PROCESS360 LTD

Google Apigee Cloud Hosting and Support

Google Cloud Platform's Apigee offers a robust Cross Cloud API Management solution, enabling seamless integration and full lifecycle management of APIs across GCP, AWS, Azure, and on-premises data centers. Key features include monitoring, alerting, logging, and rate limiting within a unified API gateway.

Features

• Instantly scales applications based on the request demand.
• Serverless services, no infrastructure management required.
• High performance with global scaling capabilities
• Fully managed Platform-as-a-Service environment with minimal operational overhead
• Carbon neutral, highly efficient data centers
• Advanced observability, monitoring, and alerting via Google Stackdriver
• Service patching without disruptions; no maintenance windows
• Seamless integration with other public cloud services
• Simplified multi-region deployments and redundancy
• Fully managed Platform-as-a-Service environment with minimal operational overhead

Benefits

• Centralizes API management across clouds and on-premises.
• Effortlessly scales to manage high API traffic volumes.
• Enhances security with OAuth and API key verification.
• Offers comprehensive analytics for performance tracking.
• Developer portals boost engagement and simplify testing.
• Implements rate limiting to maintain service reliability.
• Supports full API lifecycle from creation to retirement.
• Enables payload transformation between XML and JSON.
• Provides out-of-the-box policies for API tasks.
• Seamlessly integrates with multiple backend services and clouds.

£0.01 a unit

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@processthreesixty.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

305618490608734

Contact

Shauzab Khan
00447477572324
info@processthreesixty.com

Service scope

• Service constraints: No
• System requirements: None

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: L1 - 1 hour response time (24/7); L2 - 12 hour response time; L3 - 24 hour response time; L4 - 2 business days response time
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Cloud support engineers provide 1st, 2nd, and 3rd line support, and depending on client needs, a technical account manager may also be assigned. The basic service is offered at a fixed cost of £3,600 per month and can be tailored based on the required support levels, response and resolution times, and hours of availability. Support requests are categorized and managed according to standard L1, L2, L3, L4 classifications. Available support channels include web, phone, and email. A Service Level Agreement (SLA) is clearly defined and provided to the customer as part of the service transition into their live operational environment.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Getting Started Guide: Offers a basic introduction to Google Cloud, guiding new users through the initial steps of setting up and starting their project.; Getting Started: cloud.google.com/getting-started/; Online Documentation: Provides detailed documentation covering all aspects of Google Cloud services, including step-by-step instructions.; Online Documentation: cloud.google.com/docs/; Training Sessions: Google Cloud offers training sessions that can help users understand how to deploy, manage, and scale applications.; Training Sessions: cloud.google.com/training/; Google Developers Codelabs: These are hands-on tutorials that offer guided coding experiences, perfect for learning in a structured way.; Google Developers Codelabs: codelabs.developers.google.com/; Best Practices: Guidance on best practices specifically tailored for enterprise organizations looking to optimize their Google Cloud operations.; Best Practices: cloud.google.com/docs/enterprise/best-practices-for-enterprise-organizations; Free Tier: Google Cloud offers a free tier, which allows users to explore and use various Google Cloud services at no cost, ideal for beginners and small projects.; Free Tier: cloud.google.com/free/
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Google's strategy for enabling user flexibility and avoiding vendor lock-in involves a combination of open APIs, open-source technology, and comprehensive data management services. Here's a more organised look at how Google supports data mobility and control:; ; Open APIs and Open Source Technology; Ease of Data Movement: Google's adoption of open APIs and open source technologies facilitates seamless data transfers across different cloud environments, helping to avoid vendor lock-in.; ; Data Import/Export Services; Third-Party Solutions: Google offers solutions for offline data import and export that enable users to manage their data physically if online transfer isn't feasible.; https://cloud.google.com/storage/docs/offline-media-import-export; Virtual Machine Migration; VM Migration Through Partners: Migration of virtual machines is facilitated through Google’s recommended partners, ensuring a smooth transition of VMs to Google Cloud.; https://cloud.google.com/migrate/; Data Management and Legal Compliance; Google Data Processing and Security Terms: Articles 7 and 8 detail Google's commitment to user control over their data, including the ability to correct, block, export, and delete customer data as per the contractual agreement.; Assistance in Data Migration: If a customer cannot migrate their data independently, Google commits to providing reasonable assistance, at the customer’s expense, to facilitate the migration.; https://cloud.google.com/terms/data-processing-terms
• End-of-contract process: Upon the expiration or termination of the Agreement, Google provides a grace period of up to 30 days for data recovery. Following this recovery period, Google commits to deleting any data previously marked for deletion by the customer. This deletion process will be completed within a maximum timeframe of 180 days from the date of agreement termination, unless there is a legal requirement or ongoing legal process that mandates a delay in data deletion. This ensures that customer data is managed and disposed of in a secure and compliant manner, adhering to legal standards and customer expectations.

