Xalient Holdings Limited

Zscaler - Cloud based network security

Zscaler's Internet gateway provides secure internet access to users across any device or location inspecting all traffic including SSL. Zscaler's integrated functionality provides threat prevention, access control and data protection to all user traffic.

Features

• it is a cloud-based Security As A Service platform
• it serves as a cloud based Proxy and Firewall
• it allows application of corporate and security policies
• it has centralised administration of users and policies
• it utilises one single web interface
• it can provide comprehensive user reports in nearly real-time
• it constantly gathers global threat data
• it requires no on-premises and on-device hardware or software

Benefits

• security policies that can be pushed worldwide in seconds
• Quick to deploy with no on premises device, hardware software
• Saves time and money in security requirements on servers
• secure access to the open internet and saas apps
• zscaler provides all users everywhere with identical protection
• reduces CAPEX and OPEX compared to traditional firewalling

£0.20 to £150 a user

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidmanagement@xalient.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

524159885766997

Contact

Sherry Vaswani
+44 (0)207 096 3100
bidmanagement@xalient.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Zscaler integrates with single sign-on providers including Azure AD, RSA, Okta, OneLogin and Ping Identity to enable simplified cloud application security
• Cloud deployment model: Public cloud
• Service constraints: NO
• System requirements: NONE

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Email generated tickets will fall into one of the four call statuses and be provided a response within the times outlined below:; • P1 - Critical: 30 Minutes; • P2 - Major: 4 Hours; • P3 - Low: 12 Hours; • P4 - Minor: 24 Hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Fully managed service.; Support is commercially scoped pending a full discovery workshop phase.; Cloud support
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Service transition team.; User documentation
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: We explore this at a contract closure meeting.
• End-of-contract process: Any existing hosted services are transitioned to the customer.; All existing support contracts are terminated.

Using the service

• Web browser interface: No
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Application differences between fat client and mobile are largely the same.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Creating and downloading an audit log report of policy changes made in the Zscaler Admin Portal and in the API.; ; Managing URL white lists and black lists; Managing root certificates, Certificate Signing Request (CSRs), and intermediate certificate chains; Managing and updating URL Categories; Managing individual users, groups, and departments; Getting and updating VPN credentials for specific locations; Managing VPN tunnels for SD-WAN partner integrations; Getting Sandbox Detail Reports
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Shift displays information about your company. You can customize most of the information displayed. However, the domain name cannot be changed.; ; To change this information:; ; Click the edit icon; Upload a new logo. You can upload any image file, as long as it does not exceed 300 x 150 pixels and is a .png, .jpg, or .gif file type.; Change information about:; Name; Country ; Language; Time zone; Address; See image.; Click Save; ; Customization can be undertaken by a Zscaler administrator.

Scaling

• Independence of resources: Zscaler security as a service is delivered by a next-generation security architecture built from the ground up for performance and scalability. It is distributed across more than 100 data centers on 6 continents, which means that users are always a short hop to their applications, and we peer with hundreds of partners in major internet exchanges around the world for performance and reliability.

Analytics

• Service usage metrics: Yes
• Metrics types: Dependent on customer requirements.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Zscaler

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: CSV
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Standard SLA's are as follows:; < 30 minutes P1; < 90 minutes P2; < 4 Hours P3; ; Service credits are assigned on a person by person basis.
• Approach to resilience: Zscaler security as a service is delivered by a next-generation security architecture built from the ground up for performance and scalability. It is distributed across more than 100 data centers on 6 continents, which means that users are always a short hop to their applications, and we peer with hundreds of partners in major internet exchanges around the world for performance and reliability.; ; More technical information is available on request.
• Outage reporting: Public dashboard; Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Management access is restricted per login and further with orchestrated access via individual accounts.; ; Support access is federated via vendor support and live chat.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 31/12/2017
• What the ISO/IEC 27001 doesn’t cover: All services offered are covered
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISMS; ITIL; ISO27001

