Computacenter - Cloud Access Security Broker (CASB)
Proofpoint Cloud Application Security Broker protects against account compromise, malicious files, data loss and compliance risks in the cloud.
Features
- Detection of suspicious logins
- Create granular, adaptive rules for account access
- Data loss Prevention rules
- DLP asset detector
- Control and limit cloud filesharing
- Monitor shadow IT
- Agentless Architecture
- Automation response to cloud incidents
Benefits
- Receive alerts to respond quicker to cloud account compromise
- Prevent cloud accounts from being taken over following phishing attacks
- Prevent sensitive, confidential data from being exposed in the cloud
- Automate the discovery of sensitive data in the cloud
- Prevent data exfiltration / data loss
- Detect risky third-party applications running in cloud environments
- Faster time to deploy and faster time to value
- Save admin's time and respond faster to minimise damage
Pricing
£20.00 a user a year
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
6 5 5 4 3 9 0 4 5 0 6 4 8 2 2
Contact
Computacenter (UK) Ltd
Karen Baldock
Telephone: +44 (0) 1707 631000
Email: government@computacenter.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Community cloud
- Service constraints
- N/A
- System requirements
-
- Capability of routing email to a Proofpoint email gateway
- Valid delivery destination for email filtered by Proofpoint.
User support
- Email or online ticketing support
- Yes, at extra cost
- Support response times
- Response times for standard issues are within 8 hours during operating 9:00 -5:30 (mon-fri) Weekend support is available at additional costs subject to customer requirements
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- Depending on the support model required, Computacenter can accommodate the exact needs of each customer; from having dedicated support resources deployed on-site or remotely on a resource-on-demand basis, to formal managed service support agreements. The contact mechanisms, service hours and response time SLAs available are flexible to align with your specific requirements.
- Support available to third parties
- No
Onboarding and offboarding
- Getting started
- Proofpoint Professional Services provides an implementation service. Each customer is aligned with a Professional Services consultant who will onboard them. There is also online training and documentation provided as well as access to the articles, forums, etc. in the Proofpoint community portal.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Data extraction tools driven by customer
- End-of-contract process
- Implementation is included in the price of the contract and there is no additional charge for offboarding. At the end of the contract the service ceases to function.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- Linux or Unix
- MacOS
- Windows
- Windows Phone
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- The experience of the Proofpoint email filtering service will be the same no matter how email is accessed (e.g. via desktop or mobile mail clients).
- Service interface
- Yes
- User support accessibility
- None or don’t know
- Description of service interface
- Administrators can connect to an admin GUI to configure settings. End Users will not be aware of the majority of the email filtering that takes place. End Users may receive an End User Digest email that lists certain types of email addresssed to them (e.g. bulk) that has gone into quarantine since the last digest was generated. End Users may also be given access to the End User Web Application where they can release certain type of emails from quarantine and maintain their own safe and block lists.
- Accessibility standards
- None or don’t know
- Description of accessibility
- Web Browser
- Accessibility testing
- Access is via a web browser, so standard web browser accessibility options apply.
- API
- Yes
- What users can and can't do using the API
- Admins can configure an API so that reporting details from Proofpoint email filtering are fed into a SIEM tool.
- API documentation
- Yes
- API documentation formats
-
- HTML
- API sandbox or test environment
- No
- Customisation available
- No
Scaling
- Independence of resources
- Each customer has a separate email filtering cluster just for them as well as their own dedicated IP addresses. The cluster for each customer is sized according to the compute resources needed to handle their mail flow and this can be adjusted if mail flow volumes change.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Various reports are generated on things such Inbound Email Summary, Inbound Spam and Bulk Summary, Inbound Threat Summary, Outbound Email Summary.
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller (no extras)
- Organisation whose services are being resold
- Proofpoint
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
- Other
- Other data at rest protection approach
- AES 256 bit encryption
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- Data extraction driven by customer
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- https://www.proofpoint.com/sites/default/files/general_terms_hosted_services_sla_-_mar_2016.pdf
- Approach to resilience
- The services run in active/active mode between a pair of geographically-diverse co-location facilities.
