Pivotal BI Limited

Azure Data Lake Storage Gen2

Store all your organisation’s data securely and cost-effectively with this cloud-native service for use with big data analytics. Implement your company-wide data lake using a managed scalable storage solution that provides fine-grained security controls and tiered access levels for additional cost management.

For full details, please visit:
https://azure.microsoft.com/en-gb/services/storage/data-lake-storage/

Features

• Cost-effective, scalable, managed cloud storage service
• Geo-redundancy across Azure Regions for availability and data sovereignty control
• Fine-grained security control and tiered data access
• Support for virtual network (VNET) environments

Benefits

• Centralised storage solution for all organisation data
• Integration with a wide range of Azure data services
• Enable data analytics over all your data assets

£495 to £1,095 a person a day

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nigel.meakins@pivotalbi.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

268400416150418

Contact

Nigel Meakins
+44 203 880 2095
nigel.meakins@pivotalbi.com

Service scope

• Service constraints: For a full list of service capabilities and constraints, please visit:; https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-introduction
• System requirements:
  • Azure Tenant
  • Azure Subscription
  • Please visit: https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-introduction

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Response times are determined by the SLA for the level of support contracted. Out of hours and weekends can be included in this SLA. All software and services implemented by Pivotal BI are eligible for support services. A 24/7 support capability is available.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Pivotal BI offer various levels of support through our partner network. This includes but is not limited to 24 x7 Telephone Support to the UK based technical team, dedicated account managers, network and service uptime guarantees.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Pivotal BI is a Microsoft Gold Partner specialising in data-related services both on-premises and in the cloud. We focus on delivering modern data platforms in Azure with our core capabilities in data platform architecture, data engineering, data analytics and the migration of data platforms to the cloud.; ; Our engagements offer all aspects of solution delivery, from initial requirements gathering and design to deployment, on-going support and training. ; ; For more details on what a typical data analytics project engagement with us consists of, please visit: ; https://pivotalbi.com/working-with-us/
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: There are various options to export data from Azure. Data transfer can be offline or over a network connection. The choice of export method depends primarily on the size of the customer's data and the amount of available bandwidth. ; ; Data export can be achieved through one or more of the followings means: ; ; Offline transfer using shippable devices ; Using physical shippable devices (disk drives), the Azure Import/Export service can be used to securely transfer large amounts of data from Azure to a customer's on-premises site.; ; Network Transfer; Data can be transferred from Azure over a network connection. This can be done via the command line (AzCopy) or a graphical user interface (Azure Storage Explorer).; ; For full details on the Azure data migration services available, please visit:; https://docs.microsoft.com/en-us/azure/storage/common/storage-choose-data-transfer-solution?toc=/azure/storage/blobs/toc.json
• End-of-contract process: As part of the end-of-contract process, Pivotal BI will help you to transition the solution to your Operations teams, providing technical support and handover on all aspects of the delivery. Through a true co-working engagement we are able to ensure that your staff understand the solution, the decisions made along the way and how best to carry it forward.; ; All Azure services supplied under the contract can be terminated in accordance with the terms set out in the service agreement. For full details, please visit: ; https://azure.microsoft.com/en-gb/support/legal/

Using the service

• Web browser interface: Yes
• Using the web interface: The service can be deployed and managed using the Azure Portal. ; ; For full details, please visit: ; https://docs.microsoft.com/en-gb/azure/; https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-introduction
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: For full details on Microsoft's commitment to accessibility, please visit: ; https://www.microsoft.com/en-us/accessibility/; ; For full details on Microsoft's compliance offerings, please visit:; https://docs.microsoft.com/en-us/microsoft-365/compliance/offering-home?view=o365-worldwide
• API: Yes
• What users can and can't do using the API: Deployment and management APIs are available using the following service end points and libraries. Additional information on the capabilities of each can be found in the reference documentation linked below:; ; • REST - https://docs.microsoft.com/en-gb/rest/api/azure/; • .NET - https://docs.microsoft.com/en-us/dotnet/api/overview/azure/?view=azure-dotnet; • Python - https://docs.microsoft.com/en-us/python/api/?view=azure-python; • JavaScript - https://docs.microsoft.com/en-us/javascript/api/?view=azure-node-latest; • Java - https://docs.microsoft.com/en-us/java/api/?view=azure-java-stable; • PowerShell - https://docs.microsoft.com/en-us/powershell/module/?view=azps-4.2.0
• API automation tools:
  • Ansible
  • Terraform
  • Other
• Other API automation tools: ARM Templates
• API documentation: Yes
• API documentation formats: HTML
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: The Azure command-line interface (Azure CLI) is a set of commands used to create and manage Azure resources. ; ; For full details, please visit: ; https://docs.microsoft.com/en-us/cli/azure/?view=azure-cli-latest

