CONTROL PLANE LIMITED

Security Architecture and Security Engineering

With full support for the architecture, deployment, and supply chain management of infrastructure, platforms, and applications, trust ControlPlane’s Security Architecture and Engineering Service to secure your cloud environments, containerised platforms, CI/CD pipelines, and AI-enabled applications by leveraging the latest cloud provider technologies and CNCF open-source projects.

Features

• End to end Security Architecture and Engineering service
• Devise and implement hardened cloud accounts, guardrails and policies.
• Harden containerised platforms, application delivery pipelines, AI/ML reference architectures
• Instil secure platform engineering practices with self-serve Kubernetes (EKS,GKE,AKS)
• Zero-Trust architecture & service mesh design and engineering
• Specialist supply chain security patterns for open-source ingestion,
• Threat model driven security architectures supported by proof of concepts
• Infrastructure as code (IaC) implementations leveraging technologies such as Terraform
• Comprehensive test suites to guarantee implementation and compliance e.g. ISO27001
• Design of SOC/SIEM events, Integrated with existing processes

Benefits

• Flexible offering to support your existing architecture or engineering function
• Integrating within development teams enabling shift left devsecops culture
• Pragmatic approach to security prioritising developer experience and deployment velocity
• Leverage open source and CNCF projects for cost effective solutions
• Vendor agnostic flexibility to design and build the correct solution
• Prevent implementation hurdles with proof of concept supported architecture designs
• Implementations automated as code improving efficiency and reducing misconfiguration risk
• CIS benchmark authors at intersection of compliance and platform engineering
• Qualified consultants with AWS, GCP, Azure, CISSP, CKA/S, OSCP certifications
• Expert DevSecOps engineering for highly regulated environments (CNI, Government, FinServ)

£750 to £2,850 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at solutions@control-plane.io. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

729746574668516

Contact

Technical Solutions
+447570989398
solutions@control-plane.io

Planning

• Planning service: Yes
• How the planning service works: ContolPlane's Security Architecture and Engineering Service commences with an intensive discovery phase, consisting of a review of existing code, documentation, designs and requirements (if existing), embedding within teams and running workshops involving all stakeholders from the business, security, developers and operations to understand needs, pain points and risks. From these activities a threat model and risk driven security architecture is generated, making use of ControlPlane's vendor agnostic approach and unparalleled knowledge of open source. A proof of concept implementation is typically generated at this stage, reducing implementation risk, providing an opportunity for feedback from stakeholders and derisking integration with existing processes in the organisation. ControlPlane executes the implementation by joining an existing team within the organisation, or in the absence of such, forming its own agile squad. All engineering is performed with an emphasis on automation and maintainability, using infrastructure or configuration as code tooling, matching existing tooling or skillsets within the organisation. All implementations are supplied with comprehensive tests to ensure reliability and if required compliance with chosen infosec standards. Knowledge transfer and the ability for the organisation to operate the solution is a priority, achieved through embedding within teams or running regular demos throughout the project lifecycle.
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: ControlPlane can provide training and knowledge transfer through a variety of embedded and classroom based means throughout the projects lifecycle. ; ; Knowledge transfer through embedding within existing teams, running regular project demos and info sessions, detailed documentation and holding specialist handover sessions can be complimented by our portfolio of classroom based interactive training courses covering, GRC with cloud native, threat modelling, devsecops, Kubernetes, secure containerised application development, and Kubernetes Capture the Flag events, available on a per-delegate, per course basis. ; ; For customised courses an additional charge for material uplift may apply, based upon the T&M rates for the consultant performing the uplift.; ; Our training portfolio can be found under our Cloud Native, DevSecOps and Kubernetes Training offering,
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: ControlPlane has extensive experience in on-prem to cloud, or cloud to cloud migrations within regulated industries and CNI projects. ControlPlane will conduct a discovery phase to understand existing strategic drivers, operational processes, technology preferences and skillsets. ControlPlane will subsequently advise accordingly on any operating model, design or implementation, at all levels, having devised container and cloud strategies historically, with knowledge of the process and operations transformation that cloud adoption requires, and limitations of each respective cloud provider that can have an effect on a cloud to cloud migration. ControlPlane's mix of architecture and engineering staff can be supported by agile staff with organisation and cloud transformation knowledge.; ; Designs created and implemented will have a specific focus on security, automation and maintainability, which must in turn be sympathetic to the organisations operating model, processes and skillsets. Cloud misconfiguration is a significant risk, often borne out of poorly defined processes, manual intervention and increasing system complexity. To assist with any migration, ControlPlane recommends that migration projects are conducted with ControlPlane fully integrated into a team within the organisation, and providing support until operational maturity is established.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: Within the context of its Security Architecture and Engineering offering, ControlPlane provide automated security and basic functional test suites that ensure the correct implementation and configuration of infrastructure, platforms and applications. ; ; These test suites are written using languages or tooling the organisation is familiar with, and can be embedded within deployment pipelines to provide regular assurance and regression testing.; ; The test suites will feature tests derived from requirements within the security architecture documentation, which in turn if baselined against a suitable standard e.g. CIS Benchmarks, ISO27001, PCI-DSS can provide compliance evidence.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
  • Other
• Other security services:
  • AI/MLSecOps Reference Architectures
  • Supply Chain attestation and build security
• Certified security testers: Yes
• Security testing certifications:
  • Cyber Scheme
  • Other
• Other security testing certifications: Offensive Security Certified Professional (OSCP)

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by your organisation
  • Hosting or software provided by a third-party organisation
• How the support service works: We provide dedicated staff for each engagement who are allocated on a skills-matched basis and are available to provide phone and email support accordingly on UK working days and hours (09:00 to 17:00). Extended support can be provided subject to agreement and additional cost, as described within the supplementary pricing document.

