4net Technologies Ltd

FourNet (4net) Fortinet Zero-Trust Network Access Control (NAC) and IoT Security

FourNet's Service Offer leverages Network Access Control (NAC) which is a critical modern-day network component; NAC offers the ability to deploy Zero Trust Network Solutions, Secure SD Branch deployments and ensures IoT, BYOD and user devices are profiled, only allowing access to approved resources with period reviews for compliance.

Features

• Public and private cloud support
• Broad integration with over 150 vendors
• Agent and agentless scanning for detection and classification
• Event reporting to SIEM with detailed contextual data
• Enforce dynamic network access control and enable network segmentation
• Centralized Architecture for easier deployment and management
• Automate polices to reduce detection and containment time
• Integration to the Fortinet Security Fabric
• Centralise inventory for all connected devices, including IoT
• Extensive support for Captive-Portal Guest and BYOD deployments

Benefits

• Centralise BYOD, IoT and User on-boarding across network infrastructure
• Automate device checking before network access is granted
• Deploy Zero-Trust network Architecture using a centralised model
• Agentless Scanning support for IoT devices
• Optional agent-based scanning for deep device-based information
• Easy scalability through centralised and distributed architecture options
• Utilise 17 profiling methods to identify a device
• Flexibility to deploy on private and public cloud services
• Reduce management overhead with automated device onboarding
• Flexible license options for different use-cases.

£3,100 a unit a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsector@fournet.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

208284675172090

Contact

Public Sector Team
0161 864 5130
publicsector@fournet.co.uk

Service scope

• Service constraints: The service is limited to Fortinet products on supported platforms, as published by Fortinet on respective datasheets.
• System requirements:
  • Virtual machines require a minimum resource allocation.
  • Some clouds are unsupported by some products
  • Some features are dependent on license

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 30 minutes. Response times vary based upon question type. Please see support SLAs for response times
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: FourNet provides 2nd line support to our customers for this service. 1st line support will be provided by the customer ICT helpdesk so no contact will be from end users to the FourNet Service Desk. All support will be provided remotely with onsite support available at an additional charge. ; ; FourNet offers bespoke SLAs which are priced individually.; ; Please see the FourNet service definition document which outlines the support levels and associated costs with these levels.; ; FourNet will provide a technical Account Manager, Cloud Support Engineer and Service Delivery Manager to the customer upon request.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: FourNet provide options for onsite / remote training and user documentation to start using the service.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: FourNet provide an export of relevant user data held in the system at the end of the contract.
• End-of-contract process: Should the customer require a transition manager and additional support when moving away from the service then this would be charged on a daily rate starting at £850 per day. The total cost will be agreed with the customer once they have confirmed what level of support is required from FourNet, and the time required to transition to the new provider from the FourNet service.

Using the service

• Web browser interface: Yes
• Using the web interface: Once the virtual machine is provisioned into the cloud environment, administrators have complete control of features and configuration for the virtual machine. All common and frequently used features are available through the web interface (GUI), along with remote access to the Command Line Interface (CLI) where lesser used or niche features can be configured. ; ; The Web Interface allows for the configuration and on-going management of the virtual machine, along with access to remote, system events and log information.
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: Not Known / Not Tracked.
• API: Yes
• What users can and can't do using the API: REST API is supported for the configuration & monitoring of Virtual Machines. ; ; Most administration and configuration functions are available through REST API. Some limitation exist for certain Virtual Machines. Therefore, if the user is looking to integrate through API it is recommended they consult their Account Manager / TAC.
• API automation tools:
  • Ansible
  • OpenStack
  • Other
• Other API automation tools: Any Automation tools that support JSON API
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
  • Other
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
  • Other
• Using the command line interface: Configuration of the FNAC appliance should be undertaken using either REST API or the GUI as best practice. CLI access to the NAC and underlying Operating System is best served for troubleshooting and initial deployment of the FNAC VM.