- Outage reporting
- https://www.proofpoint.com/sites/default/files/general_terms_hosted_services_sla_-_mar_2016.pdf
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Identity federation with existing provider (for example Google Apps)
- Access restrictions in management interfaces and support channels
- All access to the Proofpoint production environment, where services are hosted, is via a 2FA encrypted VPN and granted based on role.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- BSI
- ISO/IEC 27001 accreditation date
- 28/04/2022
- What the ISO/IEC 27001 doesn’t cover
- Our ISO/IEC 27001 certification relates to the information security management system and not the products or services of the certified organisation
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- Gemserv Ltd
- PCI DSS accreditation date
- 22/09/2021
- What the PCI DSS doesn’t cover
- As per section 2a of the PCI-DSS certificate, there are no areas that were marked as ‘Not Included’. We therefore confirm we are compliant across all relevant requirements for our services as a Hosting Provider, Managed Services and Payment Processing.
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- The Group ISMS contains a consistent security assurance framework and accompanying baseline set of Information Security Policies that are to be used throughout the Computacenter Group. Information Security Policies define the minimum security standards for the Computacenter Group. They consist of technical, procedural and staff behavioural rules that work in concert to preserve the security aspects of Computacenter IT Systems and the information that they process. The Group ISMS Information Security Policy set is divided into categories covering topics such as Information Security Management, End-user responsibilities and Acceptable Usage plus technology specific security requirements. An 'Acceptable use Policy' (AUP) document is included in the Policy set, as a minimum, which must be read and understood, for ensure employee’s know their obligations and comply with this and any other Security Policies that relate to their role in the organisation.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Proofpoint has a documented change management policy that includes requirements around documented change tickets and review and approval by the Change Review Board.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Proofpoint performs internal and external vulnerability scanning and remediates applicable findings in line with the Proofpoint patch management policy.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Proofpoint has distributed monitoring in place for availability, performance, capacity and security. Alerts are directed to a 24x7 NOC or SOC for review, remediation and/or escalation.
- Incident management type
- Supplier-defined controls
- Incident management approach
- Proofpoint has a documented Incident Response Plan that includes procedures to detect, investigate, remediate and communicate security incidents. A trained IRT team is responsible for the maintenance of the program.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
As per section 2a of the PCI-DSS certificate, there are no areas that were marked as ‘Not Included’. We therefore confirm we are compliant across all relevant requirements for our services as a Hosting Provider, Managed Services and Payment Processing. - Covid-19 recovery
-
Covid-19 recovery
Throughout the pandemic we have closely followed and implemented government guidance relating to the workplace and COVID-19. We created a COVID-19 risk assessment to enable us to understand the improvements that need to be made to our workplace conditions in line with the Government COVID-19 secure workplace guidelines and the business advice that is now current. It looks at the risks of COVID-19 in the workplace, such as hygiene, & cleaning and then states what we must put in place to mitigate these risks.
As we enter the recovery phase of the pandemic, we have introduced hybrid working for our employees. This will allow most employees including those delivering G-Cloud services increased flexibility in how and where they work ensuring that we still deliver the best service to our customers whilst looking after our people.
Our COVID-19 steering committee is there to identify activities that will improve workplace conditions then plan, build and regularly monitor various programmes focused on supporting the COVID-19 recovery effort. At these meetings, chaired by our Chief People Officer (‘CPO’) Sarah Long, our CIO Mark Slaven and Services operations, the steering committee discuss changes that need to be implemented, identify areas of improvement, and review our roadmap of new activities.
Throughout the life of the contract, we will use our existing activities (as well as those that are in development in due course) to continue to improve workplace conditions in support of the COVID-19 recovery effort.
Questions relating to travel were included in the COVID-19 surveys that were issued through the pandemic. The assessment highlighted concerns people had about public transport. To help all employees; managers were coached and given guidance about being flexible with start/finish times. We continue to adapt our approach based on feedback received through the steering committee and employee surveys. - Tackling economic inequality
-
Tackling economic inequality
As a diverse and inclusive organisation with a strong focus on equality within the workplace and driving in-work progression, our approach to recruitment and employment is aligned to recognised industry best practices such as the 5 principles of quality work as set out in the Good Work Plan.
Our Employee Impact Groups for disadvantaged or minority groups provide representation, support, and community engagement on behalf of our workforce, feeding into our People Panel ensuring all voices are heard, underpinning our wider ambition of building a sustainable business for the long term.
