Skip to main content

Help us improve the Digital Marketplace - send your feedback

Pivotal BI Limited

Azure Data Lake Storage Gen2

Store all your organisation’s data securely and cost-effectively with this cloud-native service for use with big data analytics. Implement your company-wide data lake using a managed scalable storage solution that provides fine-grained security controls and tiered access levels for additional cost management.

For full details, please visit:
https://azure.microsoft.com/en-gb/services/storage/data-lake-storage/

Features

  • Cost-effective, scalable, managed cloud storage service
  • Geo-redundancy across Azure Regions for availability and data sovereignty control
  • Fine-grained security control and tiered data access
  • Support for virtual network (VNET) environments

Benefits

  • Centralised storage solution for all organisation data
  • Integration with a wide range of Azure data services
  • Enable data analytics over all your data assets

Pricing

£495 to £1,095 a person a day

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nigel.meakins@pivotalbi.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

2 6 8 4 0 0 4 1 6 1 5 0 4 1 8

Contact

Pivotal BI Limited Nigel Meakins
Telephone: +44 203 880 2095
Email: nigel.meakins@pivotalbi.com

Service scope

Service constraints
For a full list of service capabilities and constraints, please visit:
https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-introduction
System requirements
  • Azure Tenant
  • Azure Subscription
  • Please visit: https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-introduction

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Response times are determined by the SLA for the level of support contracted. Out of hours and weekends can be included in this SLA. All software and services implemented by Pivotal BI are eligible for support services. A 24/7 support capability is available.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Pivotal BI offer various levels of support through our partner network. This includes but is not limited to 24 x7 Telephone Support to the UK based technical team, dedicated account managers, network and service uptime guarantees.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Pivotal BI is a Microsoft Gold Partner specialising in data-related services both on-premises and in the cloud. We focus on delivering modern data platforms in Azure with our core capabilities in data platform architecture, data engineering, data analytics and the migration of data platforms to the cloud.

Our engagements offer all aspects of solution delivery, from initial requirements gathering and design to deployment, on-going support and training.

For more details on what a typical data analytics project engagement with us consists of, please visit:
https://pivotalbi.com/working-with-us/
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
There are various options to export data from Azure. Data transfer can be offline or over a network connection. The choice of export method depends primarily on the size of the customer's data and the amount of available bandwidth.

Data export can be achieved through one or more of the followings means:

Offline transfer using shippable devices
Using physical shippable devices (disk drives), the Azure Import/Export service can be used to securely transfer large amounts of data from Azure to a customer's on-premises site.

Network Transfer
Data can be transferred from Azure over a network connection. This can be done via the command line (AzCopy) or a graphical user interface (Azure Storage Explorer).

For full details on the Azure data migration services available, please visit:
https://docs.microsoft.com/en-us/azure/storage/common/storage-choose-data-transfer-solution?toc=/azure/storage/blobs/toc.json
End-of-contract process
As part of the end-of-contract process, Pivotal BI will help you to transition the solution to your Operations teams, providing technical support and handover on all aspects of the delivery. Through a true co-working engagement we are able to ensure that your staff understand the solution, the decisions made along the way and how best to carry it forward.

All Azure services supplied under the contract can be terminated in accordance with the terms set out in the service agreement. For full details, please visit:
https://azure.microsoft.com/en-gb/support/legal/

Using the service

Web browser interface
Yes
Using the web interface
The service can be deployed and managed using the Azure Portal.

For full details, please visit:
https://docs.microsoft.com/en-gb/azure/
https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-introduction
Web interface accessibility standard
WCAG 2.1 AA or EN 301 549
Web interface accessibility testing
For full details on Microsoft's commitment to accessibility, please visit:
https://www.microsoft.com/en-us/accessibility/

For full details on Microsoft's compliance offerings, please visit:
https://docs.microsoft.com/en-us/microsoft-365/compliance/offering-home?view=o365-worldwide
API
Yes
What users can and can't do using the API
Deployment and management APIs are available using the following service end points and libraries. Additional information on the capabilities of each can be found in the reference documentation linked below:

• REST - https://docs.microsoft.com/en-gb/rest/api/azure/
• .NET - https://docs.microsoft.com/en-us/dotnet/api/overview/azure/?view=azure-dotnet
• Python - https://docs.microsoft.com/en-us/python/api/?view=azure-python
• JavaScript - https://docs.microsoft.com/en-us/javascript/api/?view=azure-node-latest
• Java - https://docs.microsoft.com/en-us/java/api/?view=azure-java-stable
• PowerShell - https://docs.microsoft.com/en-us/powershell/module/?view=azps-4.2.0
API automation tools
  • Ansible
  • Terraform
  • Other
Other API automation tools
ARM Templates
API documentation
Yes
API documentation formats
HTML
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface
The Azure command-line interface (Azure CLI) is a set of commands used to create and manage Azure resources.

