Nine23

Multi Factor Authentication (MFA) - Cisco Duo / OKTA

Effective Multi-Factor Authentication (MFA) protects your applications by using a second source of validation, like a phone or token, to verify user identity before granting access. Duo is engineered to provide a simple, streamlined login experience for every user and application, it integrates easily with your existing technology.

Features

  • Single Sign-On
  • Adaptive Single Sign On
  • Universal Directory
  • Lifecycle Management (provisioning)
  • Advanced Server Access
  • Multi Factor Authentication
  • Adaptive Multifactor Authentication
  • CIAM (Customer Identity)
  • Integration to Active Directory
  • API Access Management

Benefits

  • Securely store users and passwords
  • Enforce password policies
  • Seamless access from any device or location
  • Reduced help desk cost and password resets
  • Passwordless experience
  • Reduce users and customers IT friction
  • Automate joiner, mover, leaver process
  • Increased security, including instant account deprovisioning
  • Reduce audit time and risk
  • No hardware, quick to deploy

Pricing

£3 a user a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@nine23.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

6 1 0 5 4 6 4 2 9 1 1 7 9 3 8

Contact

Nine23 Stuart McKean
Telephone: +44 (0) 23 8202 0300
Email: gcloud@nine23.co.uk

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Some main integration partners include:
AzureAD
On Premise LDAP
Slack
Box
Office 365
Salesforce
Cloud deployment model
Public cloud
Service constraints
N/A
System requirements
Appropriate Licensing and Access for integration

User support

Email or online ticketing support
Email or online ticketing
Support response times
This would form part of a managed service or adhoc-SLA event. Normal response times are 9-5 weekdays and 4 hours for standard support. Other service levels are available.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Basic Success Business Hours: 12 hours/day x 5 days/week, excluding US holidays (6:00am - 6:00pm in the timezone of the Customer's HQ site)
Premier, Premier Access & Premier Plus Success Business Hours: 24 Hours/Day x 7 Days/Week x 365 Days/Year
Premier Plus Success also includes a Customer Success Manager
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Requirements can vary per solution and we would encourage buyers to contact us for clarification
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Optional Services can be purchased in order to provide assistance in the data extraction process.
End-of-contract process
Duo is a subscription based software so customers will have the opportunity to renew their licences before their contract comes to an end, If the customer chooses not to renew, the contract is ended.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Duo web portal is primarily for administration and the mobile device app for authentication, however other services / functionality is dependant on the use case.
Service interface
No
User support accessibility
WCAG 2.1 AA or EN 301 549
API
No
Customisation available
Yes
Description of customisation
Modular licensing allows for specific solution creation per customer.

Scaling

Independence of resources
Today’s users expect a seamless experience while IT adapts to an increasing demand. Interruptions and downtime can severely hurt organization’s productivity. Duo is built to handle this challenge. Duo is never taken offline for updates or maintenance.

Analytics

Service usage metrics
Yes
Metrics types
While usage data and service metrics can be discovered within our system log. High level reports can be provided by the Okta team as required on request.
Reporting types
Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
CISCO

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Optional Services can be purchased in order to provide assistance in the data extraction process.
Data export formats
  • CSV
  • Other
Other data export formats
LDIF
Data import formats
Other
Other data import formats
  • Via the Azure AD
  • Via AD On Premise / Proxy

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Identity is Always On
Approach to resilience
Any fault in infrastructure is contained using a High Availability (HA) cloud scale architecture, and even in case of an entire datacenter going down, another in a different geography takes ownership of the affected accounts within an hour.
Outage reporting
Users will also receive email alerts informing them of the problem, estimated outage time and a further email once fully restored.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication
There a multiple authentication options including inbound SAML, oauth2.0, username and password and multi factor authentication.
Access restrictions in management interfaces and support channels
Access to support channels is only granted to administrative users and security check is carried out when a user raises a support ticket. Management interfaces is also locked down to administrative users.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Description of management access authentication
Users are defined as administrators within the service itself. Access is determined based on delegated administration rights.

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
  • HIPAA
  • SOC2
  • FedRamp

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
SOC2 certified HIPAA CSA Start
Information security policies and processes
The Duo team understands the need for its service to be both highly available and secure, and every aspect of the organization reflects this. Duo enables enterprise administrators to increase security above what is available through traditional on-premises technologies. By offering strong password management capabilities, account management capabilities, easy-to-deploy multifactor authentication, and encrypted attributes, the enterprise is now able to put strong controls on high-value data while balancing the ease-of-access users demand. Duo is a leader in third-party certifications, physical and network security architecture, and reliability,

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Services are configured and documented for reference. Changes are initiated with internal or external requests that start a Change Acceptance Process, during which the business imperative, security risks, user impact, and costs are considered. A lightweight process is adopted for agility of service, but If necessary, a full security impact assessment is undertaken and when the requisite authorisations are received, the change is effected and documentation updated.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
We subscribe to a number of vulnerability and threat monitoring agencies including the NCSC threat newsletter. A baseline patching process is maintained monthly for all services, and emergency responses to critical threats are evaluated and actioned appropriately.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Our protective monitoring tools examine SIEM data from our platform and client areas, including GPG13 compliant reporting. Incidents are responded to based on the severity of the event and can be immediate notification to clients to allow fixes to be effected straight away
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Our SyOPs and Security Management Plan outline procedures for incident management and reporting. Our SMP is certified ISO27k controls and verified by a CCP qualified IA lead.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

