CloudOzone - Google Cloud Landing Zone service
The solution deploys a foundational set of capabilities that is designed to align with Google Cloud best practices and multiple global compliance frameworks. With this Solution, you can better manage and govern your multi-account Google environment that have highly-regulated workloads and complex compliance requirements. It provides a comprehensive, low-code solution.
Features
- secure-by-design architecture
- Patching, security, backups, and monitoring of compute instances and databases
- Google Cloud Reseller service procured and managed on your behalf
- Secure User Management
- Governance Framework
- Operational Security
- Asset Protection and Resilience
- Data in Transit protection
- Seperation between customers
- Secure Development
Benefits
- It support Principle 14 NCSC published cloud security guidance
- Implement architecture essential to scalability
- 2X Faster Cloud Adoption
- Manage and ensure business continuity with potentially high demand
- Optimal Infrastructure and Cost Management
- Innovate faster, reduce costs and operate more securely with AWS
- Monitoring & Alerting
- Google Cloud Well Architected framework
- 20% Reduction in IT staff management costs
- Improved business productivity and Cost effective design
Pricing
£400 a user a day
- Education pricing available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
4 9 2 4 3 3 7 9 7 7 1 4 4 8 2
Contact
DolpTec
Azeem Shaikh
Telephone: 02081356162
Email: azeems@dolptec.com
Service scope
- Service constraints
- DolpTec specializes in delivering services on hyperscaler cloud platforms such as Microsoft Azure, Google Cloud and Amazon AWS. While we offer end-to-end services from cloud advisory, design, development and managed services to our global customers, we have observed that few services provided by these cloud service provider have some limitations/constraints in terms of features and functionalities. In these situations, we closely work with service providers as a preferred partner and come up with a solution to mitigate this constraints.
- System requirements
- As Defined with Service Delivery Manager during consultation
User support
- Email or online ticketing support
- Yes, at extra cost
- Support response times
- Priority incidents can be responded up to 15 Minutes. Overall response time matrix will be agreed as part of Service Level Agreement with Client.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 A
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Yes, at an extra cost
- Web chat support availability
- 9 to 5 (UK time), 7 days a week
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- We can support with multiple options including 24x7 support and other. Support Model will be decided on agreement with client.
- Web chat accessibility testing
- None
- Onsite support
- Yes, at extra cost
- Support levels
-
We provide tiered support to provide the best possible service in the most possible efficient manner.
1. Level 1 / L1 support: This is the initial support level responsible for basic customer issues that do not require any developer intervention. Typical activities include support required related to usage of the system, educating the user, resolving configuration issues.
The first job of a Level-1 specialist is to gather the user’s information and to determine the user’s issue by analyzing the symptoms and figuring out the underlying problem. Once identification of the underlying problem is established, the specialist can begin sorting through the possible solutions available.
2. Level 2 / L2 support: This is a more in-depth technical support requiring experienced and more knowledgeable personnel on a product or service. For this level of support of developer intervention is required but there is no change in functionality.
3. Level 3 / L3 support: This is the highest level of support in a three-level support model responsible for handling the most difficult or advanced problems. This support involves developer intervention with functionality level changes. Complete life cycle needs to be executed to implement such changes. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
We provide a User Documentation pack for users of our Services.
All staff performing services has received extensive onsite training.
Apart from these, we also provide a handover training to customer users once the service is setup which will enable client users to get started quickly on the system. - Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- Users may take advantage of online data tool provided by the service provider or make a request and data will be provided to them and in all cases, the customer is responsible for extracting all data prior to the contract end.
- End-of-contract process
- At the end of the contract, the access of the users to application will be removed. Customer proprietary documentation access to the users should be revoked. All the revoking steps must be documented and signed off by the customer. In Flight project, documentation and knowledge transfer is provided to the customer and the new vendor in a series of arranged sessions. All documentation regarding the customer environment is handed over to the customer. We also provide a transition to the vendor who is taking over the management of the system and the scope of services being provided under the current contract.
Using the service
- Web browser interface
- Yes
- Using the web interface
- Our web interface can be used by all clients to view, manage and respond to support tickets. Self-managed customers can also use our web interface to manage their database and uploaded files and to view their log entries.
- Web interface accessibility standard
- WCAG 2.1 A
- Web interface accessibility testing
- Basic Testing
- API
- No
- Command line interface
- Yes
- Command line interface compatibility
-
- Linux or Unix
- Windows
- MacOS
- Other
- Using the command line interface
- Resource and configuration management can be done through the command line interface. All functionalities for the resources under management are done through the provided web interface.
Scaling
- Scaling available
- Yes
- Scaling type
-
- Automatic
- Manual
- Independence of resources
-
All environments are sized and architected for the Clients environment using network and component separation provide by the Cloud providers. Each user is accessing the defined services for their specific organisation on Google Cloud .
Services which provide virtualized operational environments to customers (i.e. Compute Engine) ensure that customers are segregated via security management processes/controls at the network and hypervisor level.
Google Cloud capacity planning model supports the planning of future demands to acquire and implement additional resources based upon current resources and forecasted requirements. - Usage notifications
- Yes
- Usage reporting
-
- API
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- HTTP request and response status
- Memory
- Network
- Number of active instances
- Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- Amazon Web Services, Google Cloud, Azure Cloud, OVHCloud
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Supplier-defined controls
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with another standard
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- A third-party destruction service
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- Full solution backup via Amazon Snapshots
- Compute Engine instances, Databases, Machine Image , Entire Systems
- Bespoke backup service considering client's RTO and RPO needs.
