Sterling - Druva Data Resiliency Cloud - Endpoints and SaaS Applications
Druva provides a flexible, comprehensive platform to centrally-protect and govern business-critical data across endpoints, and multiple SaaS applications. Built in the cloud, Druva makes it easy to discover, protect, and govern your SaaS data, even if its complex, distributed, fluid.
Backup, archival, and compliance for Endpoint devices and cloud workloads.
Features
- cloud-to-cloud back up and recovery
- legal hold, eDiscovery, and forensics' investigations
- Granular and role-based access control
- Unlimited data retention and restore
- Multi-Geo support with AWS storage regions
- Air-gap your environment from the threats with immutable backups
- Eliminate hardware, infrastructure, and storage
Benefits
- Zero-trust security architecture
- Immutable, air gapped backups
- Global source-side, inline deduplication
- Incremental forever back up model
- Unlimited Restores (no cloud egress charges)
- Cloud based centralized management
- Role Based Access Control (RBAC)
- Multi-Factor authentication (MFA)
- Unusual data activity and user access insights
- Federated search across all users and all devices
Pricing
£3.67 a user a month
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
7 3 1 7 8 7 3 6 5 2 3 4 5 3 5
Contact
Sterling Computers Corporation
Luke Flanagan
Telephone: +447557400401
Email: luke.flanagan@sterling.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- The Service is cloud based and constraints are likely to be end user specific. The only key restraint is this service only holds backup data in AWS clouds
- System requirements
- Subscription Licences
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Business critical offered as standard with priority of response set by customer. Critical having 1 hour initial, high 2 hours, medium 4 hours and low 8 hours. We offer premium support (at a cost) with critical being 30 mins, high 1 hour, medium 2 hours, and low 4 hours
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Web chat
- Web chat support availability
- 24 hours, 7 days a week
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- Via support and the website user portal. https://support.druva.com/s/
- Web chat accessibility testing
- Sterling has tested the web chat functionality.
- Onsite support
- No
- Support levels
- "Business critical offered as standard with priority of response set by customer. Critical having 1 hour initial, high 2 hours, medium 4 hours and low 8 hours. We offer premium support (at a cost) with critical being 30 mins, high 1 hour, medium 2 hours, and low 4 hours.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
User Documentation: We provide comprehensive user documentation that covers all aspects of our service, from basic functionalities to advanced features. This documentation is easily accessible through our website or within the application itself. It includes step-by-step guides, FAQs, troubleshooting tips, and best practices.
Online Training Resources: We offer online training sessions through webinars, video tutorials, and interactive courses. These resources cater to different learning preferences and skill levels, allowing users to grasp concepts at their own pace. We also provide live Q&A sessions during webinars to address any queries or concerns users may have.
Onsite Training (Optional): For organisations or teams that prefer personalised assistance, we offer onsite training sessions conducted by our experienced trainers. These sessions can be tailored to the specific needs and workflows of the users, ensuring maximum productivity and efficiency. - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- Users can extract data manually from within the system at any time. An bulk export service is available at an additonal cost. Upon termination of the contract, data is transferred back to the client over a secure channel (TLS 1.2) or other storage medium of their choice.
- End-of-contract process
- Customer will have 30 days to retrieve their data after termination of services. If you wish to retrieve data more than 30 days after termination, customer will be charged the current price for every additional storage day. Data will be returned either via direct transfer, where we will export Customer Data into Customer’s AWS account under the selected S3 bucket; or a portable physical media provided by Customer (i.e. SATA, USB connected media or AWS Snowball).
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- Linux or Unix
- MacOS
- Windows
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- N/A
- Service interface
- Yes
- User support accessibility
- None or don’t know
- Description of service interface
- There is a GUI Portal that allows users to access all aspects of the backup service
- Accessibility standards
- None or don’t know
- Description of accessibility
- There is a GUI Portal that allows users to access all aspects of the backup service
- Accessibility testing
- Unknown
- API
- Yes
- What users can and can't do using the API
-
"We have both Events and Actionalble APIs
Please see following link to see documentation outlining all requirements:
https://developer.druva.com/reference" - API documentation
- Yes
- API documentation formats
- HTML
- API sandbox or test environment
- No
- Customisation available
- No
Scaling
- Independence of resources
- "The service is cloud provisioned and right sized for each individual organisations workload demands. The right sizing of the cloud environment ensure performance demands are comfortably meet. The service is scalable using Amazon AWS Compute and Storage for all Servers, allowing it to use further resources as and when necessary. No further customer investment in additional technologies is necessary to ensure scalability of the service- this is included in the service per user cost
Analytics
- Service usage metrics
- Yes
- Metrics types
-
"Service availability,
deduplication rates,
successful backups,
successful restores,
Active users,
license allocation,
growth rates.