Service scope

• Service constraints: Normal service hours are from 09:00 to 17:00 UK time on weekdays, excluding bank holidays. Work outside these hours requires prior agreement and may incur additional charges according to the SFIA rate card. All travel and subsistence costs to the client site will be chargeable based on the agreed Terms & Conditions.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: For the duration of the project, ControlPlane staff will be available to answer email queries, usually within one business day.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: We provide dedicated staff for each engagement who are allocated on a skills-matched basis and are available to provide phone and email support accordingly on UK working days and hours (09:00-17:00). Extended support can be provided subject to agreement and additional cost, as described within the supplementary pricing document.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • Offensive Security Certified Professional (OSCP)
  • Certified Kubernetes Adminstrator /Application Developer , Certified Kubernetes Security
  • AWS Certified Solutions Architect, AWS Certified Security-Specialty
  • GCP Professional Cloud Architect, GCP Professional Cloud DevOps Engineer,
  • GCP Cloud Security Engineer
  • HashiCorp Certified Terraform Associate, HashiCorp Certified Vault Associate
  • Azure Security Engineer Associate
  • CREST Registered Technical Security Architect
  • CISSP

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  ControlPlane’s remote-first approach minimises wasteful travel to its corporate office. When travel to a client site is required, sustainable transport options are employed. This remote-first strategy enables ControlPlane to lower its carbon footprint by reducing travel and requiring only a small office.; ; Additionally, in delivering its architecture and engineering services, ControlPlane aims to eradicate wasteful spending on cloud resources. It designs and builds efficient, cost-effective solutions that utilise features such as autoscaling and configuration drift detection to minimise resource usage and expenditure.

  Covid-19 recovery

  As a result of COVID-19, ControlPlane has become a remote-first organisation, offering enhanced flexibility, eradicating commuting, and improving employee work-life balance.; ; Remote engagements also reduce the burden on healthcare services by minimising virus transmission risks. The introduction of virtual tooling necessary for remote work has expanded accessibility to our services.; ; As a result of these changes, ControlPlane has been able to maintain a minimal office footprint, establish sustainable travel practices, and foster a remote-first culture.

  Tackling economic inequality

  ControlPlane's commitment to skill enhancement through client and community engagement—ranging from classroom-based training and knowledge sharing on projects to active participation and presentations at free community meetups and conferences—effectively addresses skills shortages by empowering individuals to gain new skills and certifications.; ; As a vendor-neutral consultancy with a deep commitment to leveraging open source technologies, ControlPlane boasts a rich history of contributing to open-source projects and sponsoring PhD research in technologies it finds beneficial. This strategy not only promotes diversity within the technology supply chain but also ensures the selection of the most fitting technology to meet specific needs, rather than defaulting to a few monolithic suppliers.; ; Furthermore, with a strong focus on security, ControlPlane demonstrates an in-depth understanding of supply chain risks and management strategies, showcasing a proven record of evaluating supply chain risk and implementing solutions that enable organisations to securely utilize open source and other third-party products.

  Equal opportunity

  ControlPlane is committed to promoting equal opportunity, and our diverse culture empowers and develops individuals with talent and integrity. We ensure that individuals at all levels of the organisation grasp the importance and benefits of diversity in high-performing teams. This empowers them with the motivation and opportunity to express their perspectives and drive change.; ; Our recruitment practices are designed to be as inclusive as possible, attracting and retaining top talent from a variety of experiences and backgrounds. We also offer existing employees support, professional development training, and other mechanisms to advance their careers.; ; Furthermore, ControlPlane partners with charities and schools to introduce underrepresented groups to careers in technology and security. These partnerships include hosting and contributing to workshops aimed at secondary school students. Our goal is to educate and inspire young individuals during their crucial academic decision-making phases.; ; ControlPlane is currently in the process of establishing an outreach programme.

  Wellbeing

  ControlPlane is fully committed to employee wellbeing, offering two fully-paid company-wide mental health days annually. We strongly; encourage employees to take this time to focus on relaxation and wellbeing activities. We make scheduled contributions to an employee rewards and benefits platform, which includes a wellness portal and credits redeemable for various products and services, including those focused on wellness.; ; ControlPlane champions a community of open-source and security advocates by attending, presenting at, and organizing industry conferences, local meetups, and engaging with specialist interest groups within the Linux Foundation. Our collaborative ethos is evident in how we engage; we prefer to work embedded within client organisations and existing teams, rather than forming separate teams outside of an organisation.

Pricing

• Price: £750 to £2,850 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at solutions@control-plane.io. Tell them what format you need. It will help if you say what assistive technology you use.