Entrust Datacard (Europe) Limited

Cloud Based PKI as a Service (PKIaaS)

Entrust PKI-as-a-Service provides certificate issuance, management, and status services at the scale, speed, security, and simplicity required of modern business. PKIaaS provides preconfigured certificate profiles to secure use cases through turnkey approaches, solving customer problems while making them straightforward and simple to consume.

Features

• CA Bundle including Online Root, Issuing CA & OCSP Service
• Microsoft Auto Enrollment [WSTEP] Certificate Enrollment Gateway
• SCEP Certificate Enrollment Gateway
• Intune Certificate Enrollment Gateway
• ACME Certificate Enrollment Gateway
• Mobile Device Management [MDM] Enrollment Gateway
• Smart Card Enrollment Service
• Code Signing Enrollment Service
• S/MIME Enrollment Service
• Easy administration with centralized web based tools

Benefits

• Highly secure, highly available PKI designed for turnkey operation
• Simplified Deployment & Migration
• Chain to your existing root or establish new chains
• Rapid provisioning of preconfigured CAs for your use case
• Create & destroy issuing CAs in minutes
• Control of your PKI without the management
• The assurance you expect from Entrust with dedicated CAs
• Protected keys in our datacenters by Entrust nShield HSMs
• Eliminate 100% of your on premise PKI infrastructure
• Manage public and private estates from a single cloud console

£6,017.93 an instance a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at robert.hann@entrust.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

334946678152708

Contact

Robert Hann
07818 552411
robert.hann@entrust.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Private cloud
  • Hybrid cloud
• Service constraints: This solution is provided as a service, there are no on prem deployments.
• System requirements: Access via any current up-to-date web browser is supported

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support is provided by phone, email & chat from 8:00 PM EST Sunday to 8:00 PM EST Friday. Our SLA targets a response time of 8 hours for Severity 1, 2 Business days for Severity 2 & 3 Business days for Severity 3. These SLA's are halved with our Platinum Support service. https://www.entrust.com/-/media/documentation/licensingandagreements/entrust-certificate-solutions-hosted-support-schedule-lg.pdf
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Online chat can be accessed from within the console. Chat is available from 8:00 PM EST Sunday to 8:00 PM EST Friday.
• Web chat accessibility testing: No accessibility testing has been performed on this service.
• Onsite support: Yes, at extra cost
• Support levels: Silver support is included as standard, this is available 24x 5 from 8:00 PM EST Sunday to 8:00 PM EST Friday. This can be upgraded to Platinum Support which is available 24x7 for an additional cost.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Provision for the user base includes a online and searchable help function. To make the transition as seamless as possible, Entrust will offer free training sessions to ALL administrators. ; Training can be provided to include: ; Complete overview of Certificate Management Service features & functionality, ; Review of certificate types & licensing approach,; Entrust best practices,; Future roadmap.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: All customer data can be exported upon contract end, via the reporting centre in CSV format.
• End-of-contract process: Customer has the option to renew their service and certificates. If the customer decides not to, then all live certificates are revoked at the end of the subscription term at which point the service is switched off.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Access to the management platform is via any up-to date web browser and access is possible via a mobile device.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Accessible from any web browser, an intuitive dashboard delivers critical insights in real-time reporting on actionable activity that helps you avoid security lapses and stay in compliance.
• Accessibility standards: None or don’t know
• Description of accessibility: The management console is accessed via a web browser. Administrators will have unique login credentials & access the portal via two factor authentication.
• Accessibility testing: No accessibility testing has been undertaken.
• API: Yes
• What users can and can't do using the API: Entrust includes a REST API that exposes certificate management functionality. Using the ECS API, you can integrate with your application to add the ability to manage the certificate lifecycle. Administrators can configure two-factor access using a client certificate in conjunction with Basic Authentication (userid and password).
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Various aspects of the management portal can be configured to enable a user specific experience. The Dashboard can be configured to reflect various reports that are available or have been customised for the the user. This includes creations of graphical interfaces to enhance the visual look and feel. Email alerts can be created based on thresholds or best practices.

Scaling

• Independence of resources: Entrust’s solution has been developed for large-scale enterprise deployments, and is designed to address both high scalability and redundancy requirements.

Analytics

• Service usage metrics: Yes
• Metrics types: Entrust can provide comprehensive usage and compliance reporting, this includes a variety of system, administration and management reports.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Administrators can export the relevant detail via API or CSV export via the management console.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Entrust PKI as a Service is available for certificate issuance (24) hours per day, seven (7) days per week, excluding planned maintenance windows. During periods of high activity, Entrust Support strives to maintain SLA in accordance with the customers chosen support plan. https://www.entrust.com/-/media/documentation/licensingandagreements/entrust-certificate-solutions-hosted-support-schedule-lg.pdf
• Approach to resilience: Available upon request
• Outage reporting: Service disruption reports are proprietary, however customers are notified via email alerts & our management console dashboard of all planned or unplanned service outages.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: The Entrust Certificate Management Service supports the use of role based access which includes a Super-Admin, Sub-Admin, Requester and API user roles. All roles require authenticated access and the rights and permissions are authorised based on the principle of least privilege.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: A0Lign
• ISO/IEC 27001 accreditation date: 4/12/2016
• What the ISO/IEC 27001 doesn’t cover: See certificate
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: ISO 27001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO 27001 Certified

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We abide by our change management policy and procedure.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We adhere to our Threat and Vulnerability Standard. Patches are deployed based on the severity/need of the patch. We gather intelligence from the following: IT-ISAC, DHS - HSIN, Infragard, TruStar, ThreatStream, Anomali, Twitter, Google Alerts.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: We follow our Information Security and Privacy Incident Management Policy; Information Security and Privacy Incident Management Standard. Response times are dependent on severity of issue.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We follow our info security policies and procedures. These have been vetted as part of our ISO 27001 certification process. Information Security and Privacy Incident Management Policy. Information Security and Privacy Incident Management Standard.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Environment – Our goal is to manage our manufacturing, warehousing, distribution, and office facilities to minimize ecological impact. Entrust maintains an ISO 14001 certification at its headquarters and principal manufacturing facility and is working to set organizational carbon reduction goals to achieve net zero carbon emissions by 2050. We also comply with important environmental measures such as REACH, RoHS, and Proposition 65 where applicable to our business.

  Tackling economic inequality

  Diversity, Equity and Inclusion – Entrust has established concrete goals to build a more diverse workplace and supplier base. We actively promote an inclusive and welcoming culture across our business through our Entrust Includes initiative and we look for suppliers that embrace similar values through our formalized supplier diversity program.

  Equal opportunity

  Diversity, Equity and Inclusion – Entrust has established concrete goals to build a more diverse workplace and supplier base. We actively promote an inclusive and welcoming culture across our business through our Entrust Includes initiative and we look for suppliers that embrace similar values through our formalized supplier diversity program.

  Wellbeing

  Diversity, Equity and Inclusion – Entrust has established concrete goals to build a more diverse workplace and supplier base. We actively promote an inclusive and welcoming culture across our business through our Entrust Includes initiative and we look for suppliers that embrace similar values through our formalized supplier diversity program.

Pricing

• Price: £6,017.93 an instance a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Time limited trials available.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at robert.hann@entrust.com. Tell them what format you need. It will help if you say what assistive technology you use.