One of our key objectives for 2022 is to complete certification of ISO 14001:2015 – Environmental Management. This internationally agreed standard sets out the requirement for businesses to review all areas of their organisation and improve their environmental performance through more efficient use of resources and waste reduction. Nine23 are anticipating certification by the end of May 2022. We welcome queries as to the status of this

For an SME it is harder to make a larger strides in reducing the causes of Climate Change; therefore we have joined forces with a number of other global hi-tech companies to set collective goals . The first is with the Trust X Alliance; which brings a number of SME’s together to look at the United Nations Sustainable Development Goals. There are a total of 17 Goals aimed at transforming our world, with Good Health and Wellbeing, Gender Equality, Decent Work and Economic Growth and Climate Action being our main focus.

In addition, Nine23 are part of a pilot group of technology companies working with Net Zero to create a consensus across the Tech industry as to what Net Zero means for businesses in the sector and to provide an industry standard against which business claiming to be Net Zero can be assessed. The goal is to create a pragmatic, effective and publicly available guide for Tech firms to achieve Net Zero. This “protocol” will be practical and easy to use, whilst remaining comprehensive in its scope and ambitious in its scientific robustness - offering businesses a realistic method of achieving credible sustainability goals, in line with the global climate goals required by the Paris Agreement.
Covid-19 recovery

Covid-19 recovery

Nine23 are working hard to help build a stronger economy by supporting Local businesses and creating jobs, apprenticeships and training opportunities within the local community where employees reside.  We work closely with a number of local businesses to supply key areas of support. Accounting, telephony, and the University of Southampton Park - in addition, all hands-on trades are locally based. Where possible we also prefer to use SMEs for hardware or software procurement. We are also members of the living wage foundation and aim to raise living standards of our staff, in addition to paying our taxes.

Nine23 are a firm supporter of the apprenticeship scheme and graduate work placements and have provided numerous opportunities for developing roles through the service desk and marketing departments, into more senior positions.  We are proud our business has a part to play in the wider health of the UK economy.
Tackling economic inequality

Tackling economic inequality

Nine23 Ltd are passionate about tackling economic inequality. We are members of the Living Wage foundation and have moved from being office based, to hybrid working. This has enabled us to recruit further afield, broadening our reach of potential employees and giving us more diverse candidates. We now have staff based in various locations around the UK.

We strongly believe in the 5 foundational principles of quality work as outlined in the Governments Good Work Plan and closely align our culture, processes, and values in support of these. A continual focus on job satisfaction, safety wellbeing & security, fair pay, participation & progression, and voice & autonomy help to attract and retain staff from all backgrounds, minimise staff turnover, increase capability and maximise efficiency. Targeted plans are implemented to ensure continuous improvement in these key areas.

Continued focus alongside ongoing skill development, enables our workforce to reach their potential. Removing their (real or perceived) barriers to success, providing support for educational attainment, including providing training schemes to access professional qualifications ensures that their unique and valuable perspectives and skills are nurtured. Active engagement with the recruitment and development of existing staff and apprentices and offer posts specifically to those seeking to re-train into Digital and Cyber Security related roles. Our most recent apprentice joined Nine23 with a clear path for personal growth whilst learning on the job skills in the highly technical sector of IT support. We will be recruiting more individuals into our Cyber Security apprentice scheme.

We provide support for the existing workforce by providing careers advice, mentoring, coaching, training and development, mock interviews, and CV advice. We give them support for in-house progression and development into high growth areas or known skills shortages.
Equal opportunity

Equal opportunity

Even as a SME we aim to ensure opportunities are available to all. We are actively working to monitor, influence and improve our workforce diversity and social mobilisation efforts.
Nine23 are working hard to help build a stronger economy by supporting Local businesses and creating jobs, apprenticeships and training opportunities within the local community where employees reside.  We work closely with a number of local businesses to supply key areas of support. Accounting, telephony, and the University of Southampton Park - in addition, all hands-on trades are locally based. Where possible we also prefer to use SMEs for hardware or software procurement. We are also members of the living wage foundation and aim to raise living standards of our staff, in addition to paying our taxes.

Nine23 are a firm supporter of the apprenticeship scheme and graduate work placements and have provided numerous opportunities for developing roles through the service desk and marketing departments, into more senior positions.  We are proud our business has a part to play in the wider health of the UK economy
Wellbeing

Wellbeing

Employee wellbeing has always been a priority - especially during the 2020 – 2022 Pandemic. Whilst all staff have been working from home we have increased our daily check-in calls and staff one2ones to ensure any issues are picked up and support provided as soon as possible.
We have provided free counselling sessions for any member of staff that needs it and supported those that have taken time off work due to sickness.
Nine23 have adapted working hours to fit with the real life situations people have to deal with – from child to caring or the elderly.

Pricing

Price
£3 a user a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
10 Users can trial the system for an extended period.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@nine23.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.