arrangements for our staff at all levels, offering a great deal of practical flexibility in terms of working hours, locations and time off for family responsibilities. We support schemes such as the Cycle to Work initiative which helps with employee wellbeing. Employees are encouraged to take care of their own physical and mental wellbeing with downtime and out-of-work activities. We have an open culture where people are enabled to raise issues affecting their wellbeing, which will always be taken seriously and dealt with promptly.

Pricing

• Price: £35,000 a unit
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@ampliphae.com. Tell them what format you need. It will help if you say what assistive technology you use.