AWS Cloud Security Strategy - Advisory and implementation service
Airwalk Reply's AWS Cloud Security service helps organisations design and implement a proactive approach to cloud security, allowing organisations to launch new products and services on Amazon Web Services. This modular service covers cyber security strategy, maturity assessment, controls implementation, security engineering, security operations and DevSecOps, tooling and vendor selection.
Features
- Comprehensive assessment of your AWS CyberSecurity and risk management strategy
- Development of strategy for Risk Management, monitoring and control automation
- Design and implementation of organisational AWS Security and Controls Framework
- Strategy for Security Engineering, Operations (SOC) and Incident Management teams
- Cloud Continuous Compliance Framework, enabling automated security controls and alerting
- Implementation of AWS security automation through software development lifecycle
- Design and implementation of security reference architectures on AWS
- Security Testing to identify and address system and application vulnerabilities
- Cutting edge AWS cloud native SIEM design, build and implementation
- DevOps - Secure Cloud Native software development pipelines for CI/CD
Benefits
- Enhance AWS security management to reduce your organisation's CyberSecurity risk
- Mature your CyberSecurity capability with help from AirWalk security experts
- Give more confidence to regulators and management in your delivery
- Comprehensive control frameworks using NIST, CIS, ISO and best practice
- Confidence in security posture of your AWS infrastructure and applications
- Consistent security policies and controls across your AWS cloud estate
- Secure, automated, robust and effective security operations for cloud applications
- AWS-hosted applications and systems that are secure by design
- Utilise the most modern, scalable and dynamic approaches to CyberSecurity
- Integrate automated security into your delivery, pipelines and code
Pricing
£350 a unit a day
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
6 9 6 2 0 2 2 0 2 5 9 2 9 5 4
Contact
Airwalk Consulting Reply Ltd
Alex Hammond
Telephone: 02081428686
Email: bid@airwalkconsulting.com
Planning
- Planning service
- Yes
- How the planning service works
- Our service helps organisations design and implement a proactive approach to security, instead of reacting to every new threat, which can be time consuming, expensive and prone to error. We begin by assessing your existing Cloud Security operations and identifying what you need to better protect your cloud estate, including any legal or regulatory requirements and taking into consideration the risk appetite and threat landscape. We conduct a maturity assessment to evaluate your security maturity level using multiple framworks (CIS, NIST, ISO) and best practice. We assess your technology, creating risk profiles for each asset and identifying mitigating controls. Finally we build a prioritised plan and set out delivery timelines based on our proprietary 5x5 approach - executing in 5 phases (identify, protect, detect, respond, recover) and across 5 lenses: devices, applications, networks, data and users.
- Planning service works with specific services
- No
Training
- Training service provided
- Yes
- How the training service works
- We work closely with our clients and their teams to ensure that their skills, knowledge and experience develop and evolve in the process of our engagement. We describe this as 'Enablement' - our goal is to leave our clients behind much stronger than we found them. Whilst formal training is part of this, we strongly believe in the effectiveness of working in blended teams with our clients, utilising methods such as peer-programming and mentoring to transfer knowledge and skills to client team members, over time providing them with greater ownership and responsibility as AirWalk steps back from hands-on delivery and hands over to the client.
- Training is tied to specific services
- No
Setup and migration
- Setup or migration service available
- Yes
- How the setup or migration service works
- As part of the strategic roadmap that we work with clients to define, we would identify the key elements required to enable the secure and effective set-up and migration of cloud for their organisation. This would be based on the services/use cases the client wants to move or build in the cloud, the nature of the data or categorisation of the service (i.e. is it mission critical, are there any regulatory requirements?), and build a plan based on these requirements. We then work with the client to execute this plan, providing architectural, engineering and security capability as required.