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: ITSM keeps CMDB.; All changes logged and tracked through ITSM.; All change control are set against customer SLA's, OLA's and underpinning contracts.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Threats are managed via proactive alerting with vendors.; Internal and external penetration tests.; Patches are assessed through dev and test stages then deployed as quickly as possible.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: This is handled by our proactive monitoring software which is tuned to identify threats based on specific customer requirements.; ; Incident response is SLA dependant.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are categorized by priority (P1,2 ,3 etc.); Common events are defined as part of a discovery phase and kept within the ITSM tool.; ; Incidents are reported via the service desk.; ; Reports are provided by the ITSM.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We take our responsibilities towards sustainability very seriously, encouraging all staff members to adopt sustainable practices. Our aim is to engage our staff and stakeholders in identifying and delivering environmental objectives which will eliminate, or at least minimise as far as possible any impact we have on the environment.; To date, we have offset 100 tonnes of Co2, partnering with Make It Wild who have planted trees on our behalf. We plan to offset a further 100 tonnes again this year, as we work towards achieving a carbon-neutral status.; Alongside this, we apply a ‘circular economy’ approach to the re-use of IT equipment, scalability of solutions, flexibility of services and reduction of e-waste as well as operating a paperless office environment.; Furthermore, we are helping our customers migrate their existing power-hungry, on-premise workloads to the cloud, providing scalable, secure solutions that enable them to achieve ESG compliance

  Tackling economic inequality

  Skill Development Culture; ; We focus on attracting, engaging, developing and retaining talented individuals, providing opportunities for career-long learning and development and safe workplaces within an inclusive culture that values diversity.; ; Educational Collaboration; ; Xalient commits to working with educational establishments in the area, in 2021 we collaborated with teams from Leeds University to support and guide c.20 graduates with supervised project work to bring a real-world perspective and experience to their studies.; ; Xalient’s can evidence the following inclusive growth commitments:; ; • Inspire the next generation by working with schools and/or colleges; ; • Develop a Skills Plan including Apprenticeships; ; • Offer training to low paid staff to help them progress; ; • Offer more sustainable ‘green travel’ options to employees; ; • Pay small business suppliers in accordance with the Prompt Payment Code - including a commitment to pay all suppliers within 60 days and to commit to 30 days as the norm; ; • Commit to paying staff the Real Living Wage within an agreed timescale; ; • Other inclusive growth commitments bespoke to the company’s own policies, considered sufficient by the Combined Authority

  Equal opportunity

  Diversity & Inclusion has especially been at the core of the Company’s principles, since its inception, not least as the Company’s own CEO and Founder is a woman of ethnic origin, in a Technical industry. The Company’s subsequent growth and global expansion has presented the opportunity to further enhance our workforce with the benefits of diversity in every respect. This commitment is implemented and maintained through a number of structured and progressive programmes, such as Development & Mentoring, Training and Performance Management and, more recently, a global ‘Culture & Inclusion Programme’. The Culture & Inclusion Programme is many faceted and carries several initiatives which ensure that all employees ‘have a voice’ across the business and all geographies – an opportunity to influence the shape of the Company and continually improve. Integral to this is the ‘Career Hub’ which provides all employees with learning programmes, career roadmaps, guidance and support to progress within the Company. Communication, shared multicultural recognition and celebrations and wellbeing initiatives, are all also part of the Culture & Inclusion Programme. Workshops are conducted to familiarise and gain commitment to the programme and continual activity retains the interest, knowledge and understanding across the business. We are proud that our diversity statistics are far higher than the Industry average for gender and ethnic origin, at all levels in the Company.

  Wellbeing

  We recognise how important it is that our staff have a healthy work/life balance and offer several wellbeing activities to ensure we support each and every member:; Xalient provide an Employee Assistance programme to which employees can access an app called My healthy advantage. The health and wellbeing app provides proactive wellbeing tools and engaging features. Each feature has been carefully built with the user’s wellbeing in mind. Designed to improve the mental and physical health of the users by using personal metrics to set bespoke goals and achievements.; We provide monthly wellness seminars the most recent being: A practical guide to reducing stress. We have an external NLP coach who heads theses seminars and offers help and support if needed. All seminars are recorded for staff who are unable to attend to view when they have time.; ; Members of Xalient are MHFA’s (Mental Health First Aider’s) ensuring a point of contact for other staff to reach out and always be available to offer help and support or just to talk.; ; All office staff are given the option of hybrid working with a 60/40 split ensuring they have equal amount of work/life balance. This has been part of our working contract since the pandemic and we will continue to offer this to all employees it is vital that all members of staff feel they have a healthy work/life balance.; For our new starters we offer a ‘buddy’ system to which we pair new staff with someone who is outside their team and someone who can support, reach out to and help new members to relax during the nerve-wracking first few months, we believe our buddy system helps our employees feel supported and valued. Making employees feel like they're part of the Xalient team which improves both morale and retention.

Pricing

• Price: £0.20 to £150 a user
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidmanagement@xalient.com. Tell them what format you need. It will help if you say what assistive technology you use.