Scaling

• Scaling available: Yes
• Scaling type: Manual
• Independence of resources: Services are built within customer cloud ecosystem with no external dependencies on our infrastructure. Central signatures and updates may be cached to eliminate dependency on update servers.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email
  • Other

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
  • Other
• Other metrics:
  • Authenticated users by type
  • Authenticated devices
  • Inventory, customised reports
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Fortinet

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: All critical assets, along with data considered to be personal under GDPR or other international laws is encrypted at rest and at backup using cryptography techniques. Any transit of data is done cryptographically. Data is stored in secure datacentres with physical access control mechanisms, CCTV, badge entry systems and security guards. Furthermore, access to Fortinet global offices are controlled via physical access control mechanisms, CCTV, badge entry systems and security guards.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Configuration
  • Database
• Backup controls: Users can take backup copies of the configuration & database via the Web Interface through manual or scheduled tasks
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery: Users can recover backups themselves, for example through a web interface

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Customers have the option of using Cloud based analytics or Sandboxing.in the event these options are chosen, data-in-transit is encrypted using SSL end-to-end. ; ; Data transfer between update servers and the virtual machines is completed via SSL end-to-end.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Customers have the option of using Cloud based analytics or Sandboxing.in the event these options are chosen, data-in-transit is encrypted using SSL end-to-end. ; ; Data transfer between update servers and the virtual machines is completed via SSL end-to-end.

Availability and resilience

• Guaranteed availability: FourNet provide a minimum 99.99% availability on core services.; ; Service Levels and Credits are based on a bespoke requirement.
• Approach to resilience: The resilience of our services is available upon request.
• Outage reporting: Should an outage occur within the platform notifications are automatically sent to the FourNet service desk team. Depending upon the severity of the outage then customers will be alerted appropriately via phone and/or email.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Adminstrators who access the Virtual Machine(s) are authenticated against Username & Password set by the customers administrator.
• Access restriction testing frequency: Never
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSi
• ISO/IEC 27001 accreditation date: 22/02/2021
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO 27001 information security standard, Cyber Essentials and Cyber Essentials Plus. The ISO27001 Statement of Applicability is available to G-Cloud customers on request, this document references all of FourNet's policies and procedures including our IT policy, encryption systems and access control along with many other processes. The SoA also details the reporting structure for adherence to ISO 27001. In brief this consists of our internal IT engineers who form part of our service desk team, reporting into the service desk manager. The service desk manager (for FourNet's information systems) reports to the Chief Technical Officer / Security Manager / Data Protection Manager who has ultimate responsibility for FourNet's Information Systems security, support and development.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: FourNet processes conform with ITIL processes and our ISO 9001, ISO20000 and ISO27001.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: FourNet continually assess software and firmware across the deployed services, both by assessment of vendor product and security release notes as appropriate or our Release Management Tool. Release Manager monitors firmware and software revisions at the latest release. Release Manager uses Configuration Manager’s CMDB as a source for the existing release levels, which is updated on a regular basis. FourNet assesses the release and our policy is for security breaches and updates, to deploy straightaway and for all other releases to deploy if it is to resolve a known issue or following consultation with the customer.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: FourNet will deploy service management tool(s) that proactively manages and monitors the services and platforms. When an alarm is received, the management tool will either automatically attempt a resolution by running scripts against known problems within its knowledgebase or an automated resolution is not possible, the service management tool will notify the relevant Service Desk with details of the issue. The Service Desk will then create a ticket, notify the customer’s service desk and assign the ticket to an resolution operative to triage and restore. Response will be in accordance to the designated priority of the issue and the SLA.
• Incident management type: Supplier-defined controls
• Incident management approach: FourNet has a documented Incident Management process which is provided with an Operational Services Manual. This will include knowledge articles’ and ‘templates’, which are updated, for common issues. All Incidents are reported and logged via the FourNet ServiceDesk. Incident logging is either via automated tools or manually by phone, email or the customer web portal. Outside of automated Incident logging, we ask that Priority 1 and 2 tickets are phoned in and Priority 3 and 4 are either emailed and logged via the portal. The Service Delivery Manager will provide Incident reports, RCAs and service reviews to an agreed schedule.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: FourNet’s use Tier 4 Data Centres. These sites were chosen to be Geo-Resilient, and more than 50 miles apart.; ; All Datacentres are assessed to meet the following certifications as standard. Individual DC centres may have further certifications:; ; ● SOC 1 Type II; ● SOC 2 Type II; ● ISO 27001; ● PCI DSS; ● OHSAS 18001; ● ISO 9001:2015; ● ISO 22301; ● ISO 14001:1015; ● ISO 50001; The data centres are certified to meet rigorous environmental and energy-management standards.

