Rowden Technologies Ltd

Secure Cloud Platform for Complex Sensitive Workloads

Rowden's Secure Cloud Platform streamlines integration through use of the AWS Trusted Secure Enclave (TSE-SE) architecture, offering rapidly accreditable deployment and reduced operational costs for sensitive, mission-critical applications. Our solution empowers organisations to manage data and workloads seamlessly at multiple classification levels up to OFFICIAL-SENSITIVE.

Features

• Deployment Simplification: Enables rapid deployment with simplified secure cloud setup.
• Enhanced Platform Security: Fortifies against vulnerabilities with advanced security protocols
• Demand-Responsive Scaling: Resources that instantly adjust to demand fluctuations
• Accreditation Ready: Built around ISO27001, SbD, NIST 800-53, JSP 604
• Legacy System Integration: Seamless integration with existing infrastructure
• Isolation Assurance: Guarantees strict workload and user segregation for security
• Rapid Complex Accreditation: Streamlines swift accreditation for complex use cases
• Commercial Cloud Leverage: Enhanced speed, integration and security
• Approved Secure Architecture: Uses AWS TSE-SE (Trusted Secure Enclave)
• Operational Collaboration: For cohesive inter-organisation and international operations

Benefits

• FinOps: Reference Architecture streamlines financial operations, billing and cost optimisation
• Rapid Deployment: Minimises time from planning to deployment, accelerating projects
• Cost Efficiency: Cuts operational costs through efficient cloud resource management
• Enhanced Security Operations: Via 24/7 continuous monitoring and controls
• Adaptive Technology: Eases adaptation to technological changes and emerging threats
• Data Sovereignty: Ensures total control and sovereignty over cloud-stored data
• Streamlined Data Management: Simplifies management of complex data workflows
• Fully Managed Service: Focus on core workloads over hosting management
• Cross-Agency and Partner Collaboration: Streamlines for enhanced efficiency
• Migration Expertise: Specialised support for migration, setup, and ongoing maintenance

£550 to £1,450 a unit a day

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@rowdentech.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

272503129217582

Contact

Sales Team
+44 (0) 117 4285759
sales@rowdentech.com

Service scope

• Service constraints: The Secure Environment, while subject to stringent accreditation requirements, offers a robust setup that ensures compliance and security tailored to specific industry and regional standards. This adherence enhances reliability and instils trust, although it may initially limit flexibility and scalability. The necessary ongoing updates and monitoring for compliance, while adding some operational overhead, also ensure that the environment remains secure and up to date, ultimately supporting a high standard of service and adaptability within the confines of accreditation protocols.
• System requirements:
  • Modern Operating System (Linux, Mac or Windows)
  • Android 8 and above

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times are dependent on service level agreements as agreed with the buyer. Flexible response times can be provided allowing users to ensure support is available when needed, including for operational purposes.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: In our WCAG 2.1 Level A compliance test, we ensured keyboard accessibility, provided alternative text for images, offered accessible audio/video alternatives, met contrast ratio requirements, labelled form inputs, organized page structure logically, ensured link text conveyed purpose, maintained a logical focus order, adjusted timeouts for user interaction, and ensured status messages were visually apparent.
• Onsite support: Yes, at extra cost
• Support levels: Our support is customised to each customer's unique requirements, ensuring that organisations of all sizes and sectors receive appropriate support. We offer adaptable support packages that can range from basic troubleshooting to comprehensive, 24/7 technical oversight by our expert team. This bespoke approach allows us to deliver precise, effective support that aligns with your operational needs and strategic objectives.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We will conduct a detailed and thorough assessment of the client’s requirements, including Key Performance Indictors (KPIs) enabling us to customise a tailored solution. The assessment phase will be continuous throughout the life of the service and an agile response to any client changes in requirements will be adopted. An initial bedding-in period will be provided to ensure that users are able to exploit the services in full and as intended. Any changes will be made if required followed by a tailored onboarding process. This can include BYOD / CYOD or a mixture. Current IT/mobile infrastructure maybe incorporated into the implementation of the system.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Rowden respects that your data is your data. It can be removed by you at any time. All data at the termination of the service will be destroyed unless alternative prior arrangements have been agreed. Depending on the nature of the service, the offboarding process will be tailored to the situation. In most cases, the cloud-based infrastructure will be deactivated, and data and cluster resources removed and/or destroyed in line with NCSC guidance.
• End-of-contract process: At the end of the contract period the cloud hosted environment will be suspended for a period of 10 working days before all instances and data are deleted in line with NCSC guidance. If the users whish to extract any data they must request this prior to the 10 day notice period.

