BEMA CYBER TECH LIMITED

Cloud Services, Azure and AWS

High-performance computing and low-cost cloud storage options. On-demand local, object, file, block, and archive storage to safely and securely move data to the cloud.

Features

• File Storage - Scalable, highly available, shared file system
• Object storage - Store all data at unlimited scale
• Storage for demanding Database, HPC, Analytics, Big Data workloads
• Enterprise-grade data protection and privacy policies
• Bulk data upload: data Transfer Service
• Highly available data due to redundancy policies
• Data upload: Storage Gateway
• Archive Storage - Low cost, long term retention all data
• Block Volumes - High performance workloads with large data sets
• Azure, Defender, Sentinel, Tenant implementation

Benefits

• File Storage: highly available, distributed filesystems
• Archive Storage: allows archiving infrequently accessed data
• Object Storage: is distributed, highly available
• Data Transfer Service: securely move data Cloud
• Scalable capacity on demand, kilobytes to exabytes
• All data encrypted at rest
• Documentation, training, and user assistance

£0.02 a gigabyte a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  ODS

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at theron.lessey@bemacybertech.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

568588462890030

Contact

Theron Lessey
07789647997
theron.lessey@bemacybertech.com

Service scope

• Service constraints: None
• System requirements: N/A

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Dependent on the severity level of the service request. e.g. Severity 1 service requests within fifteen (15) minutes. However, for other severity levels (2-4) no response time is defined. The severity level of a service request is selected by both the customer and BEMA, and must be based on defined severity definitions.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Via website chat function
• Web chat accessibility testing: N/A
• Onsite support: Yes, at extra cost
• Support levels: Bespoke
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onsite and online training is available as well as instructional videos and documentation.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: For a period of no less than 60 days after the termination or expiration of the services, Production data will be available via secured protocols, and/ or the service system will be kept accessible, for the purpose of data retrieval by you.
• End-of-contract process: For a period of 60 days upon termination of the Cloud Services, we will make available via secure protocols, your content residing in the production environment, or keep the service system accessible, for the purpose of data retrieval by you. During this retrieval period,

Using the service

• Web browser interface: Yes
• Using the web interface: As per user guide
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: As per user guide
• Web interface accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: All Cloud Storage functions can be controlled via the REST API - see the User Guide for full details.
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
  • Other
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
  • Other
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
• Using the command line interface: As per user guide

Scaling

• Scaling available: No
• Independence of resources: N/A
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email
  • SMS

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Block Volumes can be grouped into a Volume Group
  • Block Volumes can be backed up to object storage
  • Volume Groups provide asynchronous Cross-Region Replication
  • The backups can be copied between regions
  • Object Storage each object is stored redundantly across three servers
• Backup controls: For Block Volumes - either by manually starting the backup, or by assigning a policy which defines a set backup schedule. Backups can be managed through the console, via CLI or by using REST API.; For the File Storage Service. Snapshots provide a consistent, point-in-time view of customer’s file system and allow them to take as many snapshots as they need. Snapshots Backups can be managed through the console, via the CLI or by using REST API.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery: Users can recover backups themselves, for example through a web interface

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Availability Service Level Agreement of 99.99% and Manageability Service Level Agreement of 99.9% and Performance Service Level Agreement of > 90% in 99.9% of time.
• Approach to resilience: Cloud Infrastructure is hosted in regions and availability domains. A region is a localised geographic area, an availability domain is one or more data centres located within a region. A region is composed of several availability domains.
• Outage reporting: All as per SLA

Identity and authentication

• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Access to network devices and servers supporting the services requires multi-factor authentication by our engineers, with approvals required for every access right. The network is a multi-tiered Demilitarised Zone (DMZ) environment inside a dedicated extranet that is isolated from our internal corporate network and VPNs for non-cloud services. The second step in the authentication path is authenticating to the relevant bastion server. Operator access is only permitted from bastion servers. Only approved engineers with the required entitlement can access the bastion servers. The public/private SSH key of authorised users is used in conjunction with UNIX username and authenticated via LDAP.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication
• Devices users manage the service through: Dedicated device on a segregated network (providers own provision)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Our security policies cover the management of security for both internal operations as well as the services we provide to customers. The policies apply to all our employees. These policies, which are aligned with the ISO/IEC 27001:2013, govern all areas of security applicable to our Cloud Infrastructure.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Our change management process, including both prevent and detect controls, as a core requirement of our commitment to security, availability, and confidentiality. The change management process is reviewed annually, at minimum, and outlines the processes and procedures to be followed for each change. The process incorporates segregation of duties (SoD) and requires changes to be approved and tested prior to implementation. All change requests are documented in an electronic, access-controlled ticketing system. The workflow prevents the ticket from being moved into the 'scheduled for implementation' phase without the required review and approvals.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Penetration tests of the system are conducted annually. A commercial vulnerability scanning tool is configured to scan all external IP addresses and internal nodes at least quarterly. The results of vulnerability scans and penetration tests are reviewed by management. Vulnerabilities and threats are assessed, documented and tracked through resolution.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: OCI's deployed SIEM ingests logs and alerts from networking devices, and hosts. SIEM is monitored 24x7x365 basis designed to defend and protect against unauthorised intrusions and activity in the production environment. In the event of a security incident, our Cloud Infrastructure activates an agreed protocol which includes GIS, Global Product Security, and Privacy & Security Legal, as applicable, to provide specialist subject matter expertise to respond to the incident.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incidents, including incidents reported directly to a customer’s account manager, are recorded via an internal access-controlled electronic ticketing system. Routing, communication, and escalation of incidents vary depending on a number of factors including urgency and impact to customers.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: As per SLA

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Alignment with the EU Code of Conduct for Energy Efficient datacentres

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  We have programmes in place to maximise the efficiency of our datacentres providing the services under this framework, including: • Operating dense computing environments and attaining high utilisation rates • Leveraging state-of-the-art intelligent energy management and cooling technologies • Managing an elastic computing platform eliminating excess capacity builds • Designing and deploying highly efficient servers and storage equipment

Pricing

• Price: £0.02 a gigabyte a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Bespoke to be discussed

Service documents

• Pricing document

  ODS

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at theron.lessey@bemacybertech.com. Tell them what format you need. It will help if you say what assistive technology you use.