Using the service

• Web browser interface: Yes
• Using the web interface: Deploy, scale, and troubleshoot issues through an intuitive web-based interface. Securely manage and monitor all the components powering your cloud application. Apigee has standard Google dashboard console to access the interface.; https://cloud.google.com/cloud-console/
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: We are committed to enhancing the accessibility of our products and services for users of assistive technologies.
• API: Yes
• What users can and can't do using the API: Monitor API Performance: Users can access real-time analytics to monitor the performance and health of their APIs. This includes metrics like traffic volume, response times, and error rates.; Manage API Security: The dashboard allows users to implement and manage security policies such as OAuth, API key validation, and access control to secure their APIs against unauthorized access.; Deploy and Update APIs: Users can deploy new APIs and update existing ones directly from the dashboard, enabling quick rollouts and iterative updates in response to business needs or security requirements.; Configure API Products: Apigee allows users to bundle APIs into products, manage their documentation, and set quota limits and access rules to streamline the consumption process for API consumers.; Set Alerts and Notifications: Users can configure alerts based on specific API metrics or events, which helps in proactive monitoring and incident management.; ; What Users Can't Do:; ; Code Development Directly Within the Dashboard: ; API deployments with their CI/CD processes.; Detailed Customization of Underlying Infrastructure: ; Modify Built-In Analytics Engines:
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
  • Other
• Other API automation tools:
  • Jenkins
  • Openshift
  • Packer
  • Spinnaker
  • Pivotal
  • GKE
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
  • Other
• Using the command line interface: Apigee CLI, provided by Google Cloud, is a command-line interface tool that allows developers to manage their Apigee API management environment without needing to use the graphical user interface. It’s particularly useful for automation and for integrating API management tasks into continuous integration/continuous delivery (CI/CD) workflows

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: To ensure users aren't impacted by demand on our Apigee service, we employ auto scalable infrastructure that dynamically adjusts to traffic fluctuations. Each user's API traffic is isolated to prevent interference. We enforce rate limiting and quotas to maintain fair resource distribution and prevent abuse. Continuous monitoring triggers auto-scaling to meet demand, while Quality of Service policies prioritize critical traffic. Proactive support and optimization efforts ensure system reliability and efficiency. With these measures, we maintain a stable and high-performance Apigee service, guaranteeing users consistent access and reliable performance regardless of usage patterns.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email
  • SMS

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Google Cloud

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• Backup controls: The backup procedures may differ across various services, offering users flexibility in controlling backup operations. Through the web interface, command-line interface (CLI), or APIs, users have the capability to manage and customize backup settings according to their specific requirements. This empowers users to tailor backup strategies to suit their needs, ensuring efficient data management and security across different service offerings.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery: Users can recover backups themselves, for example through a web interface

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection between networks: Securing data in transit is a top priority for Google. Google has pioneered several initiatives to enhance encryption standards, including enabling HTTPS/TLS by default and upgrading all RSA certificates to 2048-bit keys. This ensures robust encryption for data traveling across Google Cloud Platform and other Google services. Additionally, Google implements Perfect Forward Secrecy (PFS) to mitigate the impact of compromised keys or cryptographic vulnerabilities. PFS safeguards network data by employing short-term keys held only in memory, minimizing the risk associated with long-term key exposure. Learn more about Google's security measures at cloud.google.com/security/.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Please refer GCP Apigee SLA at https://cloud.google.com/terms/sla/
• Approach to resilience: Google's approach to maintaining resilience and minimizing geographical disruptions involves operating a global network of data centers. These data centers are strategically located to ensure stability and reduce risks associated with any regional failures. Google's infrastructure is designed with built-in redundancy and failover capabilities, meaning it does not rely on external providers for these functions. Furthermore, Google conducts annual tests of its business continuity plans. These tests simulate catastrophic events to assess and enhance Google's readiness and response strategies for potential real-world disruptions. You can read more about these practices in detail in Google's documentation https://cloud.google.com/files/Google-Cloud-CSA-CAIQ-January2017-CSA-CAIQ-v3.0.1.pdf
• Outage reporting: Please refer Google's public dashboard at; ; https://status.cloud.google.com/; ; The dashboard can be personalised to suit individual needs.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Username or password
  • Other
• Other user authentication: MTLS
• Access restrictions in management interfaces and support channels: Google Cloud Identity & Access Management (IAM) empowers administrators to manage resource access, granting control and visibility over cloud resources. With IAM, enterprises with complex structures gain a unified view of security policies across their organization. Granular controls allow defining access policies at the project level using users, groups, or ACLs. Built-in auditing facilitates compliance. For more information, visit cloud.google.com/iam/ and cloud.google.com/compute/docs/access/. Detailed insights are available in the Google Cloud CSA CAIQ document, Section IAM-12, at cloud.google.com/files/Google-Cloud-CSA-CAIQ-January2017-CSA-CAIQ-v3.0.1.pdf.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Devices users manage the service through:
  • Dedicated device over multiple services or networks
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Less than 1 month
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
• Other security governance standards: https://cloud.google.com/security/compliance
• Information security policies and processes: The security policies and compliance are detailed by Google at the link below.; https://cloud.google.com/security/compliance; Below security standards are followed:; - ISO27001; - ISO27017; - ISO270018