For full details, please visit:
https://docs.microsoft.com/en-us/cli/azure/?view=azure-cli-latest

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
Azure represents a hyper-scale public cloud service.
Usage notifications
Yes
Usage reporting
  • API
  • Email
  • SMS
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • HTTP request and response status
  • Network
  • Number of active instances
  • Other
Other metrics
  • Storage read/write transactions
  • Ingress/egress data volumes
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Microsoft

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach
Microsoft Azure encryption at rest provides encryption protection for stored data. All Azure hosted services are committed to providing Encryption at Rest options. Azure services support either service-managed keys, customer-managed keys, or client-side encryption.

For full details, please visit:
https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-overview#encryption-of-data-at-rest
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
Geo-redundant backup of data to separate Azure region
Backup controls
The service provides a number of levels of data redundancy copying as defined within the associated storage account.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks
All data transfers are via secure channel HTTPS and TLS over TCP. IPSec VPN or Azure ExpressRoute can be used to further secure the communication channel between your on-premises network and Azure.

For full details, please visit: https://docs.microsoft.com/en-us/azure/storage/blobs/security-recommendations
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
Azure includes robust networking infrastructure to support your application and service connectivity requirements, along with many mechanisms for keeping data private as it moves from one location to another.

For full details, please visit:
https://docs.microsoft.com/en-us/azure/security/fundamentals/overview

Availability and resilience

Guaranteed availability
Microsoft guarantee at least 99.9% of the time they will successfully process requests to read and write data to storage accounts.

For full details on Azure service level agreements, please visit:
https://azure.microsoft.com/en-gb/support/legal/sla/summary/
Approach to resilience
Azure is comprised of 160+ data centres located across 53+ linked regions. Each data centre offers high availability, scalability and connectivity to the the global Azure network.

For full details, please visit:
https://azure.microsoft.com/en-us/global-infrastructure/
Outage reporting
Azure Service Health notifies you about Azure service incidents and planned maintenance so you can mitigate downtime.

The service consists of:
• A dashboard to analyse health issues
• Alerts to notify you about active and upcoming service issues
• Shareable details and updates, including incident root cause analyses
• Guidance and support during service incidents

For full details, please visit:
https://azure.microsoft.com/en-gb/features/service-health/#features

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication
Azure Active Directory enterprise identity service provides single sign-on and multi-factor authentication to help protect your users from cyber security attacks.

Whether your staff are on-site or remote, they can have secure access to the estate so that they can stay productive from anywhere.

For full details, please visit:
https://azure.microsoft.com/en-gb/services/active-directory/#overview
Access restrictions in management interfaces and support channels
Access controls can be enhanced through the use of:
• Firewall rules that limit connectivity by IP address
• Authentication mechanisms that require users to prove their identity
• Authorization mechanisms that restrict users to specific actions and data
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Description of management access authentication
Azure Active Directory enterprise identity service provides single sign-on and multi-factor authentication to help protect your users from cyber security attacks.

Whether your staff are on-site or remote, they can have secure access to the estate so that they can stay productive from anywhere.

For full details, please visit:
https://docs.microsoft.com/en-us/azure/security/fundamentals/identity-management-overview

Customer Lockbox for Microsoft Azure provides an interface for customers to review and approve or reject customer data access requests. It is used in cases where a Microsoft engineer needs to access customer data during a support request. For full details, please vist:
https://docs.microsoft.com/en-us/azure/security/fundamentals/customer-lockbox-overview
Devices users manage the service through
Dedicated device on a segregated network (providers own provision)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
Other security governance standards
Microsoft offers a comprehensive set of compliance offerings to help your organization meet compliance requirements.

