Anson Resolution

Cloud Native Access Service

Cloud Native Access Node provides a flexible method of accessing your cloud. Development, Testing and Production enclaves by using an internet-facing Cloud-Native Zero Trust environment.


  • Full Zero Trust stack defining a Software Defined Perimeter.
  • Allows access from corporately or privately owned devices (mobile/ desktop).
  • Enables internet ingress, egress and vulnerability scanning to development enclaves.
  • Managed service allowing access to AWS, Azure, UKCloud, Google.
  • Single Sign On with PKI, encryption, signature and MFA options.
  • Centralised log management and analysis stack can export monitoring data.
  • SDWAN connections Link to ExpressRoute, Direct Connect, and other networks.
  • Built in firewalls for content inspection, IDP, DLP, TLS security.
  • Enables scalable microservices architecture with service mesh.
  • Efficient links to Solid, IOT Services or Edge Compute.


  • Efficient integration with CI, CD and GitOps pipelines.
  • Specify, measure and enforce business goals.
  • Secure cross domain information sharing with customers, suppliers and partners.
  • Demonstrably compliant with policy, standards and legislation.
  • Provides significant cost savings over in house deployments.
  • Scalable and flexible evergreen solution avoids upgrade issues and costs.
  • Pay as you Go for efficient cost management.
  • Reduces dependency on location and address for trust.
  • Reduces attack surface and enforces least privileged access.
  • Cheaper and more flexible than traditional VPN.


£12.30 a user a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

6 7 3 1 1 9 1 4 9 2 7 1 5 9 4


Anson Resolution Mike Dyer
Telephone: 07984 781614

Service scope

Service constraints
The Services are always available except for:
• scheduled maintenance carried out during a regular maintenance window, such as backups, database administration and log processing.
• Public holidays (in England and Wales) where the service desk will not be manned.
For scheduled maintenance windows we will give customers at least 4 weeks notice, and endeavour to schedule the windows for lower impact time periods. Over any 12 month period, the average maintenance windows will not exceed 4 hours per month.
All users, configurators and administrators will require internet access or connectivity through the government secure internet to the platform.
System requirements
  • EUDs fully patched and protected by up to date AV.
  • Scheduled maintenance carried out during a regular maintenance window.
  • All users require internet access or government network connectivity.
  • All users to sign SyOps and Acceptable Use Policy.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Initial response within one hour, Monday to Friday 0800 to 1800. No response at weekends.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Web chat is based around Slack which can be accessed by any web browser that supports HTML5 or its own desktop client, and can also accessible programmatically via its API.
Web chat accessibility testing
Onsite support
Yes, at extra cost
Support levels
There are two Service levels offered:

• Standard, which provides support during the working day, supported by 24/7 monitoring.
• Enhanced, which allows for long day or 24/7 support where required. Enhanced support incurs additional charges.

All Service Levels include a full ITIL Service Management system including Incident, Problem and Change Management, Release and Deployment Management, Access,
Availability and Capacity Management, Service Measurement and Reporting.
A Technical Account Manager will own the relationship and be responsible for ensuring that the service meets the customers’ needs.
Level 1 Support responds to helpdesk queries, simple resolution such as passwords and account changes.
Level 2 Support includes: Infrastructure support, responding to all support issues in line with agreed SLAs, performing root cause analysis of problems, including raising tickets for other 3rd party support providers, if required.
Level 3 application support issue fixes are provided either by client or third party delivery teams, with support issues added to the story backlog for prioritisation by the product owner.
Disaster Recovery processes are assumed to have been designed and implemented as part of systems and applications development. Our support offering includes carrying out any agreed disaster recovery procedures where these are not automated.
Support available to third parties

Onboarding and offboarding

Getting started
A Service Specialist will work with the client to understand the scope and nature of the required services, including: the deployment process, any integration requirements of legacy services/applications, end users, segmentation and associated security profiles. Details include agreeing reporting requirements and scheduling, formats and transportation. This will normally take place prior to contract award.
It is assumed that the Customer will work together with the Support team to decide on roles and responsibilities of customer and supplier. Customer will work together with the Support Team on the requirements for the cloud environment and provide sign-off on the same before commencement of services.
Designated and authorized resource from customer side will actively work with Support Team to resolve any dependencies on the customer team.
We will provide User Guides, both online and in crib card format as part of user activation.
Onsite training can also be provided as an additional charged item.
Service documentation
Documentation formats
End-of-contract data extraction
All data will be returned to the client, on CD or DVD, in the original format it was stored and managed. Additional formats, such as client specific XML, or export mechanisms can be provided at extra cost.
Log data can also be transferred and is charged in accordance with our SFIA rates.
End-of-contract process
Termination of service, for any reason, triggers the development and implementation of a Termination phase. A Termination Plan will be produced and agreed with the customer. A generic termination plan is available, on request, and this will be tailored to reflect appropriate roles and responsibilities. Production of this tailored plan is included within the service price.

On termination of the service, all client data will be destroyed in accordance with Anson Resolution Information Assurance processes, which are appropriate for Official and Official Sensitive data. For particularly sensitive data additional Government approved sanitization or destruction mechanisms can be deployed, at extra cost.

Using the service

Web browser interface
Command line interface


Scaling available
Scaling type
Independence of resources
Each user operates in a separate instance, provisioned with their own platform.
Usage notifications
Usage reporting


Infrastructure or application metrics
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
Reporting types
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
What’s backed up
  • Files
  • Virtual Machines
  • Applications
  • Databases
Backup controls
By agreed amendment to the Service Management Plan.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Availability 97.0%. Users are credited a service credit of up to 10% of monthly charge (15% for Enhanced support) if availability falls below this level.
Standard SLAs are assumed as:
• 0800 to 1800 for Standard Support
• 24x7 Access For Enhanced Support and Crisis incidents only
Approach to resilience
Available on request.
Outage reporting
E Mail alerts.
Recorded message.