Using the service

• Web browser interface: No
• API: Yes
• What users can and can't do using the API: To access the The Secure Environment via an API, developers use SDKs or the CLI, specifically designed for services like AWS Nitro Enclaves for example. This involves setting up secure IAM roles and policies for API access, managing enclave operations such as creation and deletion, and handling encryption keys and network configurations. This approach ensures automated, secure, and scalable interactions with the environment, facilitating the management and protection of sensitive data within these secure enclaves.
• API automation tools: Terraform
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• Command line interface: Yes
• Command line interface compatibility: Linux or Unix
• Using the command line interface: The Command Line Interface (CLI) is essential for direct interaction. Users can use the CLI to effectively manage enclave-related operations, including launching and terminating enclaves, configuring security settings, and scripting repetitive tasks for efficiency. The CLI allows for precise, scriptable control over enclave features, facilitating advanced management of secure, isolated compute environments within the environment.

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: By offering a cloud based solution in multiple UK datacentres and working with users to understand the capacity and load baseline requirements we are able to scale independently of other users. Once in production, our expert network and hosting architecture staff will monitor and manage all service supporting components to ensure the service is maintained.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: No

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: WireGuard® VPN utilising state-of-the-art cryptography.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We will provide the user with compensation in the form of a service extension if through the fault of the supplier the service has been degraded to such a level as to prevent the user from gaining access. All UK datacentres used have a 99.9% uptime. As part of the on boarding process specific business critical SLAs can be requested including the ability to specify critical events that will require additional support or resource.
• Approach to resilience: Our public cloud solutions are expertly designed to maximize the cloud's inherent redundancy and fault tolerance capabilities. By strategically distributing servers across multiple availability zones and regions, and implementing effective duplication strategies, we ensure comprehensive fault tolerance for any disaster scenario. We leverage cutting-edge clustering techniques to enable elastic scaling, which consistently maintains high performance regardless of fluctuating traffic demands. Additionally, our commitment to the latest DevOps and Infrastructure-As-Code practices allows us to develop dynamic, scalable, and resilient applications that are not only easy to maintain but also cost-efficient and reliable.
• Outage reporting: In the event of an outage, the Service Delivery Manager promptly contacts the user with details. Users also have complete access to a management dashboard that features configurable email alerts for ongoing updates. Further communications regarding the outage are disseminated through various channels including the dashboard, telephone, and email, depending on the incident's severity as detailed in our Incident Management protocol. This thorough, multi-channel approach ensures users remain well-informed and prepared to respond effectively during service disruptions.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: Access control is based on individual permissions applied to a human or machine identity. This is role-based access control (RBAC). Rowden use a single access control process and mechanism to provide a coherent approach.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: Rowden follow industry best practice to deliver Information Security Policies which is governed at board level and tailored to support individual projects.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes to component configuration are submitted to a Minor or Major change management process with the aim of maintaining operational service whilst incorporating the change as quickly as possible. All changes are technically reviewed, risk-assessed, scheduled and then re-reviewed post-implementation.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Security reviews are performed every quarter and discussed at service review meetings. We also offer automated security testing throughout the life of the service and specific security testing after any system level change has be implemented. An annual independent 3rd party vulnerability and security testing audit is available sure the user request, this will be conducted using an independent ISO27001 security testing company. Critical issues found are raised immediately via the service desk to be fixed by the support team under SLA.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Events can be configured both by the users and the Service Delivery team to trigger alerts. If an attack is detected, alerts will be raised and outputs from the logging platform used to create a mitigation response. These alerts are integrated into our support service. All incidents and security events are resolved under SLA.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: All incidents are reported into a central monitoring dashboard, which ensures that each is promptly assigned to an appropriate resource, and its progress tracked (and escalated, as required) to resolution. Rowden Technologies operates to a robust Incident Management process that can be tailored to the users requirements.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Other
• Other virtualisation technology used: We use a variety of virtualisation technology to bring the benefit of cloud computing to the end users. Kubernetes Clusters as well as traditional VM are used depending on the user requirements.
• How shared infrastructure is kept separate: A Virtual Private Cloud provides complete network layer separation from any other portion of the environment. A VPC acts as a container for any resources in a given region, including virtual machines, storage, security rules, database instances, Cloud Formation stacks etc. Authentication and DNS, span all VPCs – allowing, e.g. global user access control policies.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: AWS and Azure adhere to the EU Code of Conduct for Energy-Efficient Data Centres, focusing on reducing energy consumption efficiently. AWS enhances energy efficiency through innovative cooling methods such as direct evaporative cooling and high server utilisation, minimising physical servers and maximising virtual operations. This not only adheres to the Code’s guidelines but also leverages renewable energy sources wherever possible. On the other hand, Azure utilises artificial intelligence to optimise cooling systems and deploys energy monitoring and smart grid technologies. This helps align energy usage with the availability of renewable energy. Azure also utilises highly efficient server configurations and modular data centres that adapt to demand, optimising energy use. Additionally, Microsoft commits to renewable energy, aiming for zero-carbon operations. Both AWS and Azure not only comply with the EU Code by integrating advanced technologies and sustainable practices but also actively seek new methods to enhance data centre energy efficiency, underscoring their commitment to environmental sustainability. This approach demonstrates a proactive stance in exceeding the basic requirements of the Code, showing leadership in energy-efficient data centre management.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  As a forward-looking company delivering next-generation technical solutions, we have a responsibility to lead the way in addressing climate change. To achieve this, we embed climate change initiatives into the delivery of all our contracts, creating a link between revenue generation and positive ecological change. During call-off, we will agree with the Buyer a specific plan, timescales and reporting (via our Social Values Dashboard) to demonstrate how our services will; positively impact climate change. This plan will introduce new initiatives (together with the necessary budget) and build on existing efforts. We offset the emissions of our workforce, contractors and external project team members to drive long lasting positive behaviours. This is via Ecologi Ltd, Bristol-based social enterprise. We offer employee benefits that encourage and influence positive environmental behaviours including free onsite EV charging, a competitive EV rental salary sacrifice scheme, and access to advanced technology solutions that support effective remote working. We engage and involve our people in our sustainability efforts via an internal working group that leads on climate change initiatives (recent examples being a switch to recycled paper and a scheme under which we donate our unwanted technology to a local children’s charity). We track the emissions generated by our business and wider supply chain using a carbon accounting module which is integrated into our accounting software. This enables us to identify actionable methods of reducing emissions in line with our target to reduce per head emissions by 25% by 2030, which we have set out in our Carbon Reduction Plan. We ask our supply chain to adhere to sustainability commitments as part of our Supplier Code of Conduct, thus encouraging positive environmental action in our wider ecosystem. We plan to establish a working group involving a range of suppliers to feed into broader environmental initiatives.