For a full list of compliance offerings, please visit:
https://docs.microsoft.com/en-gb/microsoft-365/compliance/offering-home?view=o365-worldwide
Information security policies and processes
An Information Security Management Program for Windows Azure has been designed and implemented to address industry best practices around security and privacy.

As part of the overall ISMS framework baseline security requirements are constantly being reviewed, improved and implemented.

Each management-endorsed version of the Information Security Policy and all subsequent updates are distributed to all relevant stakeholders. The Information Security Policy is made available to all new and existing Windows Azure employees for review. All Windows Azure employees represent that they have reviewed, and agree to adhere to, all policies within the Information Security Policy documents. All Windows Azure Contractor Staff agree to adhere to the relevant policies within the Information Security Policy.

Windows Azure services staff suspected of committing breaches of security and/or violating the Information Security Policy equivalent to a Microsoft Code of Conduct violation are subject to an investigation process and appropriate disciplinary action up to and including termination.

Contracting staff suspected of committing breaches of security and/or violations of the Information Security Policy are subject to formal investigation and action appropriate to the associated contract, which may include termination of such contracts.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Microsoft has established software development and release management processes to control implementation of major changes including:
• The identification and documentation of the planned change
• Identification of business goals, priorities and scenarios during product planning
• Specification of feature/component design
• Operational readiness review based on a pre-defined criteria/check-list to assess overall risk/impact
• Testing, authorization and change management based on entry/exit criteria for DEV (development), INT (Integration Testing), STAGE (Pre-production) and PROD (production) environments as appropriate
Customers are responsible for applications hosted by customers in Azure.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Microsoft component teams get notifications of potential vulnerabilities and the latest software updates from the Microsoft Security Response Center (MSRC) and GFS. The component teams analyze software updates relevance to Azure production environment and review the associated vulnerabilities based on their criticality. Software updates are released through the monthly OS release cycle using change and release management procedures. Emergency out-of-band security software updates (0-day & Software Security Incident Response Process - SSIRP updates) are deployed as quickly as possible.

Microsoft’s Security Response Center (MSRC) regularly monitors external security vulnerability awareness sites.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Microsoft employ sophisticated software-defined service instrumentation and monitoring that integrates at the component or server level, the data centre edge, the network backbone, internet exchange sites and at the real or simulated user level, providing visibility when a service disruption is occurring and pinpointing its cause.

More importantly, Microsoft are continuously investing in developing greater application resiliency in their software so it will instantly recognize a disruption and gracefully fail over to a different set of servers or even a different datacenter, without interrupting the availability of the service
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Microsoft has developed robust processes to facilitate a coordinated response to incidents if one was to occur.

The incident response process follows the following phases:

• Identification – System and security alerts harvested, correlated, and analyzed.
• Containment – Evaluation of the scope and impact of an incident.
• Eradication – The escalation team moves toward eradicating any damage caused by incident.
• Recovery – Software and configuration updates are applied to the system and services are returned to a full working capacity.
• Lessons Learned – Ensure the appropriate mitigations applied to protect against future reoccurrence.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
Hyper-V
How shared infrastructure is kept separate
Azure tenancy refers to a customer billing relationship and a unique tenant in Azure Active Directory. Tenant level isolation in Azure is achieved using Azure Active Directory (AD) and role-based access controls.

An Azure AD tenant is logically isolated using security boundaries so that no customer can access or compromise co-tenants, either maliciously or accidentally. Each Azure subscription is associated with one AD, access to resources in the subscription requires authentication and authorisation from the target tenant.

For full details on isolation in the Azure public cloud, please visit:
https://docs.microsoft.com/en-us/azure/security/fundamentals/isolation-choices

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Microsoft has been carbon neutral across the world since 2012 and commits to being carbon negative by 2030.

For full details on Microsoft's sustainability practices please visit:
https://www.microsoft.com/en-us/corporate-responsibility/sustainability

Social Value

Fighting climate change

Fighting climate change

We are working towards net zero carbon emissions within our organisation and will be extending this to our supply chain.

Pricing

Price
£495 to £1,095 a person a day
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
This free 1 day introductory engagement provides:
• Guidance on Azure data analytics product selection
• An outline of the benefits of adopting a modern data analytics platform
• Costing considerations for initial budgetary conversations
Link to free trial
https://pivotalbi.com/data-analytics-products/

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nigel.meakins@pivotalbi.com. Tell them what format you need. It will help if you say what assistive technology you use.