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Azure represents a hyper-scale public cloud service.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email
  • SMS
  • Other

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • HTTP request and response status
  • Network
  • Number of active instances
  • Other
• Other metrics:
  • Storage read/write transactions
  • Ingress/egress data volumes
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: Microsoft Azure encryption at rest provides encryption protection for stored data. All Azure hosted services are committed to providing Encryption at Rest options. Azure services support either service-managed keys, customer-managed keys, or client-side encryption.; ; For full details, please visit:; https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-overview#encryption-of-data-at-rest
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up: Geo-redundant backup of data to separate Azure region
• Backup controls: The service provides a number of levels of data redundancy copying as defined within the associated storage account.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: All data transfers are via secure channel HTTPS and TLS over TCP. IPSec VPN or Azure ExpressRoute can be used to further secure the communication channel between your on-premises network and Azure.; ; For full details, please visit: https://docs.microsoft.com/en-us/azure/storage/blobs/security-recommendations
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Azure includes robust networking infrastructure to support your application and service connectivity requirements, along with many mechanisms for keeping data private as it moves from one location to another.; ; For full details, please visit:; https://docs.microsoft.com/en-us/azure/security/fundamentals/overview

Availability and resilience

• Guaranteed availability: Microsoft guarantee at least 99.9% of the time they will successfully process requests to read and write data to storage accounts.; ; For full details on Azure service level agreements, please visit: ; https://azure.microsoft.com/en-gb/support/legal/sla/summary/
• Approach to resilience: Azure is comprised of 160+ data centres located across 53+ linked regions. Each data centre offers high availability, scalability and connectivity to the the global Azure network.; ; For full details, please visit: ; https://azure.microsoft.com/en-us/global-infrastructure/
• Outage reporting: Azure Service Health notifies you about Azure service incidents and planned maintenance so you can mitigate downtime. ; ; The service consists of: ; • A dashboard to analyse health issues; • Alerts to notify you about active and upcoming service issues; • Shareable details and updates, including incident root cause analyses; • Guidance and support during service incidents; ; For full details, please visit:; https://azure.microsoft.com/en-gb/features/service-health/#features