- Online, off-line and off-site backup services.
- Automated or manual backup operations as needed by client.
- Granular backups on or off server, server of database(s)
- Encrypt data and keep it for extended period
- Incremental backups
- Routine backup testing service.
- Remote Backup
- Backup controls
- Backup schedules are agreed in advance with the users. During the contract, changes to the schedule are enabled through change control
- Datacentre setup
- Multiple datacentres with disaster recovery
- Scheduling backups
- Users contact the support team to schedule backups
- Backup recovery
-
- Users can recover backups themselves, for example through a web interface
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- We use public cloud service provider such as, AWS, Azure, Google Cloud etc. So availability that are guaranteed by these cloud providers is what customer would avail. The standard SLA's are negotiated during the contract negotiation stage and we have a proven record in meeting those SLA's. Provision of support for high severity incidents (Priority 1 and 2) through on-call resources, out of hours on a 24/7 basis including weekends and Bank Holidays.
- Approach to resilience
- Resilient and recover gracefully from failures, and they continue to function with minimal downtime and data loss before full recovery. We can provide the full details on request.
- Outage reporting
- Email alerts, API triggers, Phone alerts, and Dashboards.
Identity and authentication
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
- IP restrictions, two factor authentication of approved users and protective monitoring/logging, RBAC, Strong Password, VPN Access to the cloud OPS account
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
- Devices users manage the service through
-
- Dedicated device on a segregated network (providers own provision)
- Dedicated device on a government network (for example PSN)
- Dedicated device over multiple services or networks
- Directly from any device which may also be used for normal business (for example web browsing or viewing external email)
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users receive audit information on a regular basis
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
-
- Google Cloud Professional level certification
- Google Cloud Security Certified
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- We work on all Security Policies and Processes of security which are well documented. Authorised users have thorough training on these policies, and we conduct regular security checks to ensure that these are being followed completely.
- Information security policies and processes
- We work on all Information Security Policies and Processes and GDPR levels of security which are well documented. Authorised users have thorough training on these policies, and we conduct regular security checks to ensure that these are being followed completely.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Our Requirements Management is driven by specialized Analysis practice and is a two-step process – Scope and Requirements Management. Initially in the project the focus is on understanding the breadth of requirements and defining the boundaries of the system – this is documented under a scoping document.
We perform change management at three different levels –
• Level 1 of change management is to minimize the scope of change in future
• Level 2 of change management is by tracking small scale changes in requirements
• Level 3 of change management is assessment of the impact of requirement changes - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- We keep our services under constant review. We monitor open-source intelligence and vulnerability disclosure lists OWASP API Security Top 10 in order to discover new vulnerabilities. We also proactively seek out vulnerabilities in components we use and disclose them responsibly. We treat security updates as high-priority work. We regularly carry out penetration testing, both on behalf of our clients and of our own, and use the results to harden and improve our services, and to model new potential threats and attacks.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Log monitoring, Data leak prevention controls, incident monitoring and risk monitoring are performed as protective monitoring processes.
- Incident management type
- Supplier-defined controls
- Incident management approach
- We have defined incident management process where users can report incidents. Details available upon requests.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Supplier
- Virtualisation technologies used
- Hyper-V
- How shared infrastructure is kept separate
- The subscriptions are created for specific customer on public cloud service provide such as AWS, Azure, Google Cloud etc. The public cloud service provider ensure that no two subscriptions/accounts are mixed with each other.
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
- Major CSP datacentres deployed in EU regions adhere to the EU Code of Conduct.
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
We continue to vigorously pursue our carbon reduction policies, and would start publishing our Carbon Reduction plan on our website. Our move towards hybrid working in recent times and promotion of car sharing and public transport plans reduces staff vehicle emissions when we do commute to our offices.Covid-19 recovery
We have been able to retain full employment and activity throughout the pandemic. We have supported employees with their working from home arrangements with extra equipment and additional work-related support, with a focus on preventing loneliness and looking out for those whose mental health might be suffering.Tackling economic inequality
We continue to grow our business, acquiring further premises and hiring more staff. As an responsible and ethical business, towards its people, every employee is rewarded in the success and profits of the company.Equal opportunity
At DolpTec we are committed to encouraging equality, diversity and inclusion among our workforce, and eliminating unlawful discrimination. The aim is for our workforce to be truly representative of all sections of society and our customers, and for each employee to feel respected and able to give their best. The organisation - in providing goods and/or services and/or facilities - is also committed against unlawful discrimination of customers or the public.Wellbeing
The quality of the working environment and the wellbeing of staff is at the heart of our culture. We have a dedicated Mental Health and Wellbeing Facilitator who curates and shares ideas and tasks to help maintain and improve mental health and wellbeing at DolpTec. The facilitator is currently investigating Employee Assistance Programs which can be used to promote good mental health and wellbeing in a work environment and can offer additional support above the fantastic support network we already have in place.
Pricing
- Price
- £400 a user a day
- Discount for educational organisations
- Yes
- Free trial available
- No