We put specific measures in place to provide opportunities to under-represented groups or those who face barriers to employment, including comprehensive outreach programmes for schools and universities, as well as partnerships with several non-profit organisations within our communities. We will continue to focus on reaching harder to reach groups and people who are underrepresented in our sector by working with charities and schools in the local community to offer career talks and work experience opportunities. Our School outreach programme has over 130 volunteers dedicating over 2,600 hours running activities for employability and life skills in schools, colleges and universities.
Computacenter is one of the 9 founding members of ‘Technology Community for Racial Equality’ (‘TC4RE’), a group set up to drive racial equality throughout the technology industry, with which we are delivering a half-day virtual event on ‘Enabling Ethnic Diversity’ featuring a series of expert keynotes, live panel discussions and interactive workshops with representation from across the UK technology community.
Furthermore, Computacenter has signed the Armed Forces Covenant, our programme provides the opportunity to attain a degree and Service Now certification whilst receiving full salary. This programme is the first of many programmes we intend on running to help ex-forces personal transition back into the workplace and the IT industry. - Equal opportunity
-
Equal opportunity
Computacenter is committed to providing equal opportunities to all through fair recruitment practices and employment conditions across our organisation.
We are a Disability Confident ‘Committed’ employer, committed to making lasting changes to our business creating a diverse talent pool. We work with partners through our community outreach activities who are specialists in disability. An example is our work with Knightsfield School in Welwyn Garden City, a specialist school for deaf children. We run at least 3 ‘get work ready’ events with them, as well as offer up to 4 work experience opportunities and onsite visits every year.
For this contract, we will use existing initiatives (as well as others that are in development) to provide career opportunities for individuals from under-represented groups to address requirements for specific skills or roles with a focus on increasing skillsets through the life of the contract. This will include apprenticeships aligned to security and cloud/infrastructure departments, as well as industrial placements and graduate schemes for our ServiceNow Center of Excellence, with specific focus on delivering cloud-based services to our customers.
Our workforce for services delivered under this framework will have access to existing initiatives aimed at supporting in-work progression and development for those from disadvantaged/minority groups. For example, our gender diversity initiatives include our Growing Together programme, which 52 women have been through so far, of which over one-third have been promoted or taken a new role within a year following the mentoring and coaching provided.
We are also committed to driving racial equality across our business and the wider technology industry. We are a founding member of ‘Technology Community for Racial Equality’ which recently delivered a half-day virtual event on ‘Enabling Ethnic Diversity’ featuring a series of expert keynotes, live panel discussions and interactive workshops with representation from across the UK technology community. - Wellbeing
-
Wellbeing
We understand how important employee Wellbeing is for a sustainable business model, therefore we are committed to creating a sustainable supply chain. Ensuring the wellbeing of our employees are looked after will positively affect productivity, recruitment, and retention rates.
In November 2021, a designated UK wellbeing manager was appointed and has since launched our wellbeing strategy, which aligns with the Social Value Model and the 6 standards of the Mental Health at Work Commitment, signed in July 2021. We are actively implementing the enhanced mental health standards as recommended through the ‘Thriving at Work’ review, and NICE mental health at work guidelines, as part of our Wellbeing strategy. The strategy encompasses four pillars of wellbeing, mental, physical, financial, and social. We are a Menopause friendly organisation and have created a support network for those in need.
We have 109 Mental Health First Aid (MHFA) accredited staff in the UK, trained by Mind, who act as Wellbeing Champions providing mental health first aid support and promoting our wellbeing services which those delivering G-Cloud service provisions will have access to. These champions are from every business area and from different seniority. We hold events throughout the year organised by our UK wellbeing manager and Champions, which have included celebrating World Mental Health days, Menopause awareness, financial wellbeing webinars and sponsored events to raise money for our mental health charity partners.
2021 also saw the launch of our new groupwide app-based programme ‘Be Well’ which gives our people access to over 3,000 fitness, nutrition, health and wellbeing courses through Humanoo. Through this app we have launched an extremely popular groupwide step challenge and has encouraged our people to be more active, with over 35% of our workforce now using the app and covering over 1.8bn steps so far.
Pricing
- Price
- £20.00 a user a year
- Discount for educational organisations
- No
- Free trial available
- No