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: In Google's configuration and change management approach for the Apigee service, updates undergo thorough manual vetting to ensure system stability. Changes are meticulously tested and gradually deployed to systems. While specifics may vary per service, development is distinct from operational systems, and testing occurs in multiple stages across dedicated test environments. Under a non-disclosure agreement (NDA), we provide access to the SOC2 audit report, aligning with standards from the International Auditing and Assurance Standards Board, detailing the change management process. Moreover, code changes undergo rigorous review involving additional engineers to maintain quality and integrity.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: In Google's vulnerability management approach for Apigee, they maintain a systematic process to identify, assess, and mitigate vulnerabilities. Continuous monitoring, including automated scanning and manual inspections, ensures proactive identification of potential weaknesses. Regular vulnerability assessments prioritize issues based on severity, enabling focused remediation efforts. Prompt application of security patches and updates addresses known vulnerabilities, while comprehensive security testing, including penetration testing, identifies potential risks before exploitation. Established incident response procedures ensure swift containment and mitigation of security incidents. Compliance with industry standards and regulations, coupled with ongoing security awareness training, further strengthens Google's vulnerability management practices.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Google's security monitoring program prioritises data from internal network traffic, employee interactions with systems, and external vulnerability intelligence. Using a global network infrastructure, internal traffic undergoes rigorous inspection for anomalous behavior, including signs of botnet activity. Complementing network analysis, system logs are scrutinised to detect unusual actions, such as unauthorised attempts to access customer data. Additionally, Google actively monitors inbound security reports and stays abreast of developments on public platforms like mailing lists, blogs, and wikis. Automated network analysis assists in identifying potential unknown threats, with escalations handled by Google security experts. Please refer to Google's security whitepaper at cloud.google.com/security/whitepaper.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our incident management process for security events follows Google' NIST guidance (NIST SP 800–61), outlining actions, notification, escalation, mitigation, and documentation. Trained staff employ forensics and evidence handling, including third-party tools. Incident response plans undergo testing, particularly for systems storing sensitive customer data. Learn more at cloud.google.com/security/whitepaper.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: KVM hypervisor
• How shared infrastructure is kept separate: Google ensures that customer data is meticulously segregated by domain within its infrastructure. This method of segregation allows for the retrieval and production of data specific to an individual tenant only, enhancing data management and security. This approach is crucial for maintaining strict data privacy and access controls, as detailed in Google's documentation. For an in-depth explanation, please refer to Section AAC-03.1 in the Google Cloud documentation here. https://cloud.google.com/security/security-design/resources/google_infrastructure_whitepaper_fa.pdf; https://cloud.google.com/files/Google-Cloud-CSA-CAIQ-January2017-CSA-CAIQ-v3.0.1.pdf

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Please refer gcp https://www.google.co.uk/about/datacenters/efficiency/

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Google Cloud is actively engaged in the fight against climate change through a variety of initiatives. Operating entirely on renewable energy, Google Cloud is committed to achieving carbon neutrality, investing in renewable energy projects, and optimizing data center efficiency to minimize carbon emissions. Additionally, Google Cloud supports the development of renewable energy sources and advocates for policies promoting clean energy adoption. Through these efforts, Google Cloud is not only reducing its own carbon footprint but also contributing to the broader goal of combating climate change. For more information, you can visit cloud.google.com/sustainability.

Pricing

• Price: £0.01 a unit
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Any customer can start a trial of the service with a $300 free credit with Apigee
• Link to free trial: https://cloud.google.com/free/

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@processthreesixty.com. Tell them what format you need. It will help if you say what assistive technology you use.