- Setup or migration service is for specific cloud services
- No
Quality assurance and performance testing
- Quality assurance and performance testing service
- No
Security testing
- Security services
- Yes
- Security services type
-
- Security strategy
- Security risk management
- Security design
- Cyber security consultancy
- Security incident management
- Security audit services
- Other
- Other security services
-
- Cyber Security assessment
- Security incident and event Management (SIEM) design, build and implementation
- Cloud Continuous Compliance - automated continuous monitoring
Ongoing support
- Ongoing support service
- Yes
- Types of service supported
-
- Buyer hosting or software
- Hosting or software provided by a third-party organisation
- How the support service works
- We provide managed service options for a variety of service management and operational areas, including incident management, security operations, service desk and engineering (DevOps, DevSecOps) support. This can be shaped in line with client needs and charged on a fixed monthly cost basis where appropriate.
Service scope
- Service constraints
- No
User support
- Email or online ticketing support
- No
- Phone support
- No
- Web chat support
- No
- Support levels
- Not applicable
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Security Clearance (SC)
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Alcumus ISOQAR
- ISO/IEC 27001 accreditation date
- 20/01/2023
- What the ISO/IEC 27001 doesn’t cover
- N/A
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
Our Carbon Reduction Plan outlines how we will achieve Net Zero emissions by 2030. As part of our services, we extensively promote sustainable behaviours such as minimising documentation printing, systematically recycling materials, energy-saving habits, reducing travel, and using low-emission transport.
Our significant investment in hardware (server) virtualisation has allowed us to create a comprehensive and innovative offer in cloud computing. We leverage the cloud extensively internally, thereby reducing consumption and minimising the environmental impact of our operations by decreasing the need for physical machines.
Our commitment to environmental sustainability is evident in the everyday steps we take. For instance, we have replaced all incandescent bulbs with LED lighting in our office, resulting in a 90% energy saving. Our gadgets and creative packaging are all made from recyclable materials, and we have joined the UK Government Cycle to Work scheme. Moreover, we are actively reducing our business travel by promoting the use of audio-visual conference solutions.
Outside of our working practices, as part of the Reply group, we have purchased 1,046 trees across nine countries that absorb 322,510 kg of CO2 annually. We are also on track to meet our target of having over 50% of our vehicles be fully electric by 2025.
We are committed to lowering our environmental impact as much as is physically possible and are constantly evaluating our practices to ensure that we do everything we can to protect the planet.
We're looking forward to talking with Buyers about what we can do by providing our services to help them reduce the environmental impact.Covid-19 recovery
We support organisations in managing and recovering from the impacts of COVID-19 by delivering transformational change to operate more efficiently, enable remote or hybrid working, and be more cost-effective, enabling them to support their citizens more effectively.
We are setting up two Airwalk Academy programmes for underprivileged secondary-school Year 12 students to support new opportunities in high-growth sectors. These programmes comprise 10-12 weeks of online project management, leadership, or programming tutorial sessions. Participants attend Partner-led employability workshops and receive formal certifications and valuable skills to help them achieve worthwhile and rewarding technology careers.
We support the physical and mental health and wellbeing of our people. We are recognised as one of the UK's Best Workplaces for Technology, and for Wellbeing.
Our hybrid-working model supports effective social distancing, remote working, and those who are shielding. Our managers focus on our employees’ wellbeing by contacting those they manage at least twice weekly, with more formal check-ins every two weeks. We provide a cycle-to-work scheme and a train season ticket loan to support sustainable travel solutions.
To reduce the demand for health and care services, our people have access to private healthcare, including GP and hospital services, mental wellbeing support, and Talking therapy.
To help people and communities manage and recover from the impacts of COVID-19, we constantly review our supply chain, positively discriminating SMEs, VCSEs and mutuals. To remove barriers in advertising for our public sector contracts, we publish opportunities on Contracts Finder and through local authority websites in clients’ locations to support local employment.
We are committed to helping local communities manage and recover from the impact of COVID-19. We look forward to discussing how we can help them and their communities with Buyers.Tackling economic inequality
We are Social Value Quality Mark accredited and committed to tackling economic inequality. Working with disadvantaged school and university students in Manchester and London creates employment and training opportunities in some of the country's most deprived areas.