  Covid-19 recovery

  Rowden recognises that local communities and individuals within them are still recovering from the effects of COVID-19. As part of our sustainable growth, we support the local community in ongoing recovery efforts. During call-off, we will agree with the Buyer a specific plan, timescales and reporting (via our Social Values Dashboard) to demonstrate how our services will support COVID-19 recovery. This plan will introduce new initiatives and build on these existing efforts. Recognising employees may still be subject to physical and psychological consequences of COVID-19, we provide a comprehensive employee benefits package including private medical insurance, a health cash plan and 24/7 access to counselling via the LifeWorks Employee Assistance Programme. Trained mental health first aiders support our dedication to ensure the mental health of our people. Financial support and advice is available via Bippit. The evolution of home working arrangements that were necessary during the pandemic into permanent flexible working policies that both support employees with a diverse range of caring needs or health concerns and underpin our talent attraction strategies. A dedicated sustainability budget, used for initiatives across three pillars of Rowden’s sustainability programme (economic, social, environmental). Employees can suggest uses for funds, including charitable donations and event sponsorship. We engage in a range of community/charitable initiatives, from homeless collections, volunteering at STEM events, through to sustainable travel initiatives run by the local authority. Strategies to create new work opportunities and maintain job security for existing employees through development of new products and services. Sourcing local suppliers of goods and services wherever possible (taking into account customer requirements), thus stimulating the local economy. Extensive L&D budgets to support employees with training and development opportunities, including those that are relevant in the post-pandemic economy (e.g. using modern delivery approaches to adapt to changing market demands).