Social Value

• Fighting climate change:

  Fighting climate change

  Environmental, Social and Governance (ESG): ; ; At FourNet, we are committed to effective stewardship of the environment and tackling climate change and have several activities and initiatives underway. In June 2021, Palatine Private Equity became a majority shareholder in the business and their commitment to ESG has further driven this agenda. Palatine is one of the private equity leaders in Environmental, Social and Governance (ESG) and is a pioneer in the responsible investment space.; ; We take ESG seriously and have an appointed ESG lead in the business and an ESG working group, including two Board members, meets once a month to discuss our priorities as outlined in our action plan. ESG is a standing agenda item at Board and Senior Leadership Team (SLT) meetings as well as at every management meeting. ; ; In early 2022, we will produce our first baseline carbon footprint report for the calendar year 2021 which will state our scope 1 and 2 impact. We have undertaken an initial review based on 2020, which indicates that our footprint is relatively low (in the region of 18.5 tCO2e) but believe that 2020 was an extraordinary year and the data available is incomplete and so we believe that 2021 is more reflective of our true impact. Whilst we anticipate that our impact is relatively low, we are nonetheless committed to putting in place a 10-year carbon reduction strategy that will see us reduce emissions year on year in line with science-based targets, with the goal of reaching carbon neutral status in the next couple of years and working towards net zero carbon in line with UK governments targets. ; ; At the end of 2021, we undertook our final ISO14001 (Environmental Management) audit and are delighted to report that we have achieved certification.
• Covid-19 recovery:

  Covid-19 recovery

  Employment: ; ; FourNet is proud to have helped sustain “business continuity” for important central government, local government, healthcare, housing and financial institutions during the COVID-19 pandemic and recovery phase, by enabling efficient flexible-working for all those customers, their employees and many more. As an award-winning SME, we were instrumental in enabling officials and employees in key businesses to seamlessly work from home, when movement restrictions were introduced in 2019. We are continuing to do so, continuously innovating while developing new services and employment opportunities which benefit those organisations and local communities. Our employees are classified as “key workers” which meant we were able to provide crucial support, additional services and training as well as improved access to services for citizens, despite the pandemic. ; ; Return to work: ; ; Given the shift to home-working, our solutions have helped to deliver an efficient working environment for remote workers during and since COVID-19 struck. This means increased employment opportunities in local communities remote from the headquarters of those departments and agencies, and similarly for our nationwide enterprise customers who offer flexible employment. For instance, Connecting Wales allows Welsh-speaking local government employees to work, remotely, for councils in non-Welsh speaking communities. This enhances employment opportunities in less affluent regions, while boosting local economies and assisting with the levelling up agenda. As a technology business, in a high growth sector, through our non-location specific, cloud-based, solutions we are enabling a broader range of recruitment opportunities not only for our own business, but for those departments and agencies moving to Government Hub working. FourNet is helping to support inclusion and diversity in the virtual workplace, allowing individuals to consider roles for a whole range of local and national employers, for whom they might have been considered ill-suited because of childcare commitments, commuting time or distance, disability or illness.
• Tackling economic inequality:

  Tackling economic inequality

  Smarter Working: ; ; FourNet has remote working at its heart, not just as a business but for our customers. We were enabling our clients to implement work-from-home solutions prior to the pandemic and were instrumental in ramping up those capabilities at the height of the pandemic. Our secure communications services are at the core of our capabilities to facilitate remote working. By delivering future-proofed, inclusive, communications technologies and tools to encourage greater collaboration, we have brought greater efficiencies and cost savings for clients while allowing people to remain in their own local areas, spending money which otherwise would have been spent in cities and urban environments. We are fully aligned, in thought, strategy and process with Smarter Working Programmes as a means to tackling economic inequality, creating a sustainable future and assisting with the levelling up agenda. ; ; Levelling-up: ; ; This strategy applies not just to FourNet’s employees – many of whom work from home at least part of the week, but to our nationwide enterprise customers whom we have assisted in implementing remote working solutions over the past 18 months. Each of those businesses are helping to create and maintain employment in deprived, less affluent and rural communities where opportunities were previously few and far between.; ; While the high cost of living makes the big-city jobs market inaccessible for many young people and key workers, hybrid working provides new employment opportunities. This, in turn distributes wealth to local communities, tackling economic inequality in areas that traditionally relied on income from sectors hit hardest by the pandemic, such as tourism and hospitality. New businesses are emerging in rural and less affluent area thanks to the move away from big city living caused by the pandemic and facilitated in part by remote working solutions which we provide as an employer and a business.
• Equal opportunity:

