Differentia Consulting

Zero Trust

Provision of simple secure networking everywhere. Underpinned by Zero Trust. With our service you can spin up your network in minutes, combining networking and security across all of your use cases. Managing the Fabric as a service while you control it. All functionality is accessible via hosted service or API.

Features

• Enables secure remote devops to sensitive services
• Enables secure remote access to sensitive services
• Enables obfuscation of sensitive services
• Eliminates need for hardware-based networking
• Create scalable access to sensitive services
• Accelerates ability to deploy services
• Obfuscates operational databases from the attack vector

Benefits

• Reduces risk of cyber attack
• Improves efficiency
• Provides compliance to certain regulatory standards
• Reduces investment in hardware-based WAN provision

£12 a device a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@differentia.consulting. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

658461434686688

Contact

Mari Vartiainen
+44 1494 622600
tenders@differentia.consulting

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Service can be used as a standalone service or fully integrated to client-managed applications. This means that all services can be protected where the network, the server, or the application is managed by the client.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: The service being cloud-based requires multi-platform resilience to create both a secure and accessible service which means that internet access is necessary to deliver the service.
• System requirements:
  • Internet access
  • Cloud account with licencing for users and services
  • Supported versions of operating systems and platforms
  • Non-supported versions such as IoT solutions require custom development

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: 4hr response during work day, next working day. Work week - Mon - Fri excluding Bank Holidays.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Via Microsoft Teams or other cloud-based service
• Web chat accessibility testing: Per Microsoft/Cisco documentation
• Onsite support: Yes, at extra cost
• Support levels: Depending on the solution and service package implemented, Differentia Consulting offers varying levels of support. Operating under SLA, Differentia Consulting has a support desk of highly experienced and certified engineers. Each support request will be assigned to a single point of contact. In addition to the single support contact, every client is allocated both an account owner, service delivery manager, and a customer care representative.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The following services form the basis of on-boarding a client. - Assigned Service Delivery Manager. - I S & R M (Initial Scope & Requirements Meeting). Meeting to cover off business and infrastructure requirements. - Training. Project team training needs assessed, and training delivered. - Implementation services delivered remotely or on-site. - Consulting services as required to deliver prototype and production ready applications. Delivered remotely or onsite. - Success management. We work closely with clients to ensure your initial project aims are met. - Annual reviews ensure evolving requirements are met.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Hard copy (at additional cost)
• End-of-contract data extraction: Where Differentia Consulting has engaged with a client to provision services, off-boarding will begin with a termination of service(s) meeting to agree off-boarding steps, which may include: - Reporting of Services - Deletion of environments (hosting) - Removal of shared storage (access) - Agree ongoing communications - Audit (as required)
• End-of-contract process: Costs would be dependent upon services required (if any). At the end of our engagement, Differentia Consulting will work closely with the client to understand and support the termination process. Services for this would be charged on a time and materials basis, and may include: - Data Extraction charges - Licence charges - Consulting and Technical Services charges - Residual Managed Services charges - Outstanding commitment charges (e.g. hosting fees) All of the above are subject to appropriate notice as per the agreement.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Other
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: No major differences.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Web portal
• Accessibility standards: None or don’t know
• Description of accessibility: Web portal login for administration and configuration.
• Accessibility testing: Web portal utilises the inherent assistive technology of the user's browser.
• API: Yes
• What users can and can't do using the API: Users can create secure connections using API, developed by them meaning that they can determine if changes can be made through the API or not.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Using SDK users can create their own Zero Trust connections for applications, APIs, and end-points such as IoT devices where they have the requisite skills to do so.

Scaling

• Independence of resources: Being a software-driven service it is important to reduce the effect of latency and contention this can be done by providing additional server nodes to improve both local performance and the risk of contention.; The same approach is also adopted to scale the service and provide failover resilience between platform providers. Scaling achieved through leverage of public & private cloud resources.

Analytics

• Service usage metrics: Yes
• Metrics types: Native to the console includes the number of services, number of connections, and throughput volumes.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: NetFoundry

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: All data is accessed using the service which in itself is encrypted.
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: N/A
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: The service provides this service in addition to the service that is consumed by this service.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: The service provides this service in addition to the service that is consumed by this service.

Availability and resilience

• Guaranteed availability: SLAs are provided by respective cloud service providers as the service is 100% determined by their availability. Please note however that failover between service providers is included within the solution to further assure service availability.
• Approach to resilience: Please note however that failover between service providers is included within the solution to further assure service availability.
• Outage reporting: Email alerts can be deployed to advise users of service status should the service be down for whatever reason including service maintenance.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: The service provides this service.
• Access restrictions in management interfaces and support channels: User roles are defined such that privileged access is restricted to those who require it.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: The service provides this service.

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: ISO 27001 equivalent

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: As the software is developed by a third party then these are managed by a third party. Else if developed by us for the client then our standard change management will be adopted in line with standard ITL methodology.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Inherently the service is secure. However, like all services it has vulnerabilities. Key to mitigating risk is to ensure appropriate access controls are in place. Using appropriate access controls patches can be deployed centrally or by downloading from the internet.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Forensic log analytics
• Incident management type: Supplier-defined controls
• Incident management approach: Preparation, Identification, Containment, Eradication, Recovery / Monitor, Post mortem review

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  Reduces anxiety of remote workers from the fear of being personally responsible, as the human firewall, for cyber attacks.

Pricing

• Price: £12 a device a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@differentia.consulting. Tell them what format you need. It will help if you say what assistive technology you use.