In Manchester, we will work with underperforming schools and some of their most disadvantaged pupils, delivering two Airwalk Academy programmes focusing on either Project Management or Leadership Skills. The Academies comprise 10-12 weeks of online tutorial sessions, which run alongside the Year 12 participants completing their own independent programming or social-action projects in their local community. Upon completion of the Academy programmes, participants are invited to attend workshops delivered by Airwalk Reply partners, focusing on employability skills and delivering bespoke guidance for effective university and apprenticeship applications. The programmes are followed by a further year of mentoring for all participants, and all students go on to achieve formal certifications. The Academies will provide participants with valuable skills and qualifications to help them achieve worthwhile and rewarding technology careers.
We are working with several other Reply partners in London to mentor underprivileged undergraduate students. Through a partnership with the charity UpReach, we will identify students with the most challenging socio-economic backgrounds and provide regular mentoring to support their journey out of tertiary education into high-quality employment.
Our commitment to economic growth and business creation is not limited to our educational initiatives. We actively support new organisations, constantly reviewing our supply chain to ensure it includes a diverse range of organisations, including SMEs and VCSEs. We also prioritise local procurement where feasible, contributing to growth in our Buyers’ communities.
We look forward to talking to Buyers about how we can help them tackle economic inequality in their locations.Equal opportunity
We actively tackle inequality in employment, skills, and pay. For recruitment, we focus on culture fit as much as capability, and hiring managers participate in EDI and Unconscious Bias Awareness training to ensure equality further.
Our commitment to inclusivity is evident in our efforts to increase the representation of disabled people in our contract workforce. As a Disability Confident Committed (DCC) employer, many of our employees are registered as disabled. This accreditation is a testament to our dedication to improving attitudes. We strive to reduce the disability employment gap by ensuring our recruitment process is inclusive and accessible, offering interviews to disabled people who meet the minimum criteria for the job, and providing reasonable adjustments as required. We support existing employees who acquire a disability or long-term health condition, enabling them to stay in work.
We are committed to aligning with government policies to ensure individuals are not excluded from services due to entry barriers associated with provided channels. We design digital services in accordance with GDS accessibility standards, providing a secure and inclusive digital environment for all.
We ensure research groups include the full range of users. For user research, we ensure it is orientated toward topics such as accessibility and usability. We ensure digital services meet standards, e.g., Web Content Accessibility Guidelines, and ensure services are accessible for those who would otherwise be digitally excluded (use of assistive technologies, use of non-digital channels, etc.). We conduct cross-channel tests for those who try to utilise a service digitally but need to fall back on the phone, post or in-person services. For testing, we make sure testers are representative of all user groups.
We are committed to delivering Social Value throughout all our contracts and exploring with clients how we can add value to their initiatives.Wellbeing
We support the physical and mental health and wellbeing of our people. We are recognised as one of the UK's Best Workplaces for Technology, and for Wellbeing.
Our hybrid-working model recognises the importance of increased communication in maintaining our people’s wellbeing and mental health. We hold virtual and face-to-face daily team meetings, weekly departmental briefings, and fortnightly all-hands sessions at which our people are encouraged to contribute openly and transparently.
We provide 36 hours (three hours a month) to support employees' mental health via Airwalk Allies virtual meet-up sessions to support those colleagues with mental health issues.
We provide £100,000+ annual funding for Vitality health insurance for employees and dependents. The package includes physical and mental health support;
Our managers focus on our employees’ wellbeing by contacting reports at least twice weekly, with more formal check-ins every two weeks. Various Family Policies support maternity, paternity, shared parental and adoption leave. Maintaining a work-life balance is important to us, and we discourage any weekend work.
We give our people flexible working hours where we can. We urge them to work from our offices in London or Sheffield as much as possible to encourage a one-team approach. We also fund our people to organise team-building events, like indoor golf or bowling.
We encourage our people to participate in our calendar of charity events, such as 5k or 10k park charity runs or other charity fundraisers. We provide a cycle-to-work scheme and season ticket loan and deliver a discounted technology scheme, which enables our people to save money on a wide range of tech kits.
As a result of all that we do for our people, our consultants are energised, focused, feel appreciated and do all they can to deliver the best possible service to Buyers.
Pricing
- Price
- £350 a unit a day
- Discount for educational organisations
- No