Ve3 Global Ltd

CloudHealth Secure State

CloudHealth Secure State is a sophisticated security and compliance monitoring platform designed for multi-cloud environments. It aids organizations in minimizing risk and safeguarding millions of cloud resources. By quickly identifying and rectifying security violations and promoting best practices, CloudHealth Secure State ensures that your cloud infrastructure remains secure and compliant

Features

• Cost analysis and optimisation

Benefits

• Increase visibility through data collection and consolidation

£175 to £850 a unit

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at prime@ve3.global. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

314110082627004

Contact

Nikhil Alex
02045520840
prime@ve3.global

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: CloudHealth Secure State may need read access to your cloud service provider's (CSP) logging database or the installation of collectors on certain resources, depending on the specific monitoring and alerting requirements you have. This setup ensures that the platform can effectively track and analyze security data to maintain a robust security posture
• System requirements: Web Browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: VMware's Cloud Service Support Policies detail the response times for issues based on their severity, which are published here: VMware SaaS Support Policies. Response times vary by the severity of the issue, as follows:; ; Critical (SaaS Severity 1): Response within 30 minutes, available 24/7.; Major (SaaS Severity 2): Response within 4 business hours.; Minor (SaaS Severity 3): Response within 8 business hours.; Cosmetic (SaaS Severity 4): Response within 12 business hours.; Please note that response times may differ on weekends and depending on the specific support package selected.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: Please refer to our website for support details: https://www.vmware.com/support/services/production.html; Professional Services support available on request, also available; as an add-on is the CloudHealth Customer Success Package, that enables customer success through an initial 90-day on-boarding process, and continuing services to help drive value and adoption of the CloudHealth platform
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We offer a detailed pre-installation checklist that outlines all the technical prerequisites needed for a smooth implementation. Our Account Executives and Professional Services team will guide you from the initial pre-implementation discussions to the final transition to our Global Support Team.; ; After completing all implementation steps, you will have ongoing access to our extensive professional services, including global Support Services, comprehensive technical documentation, and a well-maintained knowledge base. Additionally, we provide a wide-ranging catalog of training resources tailored to different levels of product knowledge and technical skills, suitable for various administrator roles. Training options include on-demand access to product documentation, instructional videos, online forums, and instructor-led training courses
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: CloudHealth Platform operates on a copy of the Cloud provider billing data available directly to customers. All platform custom reports and customer configurations are available for download and export via CloudHealth platform UI in various formats
• End-of-contract process: When your Service Offering instance is terminated, you will permanently lose access to the environments, the services will be discontinued, and the environments and configurations will be deleted. However, we will retain your content in our backup systems for 90 days after termination. If you need to extract your content from the Service Offering—and haven't done so before the termination of your subscription—you must inform us within 30 days following the termination date. We will assist you in extracting the content, but please be aware that fees will apply for this service. If we are not notified within this 30-day window, your content will be permanently erased and cannot be recovered.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The user interface is designed to be straightforward, user-friendly, and responsive, ensuring ease of use across various devices. It features interactive dashboards, advanced filtering, robust search capabilities, and customizable user preferences. These features equip IT administrators with the necessary tools and information to make informed decisions efficiently
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Following regulations of WCAG 2.1 appropriate level of testing hasbeen done to meet the requirements
• API: Yes
• What users can and can't do using the API: https://api.securestate.vmware.com; Documentations on API support frequently changes, please refer to the above URL for the most up to date information
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: Our solution is designed to meet stringent requirements for high availability and redundancy. We prevent any single points of failure by incorporating redundant equipment, networks, power sources, and clustering critical components.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: VMware

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Customers can run reports on demand or schedule reports to run from the console at any time
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats: CSP API's