  Equal opportunity

  Like many organisations, FourNet is striving to build as diverse and inclusive a community as possible. This means sticking resolutely to a top-down, bottom-up strategy which creates and nurtures equal opportunities policies, culture, workforce and physical environment across our company which is fair, non-discriminatory, and accessible. ; ; As a business, which is helping other organisations to implement successful and efficient remote working practices, we believe that hybrid working can help support inclusion and diversity in the virtual workplace, allowing individuals to consider roles which they might have thought previously ill-suited because of childcare commitments, commuting time or distance, disability or illness.; ; Remote-working provides employers, like FourNet, with an opportunity to create a more diverse workforce, with staff from different geographies and backgrounds and across all job levels, functions and teams. It can also help to close the gender gap by offering greater flexibility and opportunities for women, including single mothers with children, and particularly in male-dominated industries like the fast growing technology sector.; ; Recruitment: ; ; FourNet abides by the law in that we have a policy to provide equal opportunities in employment and to avoid unlawful discrimination, but we go much further, helping to create a diverse workforce that is respectful of each other’s differences. ; The purpose of our policy, which covers recruitment and selection and promotion and training, is to provide guidance to employees on relevant legislation and best practice and therefore reduce the risk of possible discriminatory attitudes affecting decision making. ; ; Training and Working Conditions: ; ; To support our policy, all employees also take part in mandatory annual training on Equality, Diversity and Inclusion provided by an external training partner. All those in management positions also attend additional developmental training which covers unconscious bias. We provide those in management positions with a ‘management framework’.
• Wellbeing:

  Wellbeing

  Community Wellbeing: ; ; As a result of enforced COVID pandemic home-working for many employees, FourNet focused attention on our employees’ working conditions at home and their mental health and, like many organisations, that has even meant creating virtual social events to keep up team spirit and morale, out of the office. ; ; As a business, we deliver workforce management (WFM) solutions which allow businesses in the community and their employees to create a better work-life balance, permitting flexible and holiday scheduling, shift-swapping with colleagues, and engagement tools which reduce mundane and repetitive tasks. ; ; It’s not just employees but citizens in the community who benefit. For example, sentiment analysis can be used to understand and track agent morale and motivation. This has been particularly relevant with the increase in remote working during the pandemic. For citizens, artificial intelligence can be used by businesses to detect an upset customer, alerting an employee with a suggested means to assist the customer’s wellbeing.; ; Workforce Wellbeing: ; ; FourNet has a wellbeing programme, delivered by a recognised specialist, which is available to all employees. The external programme includes 24/7 access to a GP and an advice and counselling line (including legal and financial advice) as well as a video physiotherapy service. It includes up to six face-to-face counselling sessions with a trained therapist.; ; FourNet also has trained Mental Health First Aiders (MHFA), who are available to employees as and when requested. We have invested in training for MHFAs, via our preferred training partner. They are tasked with providing campaigns to engage our employees to understand the causes and effects of stress and mental health conditions and tips to improve resilience and mental health. We have taken part in Mental Health Awareness Week and created a Mental Health First Aid Handbook which provides details of the support available.

Pricing

• Price: £3,100 a unit a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: FortiGate is available as a free trial in Amazon AWS, Microsoft Azure, (30 days) through their respective market places and in private cloud version (60 days) via the Fortinet account team
• Link to free trial: https://aws.amazon.com/marketplace/pp/prodview-wory773oau6wq https://azuremarketplace.microsoft.com/en-us/marketplace/apps/fortinet.fortinet-fortigate?ocid=FortiGate_202105_landingpage_en-us

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsector@fournet.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.