CONTROL PLANE LIMITED

Penetration Testing

Our Penetration Testing Service provides insight into the security posture of cloud native environments, showcasing expertise with cloud (AWS EKS, GCP GKE, Azure AKS), self-managed (OpenShift, Rancher) and on-premise Kubernetes deployments, and CI/CD pipelines. We evaluate configurations for vulnerabilities, assess systems against key threats and deliver practical remediation actions.

Features

• Kubernetes and container security assessment
• Cluster host, network and storage testing against key threats
• Continuous Integration and Continuous Deployment (CI/CD) security testing
• Source code repository security posture verification
• Reachablility testing for known vulnerabilities
• Test cluster-adjacent cloud resources for security misconfiguration
• Zero trust and Service Mesh Assessment and validation
• Detailed, pragmatic and prioritised recommendations for your engineers
• Comprehensive report encompassing executive summary, testing and recommendations
• Red, Blue, and Purple team engagements in cloud native ecosystems

Benefits

• GitHub, GitLab, Jenkins, Tekton Pipelines, Artifactory, ArgoCD and Flux expertise
• Adversary Simulation based on real-world threat intelligence and research
• Detection of security issues in Cloud infrastructure
• Validation of deployment procedures and controls
• Safeguarding modern, containerized, and serverless applications within cloud environments
• Reduce the likelihood of system exploitation by adversaries
• Increased visibility of attack surface and effectiveness of security controls
• Containerised workload (EKS, AKS, GKE) and CNCF landscape project expertise
• CIS benchmark authors operating at intersection of compliance and engineering
• AWS, GCP, Azure certified consultants with regulated industry experience (CNI)

£750 to £2,700 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at solutions@control-plane.io. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

204884495589410

Contact

Technical Solutions
+447570989398
solutions@control-plane.io

Planning

• Planning service: No

Training

• Training service provided: Yes
• How the training service works: Knowledge transfer through embedding within existing teams, running regular project demos, info sessions and detailed documentation can be complimented by our portfolio of classroom based interactive training courses covering, GRC with cloud native, threat modelling, devsecops, Kubernetes, secure containerised application development, and Kubernetes Capture the Flag events, available on a per-delegate, per course basis. ; ; For customised courses an additional charge for material uplift may apply, based upon the T&M rates for the consultant performing the uplift.
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: No

Quality assurance and performance testing

• Quality assurance and performance testing service: No

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
• Certified security testers: Yes
• Security testing certifications:
  • Cyber Scheme
  • Other
• Other security testing certifications: Offensive Security Certified Professional (OSCP)

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: Normal service hours are from 09:00 to 17:00 UK time on weekdays, excluding bank holidays. Work outside these hours requires prior agreement and may incur additional charges according to the SFIA rate card. All travel and subsistence costs to the client site will be chargeable based on the agreed Terms & Conditions.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: For the duration of the project, ControlPlane staff will be available to answer email queries, usually within one business day.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: We provide dedicated staff for each engagement who are allocated on a skills-matched basis and are available to provide phone and email support accordingly on UK working days and hours (09:00-17:00). Extended support can be provided subject to agreement and additional cost as described within the supplementary pricing document.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  ControlPlane’s remote-first approach minimises wasteful travel to its corporate office. When travel to a client site is required, sustainable transport options are employed. This remote-first strategy enables ControlPlane to lower its carbon footprint by reducing travel and requiring only a small office.; ; Additionally, in delivering its architecture and engineering services, ControlPlane aims to eradicate wasteful spending on cloud resources. It designs and builds efficient, cost-effective solutions that utilise features such as autoscaling and configuration drift detection to minimise resource usage and expenditure.

  Covid-19 recovery

  As a result of COVID-19, ControlPlane has become a remote-first organisation, offering enhanced flexibility, eradicating commuting, and improving employee work-life balance.; ; Remote engagements also reduce the burden on healthcare services by minimising virus transmission risks. The introduction of virtual tooling necessary for remote work has expanded accessibility to our services.; ; As a result of these changes, ControlPlane has been able to maintain a minimal office footprint, establish sustainable travel practices, and foster a remote-first culture.

  Tackling economic inequality

  ControlPlane's commitment to skill enhancement through client and community engagement—ranging from classroom-based training and knowledge sharing on projects to active participation and presentations at free community meetups and conferences—effectively addresses skills shortages by empowering individuals to gain new skills and certifications.; ; As a vendor-neutral consultancy with a deep commitment to leveraging open source technologies, ControlPlane boasts a rich history of contributing to open-source projects and sponsoring PhD research in technologies it finds beneficial. This strategy not only promotes diversity within the technology supply chain but also ensures the selection of the most fitting technology to meet specific needs, rather than defaulting to a few monolithic suppliers.; ; Furthermore, with a strong focus on security, ControlPlane demonstrates an in-depth understanding of supply chain risks and management strategies, showcasing a proven record of evaluating supply chain risk and implementing solutions that enable organisations to securely utilize open source and other third-party products.

  Equal opportunity

  ControlPlane is committed to promoting equal opportunity, and our diverse culture empowers and develops individuals with talent and integrity. We ensure that individuals at all levels of the organisation grasp the importance and benefits of diversity in high-performing teams. This empowers them with the motivation and opportunity to express their perspectives and drive change.; ; Our recruitment practices are designed to be as inclusive as possible, attracting and retaining top talent from a variety of experiences and backgrounds. We also offer existing employees support, professional development training, and other mechanisms to advance their careers.; ; Furthermore, ControlPlane partners with charities and schools to introduce underrepresented groups to careers in technology and security. These partnerships include hosting and contributing to workshops aimed at secondary school students. Our goal is to educate and inspire young individuals during their crucial academic decision-making phases.; ; ControlPlane is currently in the process of establishing an outreach programme.

  Wellbeing

  ControlPlane is fully committed to employee wellbeing, offering two fully-paid company-wide mental health days annually. We strongly; encourage employees to take this time to focus on relaxation and wellbeing activities. We make scheduled contributions to an employee rewards and benefits platform, which includes a wellness portal and credits redeemable for various products and services, including those focused on wellness.; ; ControlPlane champions a community of open-source and security advocates by attending, presenting at, and organizing industry conferences, local meetups, and engaging with specialist interest groups within the Linux Foundation. Our collaborative ethos is evident in how we engage; we prefer to work embedded within client organisations and existing teams, rather than forming separate teams outside of an organisation.

Pricing

• Price: £750 to £2,700 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at solutions@control-plane.io. Tell them what format you need. It will help if you say what assistive technology you use.