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: Azure Active Directory enterprise identity service provides single sign-on and multi-factor authentication to help protect your users from cyber security attacks.; ; Whether your staff are on-site or remote, they can have secure access to the estate so that they can stay productive from anywhere.; ; For full details, please visit: ; https://azure.microsoft.com/en-gb/services/active-directory/#overview
• Access restrictions in management interfaces and support channels: Access controls can be enhanced through the use of: ; • Firewall rules that limit connectivity by IP address; • Authentication mechanisms that require users to prove their identity; • Authorization mechanisms that restrict users to specific actions and data
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: Azure Active Directory enterprise identity service provides single sign-on and multi-factor authentication to help protect your users from cyber security attacks.; ; Whether your staff are on-site or remote, they can have secure access to the estate so that they can stay productive from anywhere.; ; For full details, please visit: ; https://docs.microsoft.com/en-us/azure/security/fundamentals/identity-management-overview; ; Customer Lockbox for Microsoft Azure provides an interface for customers to review and approve or reject customer data access requests. It is used in cases where a Microsoft engineer needs to access customer data during a support request. For full details, please vist: ; https://docs.microsoft.com/en-us/azure/security/fundamentals/customer-lockbox-overview
• Devices users manage the service through: Dedicated device on a segregated network (providers own provision)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
• Other security governance standards: Microsoft offers a comprehensive set of compliance offerings to help your organization meet compliance requirements. ; ; For a full list of compliance offerings, please visit:; https://docs.microsoft.com/en-gb/microsoft-365/compliance/offering-home?view=o365-worldwide
• Information security policies and processes: An Information Security Management Program for Windows Azure has been designed and implemented to address industry best practices around security and privacy. ; ; As part of the overall ISMS framework baseline security requirements are constantly being reviewed, improved and implemented. ; ; Each management-endorsed version of the Information Security Policy and all subsequent updates are distributed to all relevant stakeholders. The Information Security Policy is made available to all new and existing Windows Azure employees for review. All Windows Azure employees represent that they have reviewed, and agree to adhere to, all policies within the Information Security Policy documents. All Windows Azure Contractor Staff agree to adhere to the relevant policies within the Information Security Policy. ; ; Windows Azure services staff suspected of committing breaches of security and/or violating the Information Security Policy equivalent to a Microsoft Code of Conduct violation are subject to an investigation process and appropriate disciplinary action up to and including termination. ; ; Contracting staff suspected of committing breaches of security and/or violations of the Information Security Policy are subject to formal investigation and action appropriate to the associated contract, which may include termination of such contracts.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Microsoft has established software development and release management processes to control implementation of major changes including:; • The identification and documentation of the planned change; • Identification of business goals, priorities and scenarios during product planning; • Specification of feature/component design; • Operational readiness review based on a pre-defined criteria/check-list to assess overall risk/impact; • Testing, authorization and change management based on entry/exit criteria for DEV (development), INT (Integration Testing), STAGE (Pre-production) and PROD (production) environments as appropriate; Customers are responsible for applications hosted by customers in Azure.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Microsoft component teams get notifications of potential vulnerabilities and the latest software updates from the Microsoft Security Response Center (MSRC) and GFS. The component teams analyze software updates relevance to Azure production environment and review the associated vulnerabilities based on their criticality. Software updates are released through the monthly OS release cycle using change and release management procedures. Emergency out-of-band security software updates (0-day & Software Security Incident Response Process - SSIRP updates) are deployed as quickly as possible. ; ; Microsoft’s Security Response Center (MSRC) regularly monitors external security vulnerability awareness sites.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Microsoft employ sophisticated software-defined service instrumentation and monitoring that integrates at the component or server level, the data centre edge, the network backbone, internet exchange sites and at the real or simulated user level, providing visibility when a service disruption is occurring and pinpointing its cause.; ; More importantly, Microsoft are continuously investing in developing greater application resiliency in their software so it will instantly recognize a disruption and gracefully fail over to a different set of servers or even a different datacenter, without interrupting the availability of the service
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Microsoft has developed robust processes to facilitate a coordinated response to incidents if one was to occur. ; ; The incident response process follows the following phases:; ; • Identification – System and security alerts harvested, correlated, and analyzed. ; • Containment – Evaluation of the scope and impact of an incident.; • Eradication – The escalation team moves toward eradicating any damage caused by incident. ; • Recovery – Software and configuration updates are applied to the system and services are returned to a full working capacity. ; • Lessons Learned – Ensure the appropriate mitigations applied to protect against future reoccurrence.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Hyper-V
• How shared infrastructure is kept separate: Azure tenancy refers to a customer billing relationship and a unique tenant in Azure Active Directory. Tenant level isolation in Azure is achieved using Azure Active Directory (AD) and role-based access controls.; ; An Azure AD tenant is logically isolated using security boundaries so that no customer can access or compromise co-tenants, either maliciously or accidentally. Each Azure subscription is associated with one AD, access to resources in the subscription requires authentication and authorisation from the target tenant.; ; For full details on isolation in the Azure public cloud, please visit:; https://docs.microsoft.com/en-us/azure/security/fundamentals/isolation-choices

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Microsoft has been carbon neutral across the world since 2012 and commits to being carbon negative by 2030.; ; For full details on Microsoft's sustainability practices please visit: ; https://www.microsoft.com/en-us/corporate-responsibility/sustainability

Social Value

• Fighting climate change:

  Fighting climate change

  We are working towards net zero carbon emissions within our organisation and will be extending this to our supply chain.

Pricing

• Price: £495 to £1,095 a person a day
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: This free 1 day introductory engagement provides:; • Guidance on Azure data analytics product selection; • An outline of the benefits of adopting a modern data analytics platform; • Costing considerations for initial budgetary conversations
• Link to free trial: https://pivotalbi.com/data-analytics-products/

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nigel.meakins@pivotalbi.com. Tell them what format you need. It will help if you say what assistive technology you use.