  Tackling economic inequality

  As a regional SME, we understand the barriers to entry that exist in the sector and are committed to tackling economic inequality. During call-off, we will agree with the Buyer a specific plan, timescales and reporting (via our Social Values Dashboard) to demonstrate how our services will tackle economic inequality. This plan will introduce new initiatives and will build on the following existing efforts. Measures to improve EDI in our hiring processes and employment (see equal opportunities response). Investment in an L&D budget of £600 per head available for courses and qualifications to upskill people in areas relevant to our contracts. This complements a tailored internal training programme, mentoring schemes and other external programmes. We have just recruited our 2024 intake for our graduate engineering scheme. We would consider funding additional places linked to a specific call-off. Partnerships with a range of organisations to tackle inequality in our sector and a dedicated STEM budget for community outreach, engagement, and sponsorship (see equal opportunities response). We endeavour to achieve the optimum balance of employees and contractors, considering what will provide the best customer outcomes. We consider how to increase opportunities for diverse businesses and proactively seek out local SMEs for support, e.g. via teaming and partnership structures. We provide informal mentorship and technical assistance to such businesses to help them deliver their strategies. We actively seek to reduce barriers to entry for new market entrants/SMEs by championing modularity principles to guide procurement, maintaining an independent, vendor-agnostic delivery approach. We track information about the types of suppliers we work with as a key metric. Our Supplier Code of Conduct clarifies what we expect from our supply chain. We manage cyber risks across delivery and are Cyber Essentials Plus certified. We assess and mitigate cyber security risks in our supply chain.

  Equal opportunity

  Rowden's commitment to tackling workplace inequality is a core company value and strategic imperative. During call-off, we will agree with the Buyer a specific plan, timescales and reporting (via our Social Values Dashboard) to demonstrate how our services will deliver equal opportunities. This plan will introduce new initiatives and build on existing efforts. Recognising that gender imbalance is an issue in our sector, we are signatories to the Women in Defence Charter. 30% of our workforce is female; we aim to reach at least 35% by 2030. We are a Disability Confident Employer, collaborating with the Business Disability Forum for advice which helps us understand the issues affecting the disabled community. Working with Evenbreak, we publicise opportunities to disabled candidates. We are an Armed Forces Covenant signatory, planning to become a Gold Armed Forces Covenant Award member by 2030. This continues a longstanding practice - 30% of our workforce constitutes service leavers. Pay equity is maintained through biannual reviews. Our holistic benefits package offers flexible working for a diverse range of employees. 96% of employees reported a positive work-life balance in our 2024 engagement survey. Employees undertake mandatory EDI training. Hiring managers receive additional training to reduce the risk of bias in recruitment. Monthly EDI L&D sessions (via our partnership with Powered By Diversity) cover protected characteristics. We use recruitment agencies committed to targeting under-represented groups. Our interviews include skills-based tasks to remove subjective judgements/improve diversity. We proactively discuss reasonable adjustments in hiring to set the foundations for success. We participate in Tech Talent’s diversity survey and partner with Coding Black Females. Our dedicated STEM budget supports community outreach. We sponsor initiatives that champion equality (mentoring schemes - Women Like Me, events - CynNam EmPower Girls). We pledge to sign up to the MotherBoard and Bristol Women in Business charters.

  Wellbeing

  Our workplace culture prioritises employee health and wellbeing from the top down. During call-off, we will agree with the Buyer a specific plan, timescales and reporting (via our Social Values Dashboard) to demonstrate our commitment to wellbeing. This plan will introduce new initiatives and build on our existing efforts. We offer hybrid working and flexible working policies support our workforce. 96% of employees reported a positive work-life balance in our 2024 engagement survey. Our comprehensive employee benefits package includes private medical insurance, a health cash plan and access to counselling (LifeWorks Employee Assistance Programme). We offer financial support and advice via Bippit, and a cycle-to-work scheme. We provide good physical workplace conditions, including an on-site gym, ‘wellness room’ and free lunch and healthy snacks. We actively promote wellbeing resources, e.g. ‘wellness action plans’, and signpost local/national services. Trained mental health first aiders are on hand to support our people. Managers undertake workplace mental health training to support mental health conversations during 121s and signposting to resources. Our people policies align to the 6 standards of the ‘Mental Health at Work’ framework. We run a bi-annual engagement survey to gather employee feedback. We have a strong focus on cooperative team behaviours and encourage conflict to be dealt with maturely and respectfully. We collaborate with our customer teams throughout contract design and delivery. Prioritising engagement, we ensure contracts align with customer needs and values. We frequently provide our customers with access to co-working spaces onsite. This increases the unplanned interactions that are vital to reduce project risk, builds long-term trust, and facilitates faster organisational learning, thereby creating greater productivity. We communicate with customers about our dedication to community wellbeing and actively engage ensuring alignment with their needs. These efforts aim to foster strong, integrated communities where everyone feels valued and supported.

Pricing

• Price: £550 to £1,450 a unit a day
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: A full stack free trial is provided. This will be limited to an initial 3 week period but can be extended on request.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@rowdentech.com. Tell them what format you need. It will help if you say what assistive technology you use.