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Please see the URL for the current SLA:https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/downloads/eula/vmw-cloudhealth-secure-state-service-level-agreement.pdf
• Approach to resilience: Our solution adheres to stringent standards for high availability and redundancy. We ensure there are no single points of failure by employing redundant equipment, network infrastructure, power sources, and clustering critical components. For further details on applicable controls, please refer to the third-party SOC2 attestation report for CloudHealth.
• Outage reporting: https://status.vmware-services.io/

Identity and authentication

• User authentication needed: Yes
• User authentication: Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: We adhere to a formal Access Control policy delineating roles and responsibilities for Asset Owners, Asset Custodians, and Users to ensure appropriate access to information assets. Strong passwords and Multi-Factor Authentication (MFA) are mandatory for accessing production environments and corporate resources, with password policies developed in line with industry best practices and technically enforced. All access privileges are enforced using role-based access control, separation of duties, and the principle of least privileges. Access to production environments necessitates two-factor authentication, utilizes Active Directory (AD) credentials, and is restricted to authorized members of relevant teams.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: EGAC
• ISO/IEC 27001 accreditation date: 06/01/2024
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO 27000-ISO 222301
  • ISO 20000-1
  • ISO 14000-1
  • ISO 90000

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Our Information Security Program follows industry best practices and regulatory standards, such as NIST SP800-53 and ISO 27001. We maintain our own Information Security Program and Policies to safeguard customer data hosted in our systems, conducting annual reviews and audits to ensure the integrity of our hosted offering. The VMware Information Security team oversees the enforcement, development, and upkeep of information security policies and standards to preserve VMware Information Assets in a secure environment, aligning with generally accepted best practices and VMware's business and risk objectives. They update policies in response to evolving threats and technologies, conduct periodic reviews of policies and standards, and assess exceptions to information security policy and standards. Our Information Security team ensures organizational compliance, while team leads collaborate with IT and HR teams to enforce compliance at the department level.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We uphold a documented Configuration Management policy aligned with industry best practices to fortify the SaaS environment, alongside a Change Control Policy governing alterations. Changes to the Configuration Management policy undergo scrutiny through the Change Management process, which encompasses approval, testing, implementation, and rollback. Support staff initiate changes via a change control form, reviewed by the Change Advisory Board team for completeness, impact, and scheduling, categorized by severity level. Approved changes are scheduled, alerts are issued to relevant groups, followed by testing, validation, and closure post-implementation.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We receive threat intelligence and explore threat resolutions through the VMware Security Response Center. Regular internal and external vulnerability assessments are conducted on the SaaS environment, employing a risk methodology aligned with NIST standards. This methodology involves identifying and characterizing threats, assessing vulnerability of critical assets, determining risk, identifying risk reduction measures, and prioritizing them based on strategy.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our cloud support team has configured the system to alert IT personnel about high CPU utilization, limited disk space, memory issues, service failures, bandwidth utilization, power consumption, and other performance metrics. IT Operations subscribes to relevant vendor security and bug-tracking mailing lists. Following severity and impact analysis, network, utility, and security equipment undergo patching or upgrades.
• Incident management type: Supplier-defined controls
• Incident management approach: We maintain an Incident Management Plan as part of our Information Security Program. Incidents are reported and resolved by the appropriate Cloud Operations team and senior management if necessary. Alerts, responses, and resolutions are tracked to completion. In the rare event of an incident, affected customer data is notified within two business days. Incident logs are reviewed by relevant support personnel for analysis and remediation to prevent similar incidents in the future, with all remediation actions approved by our Information Security Governance Committee.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Our G-Cloud service provision is deeply committed to fighting climate change, recognizing the urgent need for collective action to address environmental challenges. Here's how our services deliver against this social value theme:; ; Environmental Sustainability in Operations:; We prioritize running efficient operations to reduce emissions and minimize environmental impacts. This includes implementing energy-efficient practices, optimizing resource usage, and adopting renewable energy sources wherever possible within our data centers and infrastructure.; ; Promoting Sustainable Practices:; VE3 actively engages with our suppliers and clients to promote sustainable business practices. Through our services, we advocate for the adoption of environmentally friendly technologies, responsible sourcing, and waste reduction strategies, thereby reducing carbon footprints across the supply chain.; ; Responsible by Design Framework:; Our G-Cloud services adhere to a 'Responsible by Design' framework, ensuring that environmental considerations are integrated into the development and deployment of digital solutions. By prioritizing environmental protection and minimizing negative impacts, we strive to deliver sustainable outcomes for our clients.; ; Training and Education:; VE3 invests in training and education programs focused on environmental sustainability. Through initiatives like the Sustainability Quotient (SQ) training, we equip our teams with the knowledge and skills to adopt climate-smart behaviors and implement environmentally conscious practices in their work.; ; Community Engagement:; We actively engage with communities to support environmental objectives and promote climate action. By partnering with local organizations and stakeholders, we contribute to initiatives aimed at addressing climate change, such as tree planting programs, clean energy projects, and environmental education campaigns.