Identity and authentication

User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
There is no access from User Accounts to management interfaces.
System Admins access management capabilities from dedicated machines connected via an SSTP VPN requiring proprietary Certificates.
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication
Devices users manage the service through
Dedicated device on a segregated network (providers own provision)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Security Governance follows the ISO 27001 model. Certification is being applied for.
Information security policies and processes
NOC/SOC are responsible for monitoring systems and responding to customer events. In the first instance they are accountable to the Head of Customer Support, whose responsibilities include the secure operation of all systems. Where appropriate they pass issues for resolution to either the System Design Authority, they do, however, retain ownership of the issues’ resolution.
The Chief Security Officer (CSO) is responsible for all aspects of security of the company and its services. He:
• Runs an internal and external audit programme to ensure that policies are being adhered to and are effective.
• Maintains a record of who has signed SyOps and what access they have been granted.
• Has oversight of the development, maintenance and update of risk assessments.
• Runs a security training programme for all staff.
• Is available to provide advice on the handling of security incidents.
The CSO is directly accountable to the CEO.
The System Design Authority owns the Change process including making security assessments of change impacts, and where appropriate obtaining advice from the CSO.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
The System Design Authority owns the Configuration Management Database and process.
Configuration items are discovered through an automated process. Verification audits take place prior to, and after, major changes, and recovery of a major incident. Additionally Configuration verification is conducted periodically.
Change Process: Classification begins when an incident or change is identified. If appropriate a Change Request is raised and passed for Evaluation where the impact is quantified including assessing the security implications. Modeling and Testing is conducted to ensure that the impact on the environment is fully understood. In Implementation the change is embodied and Configuration Items recorded.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Regular vulnerability scans are performed on the system.
On identification, Vulnerabilities are prioritised based on the Common Vulnerability Scoring System (CVSS) Version 3. This uses analysis of the Exploitability and Impact of a Vulnerability to generate an initial assessment of its priority, and to track the progressive impact of mitigations applied.
Normally a 4 week Test and Patch cycle is employed, however, there is also a facility for expedited deployment of urgent patches as an emergency Change, identified either by CVSS scoring or by early warning from organisations such as CiSP, Threat Intelligence or Customer CERTs.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Log Data is recorded to a policy aligned with CESG Good Practice Guide 13 (GPG 13) Recording Profile A (Aware), which is appropriate for Official Data. Enhanced collection to align with GPG 13 Recording Profiles B (Deter), C (Detect/Resist), D (Defend) for data of greater sensitivity can also be provided at additional cost
The data we monitor includes: Integrated dynamic asset management and network discovery, log and event correlation and analysis, Network Traffic Analysis, Deep Packet Inspections, IDS, Vulnerability Scanning, Blacklist monitoring, Privileged User monitoring, Collaboration and continuous service improvement.
Incident management type
Supplier-defined controls
Incident management approach
Incidents can be triggered either by Customer issues or in response to system events. Standard processes are defined for common events.
Initial Customer Response:
• Critical –30 minutes
• High – 1 hours
• Medium – 2 hours
• Low – 3 hours
Incident Resolution:
• Critical –8 hours
• Low –16 hours
• Medium – 36 hours
• Low – 76 hours

In response to either a very high Business Impact or multiple related instances a Major Incident can be declared, bringing a higher level of support resourcing and a dedicated Incident communications channel.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Who implements virtualisation
Virtualisation technologies used
How shared infrastructure is kept separate
Compute separation is enforced at the hypervisor level by trusted products.
Each platform user owns separate Operating System, building on this separation.
Management access is separated from user access, and the strength of this separation is subject to regular testing.
Customer networks are separated by VLANs and the implementation of the separation regularly monitored.

Energy efficiency

Energy-efficient datacentres

Social Value

Fighting climate change

Fighting climate change

We continually monitor the environmental impact of our activities. This monitoring shows that our primary sources of carbon production are cloud consumption and travel. We take account of reported emissions in the selection of our cloud providers and monitor their impact. Even prior to COVID-19, were prioritising remote working and other means of minimising travel. When travel is essential, we endeavour to select the most sustainable means, which is generally the train, for UK and European travel.
Covid-19 recovery

Covid-19 recovery

We are a remote first organisation, which includes optimising tools and working practices for remote working. This has greatly reduced the impacts on COVID-19 including on those who are recovering or shielding.
Tackling economic inequality

Tackling economic inequality

A core of our organisational development is to invest in the skills and training of our employees. Backed by the necessary resources, this includes achieving recognised qualification in areas of scarcity. We regularly partner with other SMEs to grow the value of the supply chain and provide greater depth of expertise to customers. In addition, we donate at least 1% of turnover to charity each year. Our donations, focus on promoting health and addressing disadvantage and hardship.
Equal opportunity

Equal opportunity

We are fully committed to equality in our recruiting and working practices. Flexible working is fully supported, allowing greater access to employment opportunities. We are pro-active at taking opportunities to make progress for disadvantaged groups.


We closely monitor the wellbeing of our team and have evolved working practices to do so effectively while remote working. We offer flexible working and comprehensive training and development to help our people. Our team contribute to the broader community through charity time, which is an individual entitlement.


£12.30 a user a month
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.