Not limited to the above and many more available" - Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra support
- Organisation whose services are being resold
- Druva
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Other
- Other data at rest protection approach
- Once the data arrives in the Druva Cloud Platform, it’s immediately encrypted using an AES 256-bit encryption key that is unique to, and completely controlled by that customer. Druva does not have access to customer backup data; each customer has their own unique key to access their backup data. This gives not only logical separation from the Druva control plane but also prevents data leakage in the cloud for data at rest.
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Users can extract data manually from within the system at any time. An bulk export service is available at an additional cost
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- Other
- Other protection between networks
- To protect data in flight, Druva uses industry-standard Transport Layer Security (TLS) for all data transmitted to the Druva Cloud Platform. Further, data at rest (DARE) in the storage environment is protected by AES 256 Bit encryption.
- Data protection within supplier network
- Other
- Other protection within supplier network
- Data at rest with AES-256 & data in motion with TLS 1.2
Availability and resilience
- Guaranteed availability
- We provide an SLA of 99.5% uptime and 99.99999% Customer Data durability.
- Approach to resilience
- AWS Multi-way redundancy: The cloud instance for the customer is alwalys replicated between 3 physically different data centres as part of the Amazon AWS availability zone feature. In the case of access being not availabile from 1 datacentre, the customers instance will be instantly available from 1 of the 2 further datacentres.
- Outage reporting
- Outages of the system availability or the storage component are communicated to all assigned administrators within a cloud instance via email as well as via the Support Portal. An online dashboard also reports instance of global outages.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Username or password
- Other
- Other user authentication
-
"Druva supports the use of cloud-based SSO solutions such as Okta, Ping Identity, and Microsoft ADFS for both administrators and end users. Organizations can also leverage more traditional directory service implementations, such as Microsoft Active Directory or LDAP, for user authentication.
" - Access restrictions in management interfaces and support channels
-
"-Centralized Authentication for User Access.
-Authentication for Data Restore Requests: an additional mechanism can be enacted that will force a user to authenticate against the Druva system directly when choosing to restore data.
-Druva supports a full featured (RBAC) Role Based Access Control - model to implement the principle of least privilege and restrict unauthorized access." - Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Schellman LLP
- ISO/IEC 27001 accreditation date
- 28/09/2023
- What the ISO/IEC 27001 doesn’t cover
- NA
- ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- 17/02/2023
- CSA STAR certification level
- Level 1: CSA STAR Self-Assessment
- What the CSA STAR doesn’t cover
- N/A
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
-
- ISO 9001
- ISO 14001
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- We undergo an annual ISO 27001, SOC 2 Type 2 and HIPAA audit. Please review audit reports at security.druva.com
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Druva has documented policies and procedures regarding change management, patch management, and deployment of changes in the Configuration Management Policy. Both change and patch management follow the same process. The procedures regarding patch management exist to verify that relevant, up-to-date patches and security updates are installed. Changes to the application and database are requested using a Change Request (CR) in a ticketing system. Changes are approved as per the authorization matrix defined in Cloud Operations Guide. The change implementer is granted access to the production server for deploying the changes based on approval from the Cloud Operations Head.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Vulnerability Management for the Druva Cloud Service is done as follows: Critical Vulnerabilities are patched in 14 days or less. High Vulnerabilities are patched in 30 days or less. Medium Vulnerabilities are patched in 90 days or less. Low Vulnerabilities are patched in 180 days or less.
- Protective monitoring type
- Undisclosed
- Protective monitoring approach
- Druva has logging systems and log reviews to detect security issues such as loss, misuse, or unauthorized access to Customer Data. This includes developing a baseline of expected activity within the Cloud Services; logging to detect activity exceeding baseline thresholds. Logs shall be regularly reviewed by Druva, either manually or using log parsing tools. Logs will be retained for a minimum of six (6) months and protected from unauthorized access, modification, and accidental or deliberate destruction. Customers who wish to retain audit trails beyond this period can do so through our events API ingest the logs into their SIEM system
- Incident management type
- Undisclosed
- Incident management approach
- Druva has a documented Incident Response Plan that includes steps to respond to security incidents including identification, investigation, response, mitigation, customer notification, and root cause analysis.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
Fighting climate change
"Druva leverages AWS data centers, and as such, we get the benefit of their state-of-the-art facilities, physical and environmental security.