  Covid-19 recovery

  Our G-Cloud service provision plays a crucial role in supporting the COVID-19 recovery effort by facilitating resilience, adaptation, and innovation in the face of unprecedented challenges. Here's how our services contribute to the recovery process:; ; Remote Work Enablement:; VE3's digital solutions empower organizations to transition to remote work seamlessly. By providing secure and reliable cloud-based infrastructure, collaboration tools, and remote access solutions, we enable businesses to maintain productivity while ensuring the safety and well-being of their employees.; ; Business Continuity Planning:; We assist organizations in developing and implementing robust business continuity plans to mitigate disruptions caused by the pandemic. Our services include data backup and recovery solutions, disaster recovery planning, and resilience testing to ensure operational continuity in the face of unforeseen events.; ; Digital Transformation Acceleration:; VE3 accelerates digital transformation initiatives to help organizations adapt to the new normal. By modernizing legacy systems, implementing cloud-based technologies, and digitizing processes, we enable businesses to optimize efficiency, improve agility, and remain competitive in a rapidly evolving landscape.; ; Healthcare Support Solutions:; We provide specialized healthcare support solutions to assist frontline workers and healthcare organizations in responding to the COVID-19 crisis. This includes telemedicine platforms, patient management systems, and data analytics tools to enhance patient care, streamline operations, and support decision-making processes.; ; Economic Stimulus through Innovation:; VE3 fosters innovation and entrepreneurship to stimulate economic recovery in the aftermath of the pandemic. Through our G-Cloud services, we support startups, small businesses, and enterprises in developing and deploying innovative solutions that address emerging challenges, create new opportunities, and drive economic growth.

  Tackling economic inequality

  We recognize the importance of tackling economic inequality and are committed to leveraging our G-Cloud service provision to address this pressing social issue. Here's how our services contribute to tackling economic inequality:; ; Access to Affordable Technology:; We strive to make cutting-edge technology accessible and affordable to all, regardless of economic status. By offering scalable and cost-effective cloud-based solutions, we enable organizations, including small and medium-sized enterprises (SMEs) and underserved communities, to access the tools and resources they need to compete in the digital economy.; ; Skills Development and Training:; VE3 invests in skills development and training programs to empower individuals with the knowledge and expertise needed to thrive in the digital age. Through initiatives like online courses, certifications, and workshops, we equip people from diverse backgrounds with the skills required for high-demand roles in technology and innovation, thereby enhancing their employability and economic prospects.; ; Support for Minority-Owned Businesses:; We actively support minority-owned businesses and entrepreneurs by providing access to mentorship, networking opportunities, and resources to help them grow and succeed. Through initiatives like supplier diversity programs and partnerships with minority business organizations, we promote inclusion and diversity in the technology sector and contribute to creating more equitable economic opportunities.; ; Digital Inclusion Initiatives:; VE3 is committed to promoting digital inclusion and bridging the digital divide by ensuring that everyone has access to essential digital services and technologies. We collaborate with governments, nonprofits, and community organizations to implement initiatives such as digital literacy programs, affordable internet access schemes, and community technology centers, thereby empowering underserved populations and promoting economic equity.; ; Fair and Transparent Procurement Practices:; We adhere to fair and transparent procurement practices to create opportunities for businesses of all sizes and backgrounds to participate in government contracts and procurement processes.