This is detailed in AWS Overview of Security Processes https://aws.amazon.com/architecture/security-identity-compliance/?cards-all.sort-by=item.additionalFields.sortDate&cards-all.sort-order=desc&awsf.reference-architecture=*all&awsf.content-type=*all&awsf.methodology=*all&tma-cards-security.sort-by=item.additionalFields.airDate&tma-cards-security.sort-order=desc
Fire Detection and Suppression
Automatic fire detection and suppression equipment have been installed to reduce risk. The fire detection system utilizes smoke detection sensors in all data center environments, mechanical and electrical infrastructure spaces, chiller rooms, and generator equipment rooms. These areas are protected by either wet-pipe, double-interlocked pre-action, or gaseous sprinkler systems.
Power
The data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week. Uninterruptible Power Supply (UPS) units provide backup power in the event of an electrical failure for critical and essential loads in the facility. Data centers use generators to provide backup power for the entire facility.
Climate and Temperature
Climate control is required to maintain a constant operating temperature for servers and other hardware, which prevents overheating and reduces the possibility of service outages. Data centers are conditioned to maintain atmospheric conditions at optimal levels. Personnel and systems monitor and control temperature and humidity at appropriate levels."Covid-19 recovery
"Druva has a formal Business Continuity Plan designed to continue operating the services in the event of different business disruptions. This includes Druva’s pandemic plan that has been activated in the event of the COVID-19 pandemic.
In summary, Druva has a distributed workforce with personnel located in countries around the world. Druva personnel all have the ability to work remotely. Primary business systems are hosted services and can be accessed anywhere over the internet. Druva personnel have been instructed to work remotely.
https://www.druva.com/pandemic-response/"Tackling economic inequality
Sterling actively supports educational establishments, the wider public sector, and local communities through various initiatives. One notable involvement is as an ambassador for the STEM Learning programme, where Sterling collaborates to improve the educational outcomes of young people in STEM education. This partnership aims to foster collaboration and support within the STEM education ecosystem, ensuring that young learners can access quality educational resources and opportunities.
Furthermore, Sterling has extended its support to local schools and universities, such as Lancaster and Manchester. This assistance primarily involves participation in learning events hosted by these universities at the Manchester DiSH office, where Sterling is situated. Manchester DiSH has supported over 4000 youngsters with online safety, accredited female lead VCSEs with Cyber essentials, hosted MPs and supported countless businesses with cyber awareness. An example of Sterling’s involvement, is we actively participated in a 'Dragons Den' event organised for local schools, held at the Manchester DiSH office, hosted by Barclays Eagle Labs. During this event, Sterling engaged with young entrepreneurs, listened to their business ideas, provided valuable feedback, and offered guidance and support to their educational business studies. Sterling is also actively helping with Elective Home Education (EHE), where children between the ages of eight and fifteen come into the office to learn subjects such as Robotics, Cyber Security, and Money Management.Equal opportunity
Sterling is committed to providing free-of-charge skill provision to our Members and Wider Public Sector Contracting Authorities accessing this Framework Agreement. Our aim is to offer a range of workshops, seminars, and online training sessions that are tailored to meet the specific needs of our stakeholders. These sessions will cover a diverse array of topics, including technical skills relevant to our industry and broader soft skills essential for professional development. We will work closely with our partners and stakeholders to identify areas of need and tailor our training offerings accordingly.
Sterling proudly hosts a dynamic paid internship program renowned for its enriching experiences. Each summer, interns at Sterling delve into various facets of our operations, honing essential Sales, Accounting, and Operations skills. Moreover, participants enjoy various benefits, including mentorship from seasoned professionals, exposure to real-world projects, and networking opportunities within our vibrant corporate culture.
Designed for college students, our internship program is a launching pad for aspiring professionals. It offers invaluable insights and hands-on training that complement academic learning. As a testament to its success, many of our interns seamlessly transition into full-time roles upon graduation, leveraging their internship experience to hit the ground running in their careers.
At Sterling, we're committed to nurturing talent and empowering the next generation of leaders. Join us this summer and embark on a journey of growth, learning, and endless possibilities. Sterling currently offers this program globally and will endeavour to extend this opportunity to participants once we are brought on to the framework. This internship program serves as an essential avenue for developing talent and fostering future leaders in our industry.
A proactive and collaborative
Pricing
- Price
- £3.67 a user a month
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- 30 Day free Trial - Fully functioning
- Link to free trial
- Contact Sterling POC