  Equal opportunity

  We are deeply committed to promoting equal opportunity and fostering diversity and inclusion in all aspects of our G-Cloud service provision. Here's how our services contribute to advancing equal opportunity:; ; Diverse Workforce and Inclusive Culture:; VE3 prioritizes building a diverse workforce and fostering an inclusive culture where all individuals, regardless of background or identity, have equal opportunities to succeed and thrive. We promote diversity in recruitment, hiring, and talent development processes, and actively support initiatives that celebrate and embrace differences.; ; Equal Access to Opportunities:; We are dedicated to ensuring equal access to opportunities for all individuals, including those from underrepresented or marginalized communities. Through our G-Cloud services, we strive to create pathways for inclusive economic participation by providing access to training, resources, and support for entrepreneurship and career advancement.; ; Supplier Diversity and Inclusion:; VE3 promotes supplier diversity and inclusion by actively seeking out and partnering with businesses owned by minorities, women, veterans, LGBTQ+ individuals, and other underrepresented groups. We believe in creating a diverse and inclusive supplier ecosystem that reflects the communities we serve and fosters economic empowerment for all.; ; Accessibility and Inclusive Design:; Our G-Cloud services are designed with accessibility and inclusivity in mind, ensuring that everyone, including individuals with disabilities, has equal access to digital platforms, applications, and services. We adhere to accessibility standards and guidelines to remove barriers and create seamless user experiences for all users.; ; Education and Skill Development:; VE3 invests in education and skill development initiatives to empower individuals with the knowledge and capabilities needed to succeed in the digital economy. Through partnerships with educational institutions, nonprofits, and community organizations, we provide access to training programs, scholarships, and mentorship opportunities that promote equal opportunity and career advancement.

  Wellbeing

  We prioritize the wellbeing of individuals and communities in all aspects of our G-Cloud service provision. Here's how our services contribute to enhancing wellbeing:; ; User-Centric Design:; VE3 designs our G-Cloud services with a user-centric approach, prioritizing usability, accessibility, and intuitive design. By focusing on the needs and preferences of users, we create digital experiences that enhance overall wellbeing by reducing frustration, stress, and cognitive load.; ; Health and Safety Protocols:; We implement robust health and safety protocols to protect the wellbeing of employees, clients, and partners. This includes adherence to strict security standards, data privacy regulations, and compliance with industry best practices to ensure the safety and integrity of our digital infrastructure and services.; ; Promotion of Work-Life Balance:; VE3 recognizes the importance of work-life balance in maintaining overall wellbeing. Through our G-Cloud services, we enable remote work, flexible scheduling, and collaboration tools that empower individuals to achieve a healthy balance between their professional and personal lives, leading to greater job satisfaction and wellbeing.; ; Mental Health Support:; We prioritize mental health support for our employees and clients by offering resources, programs, and initiatives aimed at promoting mental wellbeing. This includes access to counseling services, mindfulness training, stress management workshops, and employee assistance programs designed to support individuals in times of need.; ; Community Engagement and Social Impact:; VE3 actively engages with communities to address social determinants of health and promote holistic wellbeing. Through partnerships, philanthropic initiatives, and volunteer efforts, we support local organizations and projects focused on improving access to healthcare, education, housing, and other essential services that contribute to overall community wellbeing.; ; Environmental Sustainability:; We are committed to environmental sustainability as a core component of wellbeing. By prioritizing eco-friendly practices, resource conservation, and carbon reduction efforts in our operations and services, we contribute to creating a healthier and more sustainable environment.

Pricing

• Price: £175 to £850 a unit
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at prime@ve3.global. Tell them what format you need. It will help if you say what assistive technology you use.