Cloud Security – Threat Profiling
Our team provides a structured review of your key assets, unique threats to them and likely means of compromise. Comprising a review of your cloud environments’ security design, architecture, configuration and governance, we produce detailed threat profiles addressing your operational fingerprint to enable tactical and strategic evolution of your posture.
Features
- Produce a detailed threat profile of Key assets to protect
- Identify threat actors, use cases, highlight threat surfaces, attack vectors
- Review policies, standards, technical designs, use/test cases and user stories
- Workshops and interviews - understand key processes and procedures
- Structured standards and or policy Framework approach
- Thorough technical & Governance appendices detailing all identified deficiencies
- A prioritised remediation road map addressing strategic and tactical issues
- Detail deficiencies in controls and potential outcomes of a cyber-breach
- Executive level summary of business risk and means to address
- Post-assessment briefing offered to discuss findings and recommended next steps
Benefits
- Threat-profile provides foundation for formal modelling and lists attack vectors
- Identify significant threats to Confidentiality, Integrity, and Availability of assets
- Highlighted weaknesses in systems and processes tailored to different audiences
- Address important design considerations and proficiency of current controls
- Identify Pertinent threat actors and likely means of realising threats
- Cross sector experience to share comparable results
- Support prioritisation decisions with actionable intelligence, improve cloud security posture
- Access to world-class threat management tools and Governance practices
- Reflecting Business and ICT Strategies
- Manage fast paced threat evolution unique to your operations
Pricing
£600 to £2,500 a user a day
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
7 3 3 0 8 7 9 7 5 1 1 5 1 3 6
Contact
INET
Srini
Telephone: 07830284296
Email: gundasr@inetsoftwaresolutions.co.uk
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
-
Coding
Quality
Agile
Training
Documentation - Cloud deployment model
-
- Public cloud
- Private cloud
- Community cloud
- Hybrid cloud
- Service constraints
- No
- System requirements
-
- Open Sources Software
- Full Software licenes
User support
- Email or online ticketing support
- Yes, at extra cost
- Support response times
- We have capability of providing same weekday service at weekends but it depends on clinet needs and SLA
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Yes, at an extra cost
- Web chat support availability
- 24 hours, 7 days a week
- Web chat support accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web chat accessibility testing
- We have provided chat facility to many private sector clients
- Onsite support
- Yes, at extra cost
- Support levels
- We provide support to define framework and train the resources
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- We have clearly stated User Manual which helps any new resource to adopt our service We also provide online training
- Service documentation
- Yes
- Documentation formats
-
- HTML
- ODF
- End-of-contract data extraction
- We can provide copy the data and using any ETL process they can extract and migrate
- End-of-contract process
- All copies including data and documents will be handover to client, We will hold a copy for certain period based agreement.All data are secure and follow DPA
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- Linux or Unix
- MacOS
- Windows
- Windows Phone
- Other
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- No difference
- Service interface
- No
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- API
- Yes
- What users can and can't do using the API
- Our user manual explain clear instructions to set up through API
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- Our User Manual explain clear steps to customise the service
Scaling
- Independence of resources
-
Scaling type
Scales automatically
Scales with user intervention
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Nfrastructure or application metrics
CPU
Disk
Memory
Network - Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Supplier-defined controls
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
-
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
-
Backup and recovery
Yes
What’s backed up
Documentation
Databases
Virtual machines
Backup controls
All data is back up at regular intervals and transactional data is maintained for the gaps between backups
Datacentre setup
Multiple datacentres with disaster recovery
Single datacentre with multiple copies
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
Users can recover backups themselves, for example through a web interface
Users contact the support team - Data export formats
-
- CSV
- ODF
- Data import formats
-
- CSV
- ODF
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- Bonded fibre optic connections
- Legacy SSL and TLS (under version 1.2)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- All services will be delivered as per the individual clients and other services they have bought. The refund also defined early agreement.
- Approach to resilience
- It’s available on request
- Outage reporting
-
A public dashboard
an API
email alerts
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Username or password
- Access restrictions in management interfaces and support channels
- We create a GPO for those users and configure the following Group Policy to disable Computer Management Console.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- We are in the process of securing CSA CCM v3.0 ISO/IEC 2700
- Information security policies and processes
- We have dedicated team to define and review security process. 1st line security team will alert any security issues to gateway team who monitor and fix a solution within minimal time period
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- All components and monitored continuosly monitored, we are using BMC Software standards and process. In the configuration management system, changes related to product specification are managed. The types of changes involving the project processes or the project baselines are managed through the change management system.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Identifying / tracking assets (build asset inventory) Categorizing assets into groups Scanning assets for known vulnerabilities Ranking risks Patch management Test patches Apply patches Regulatory requirements
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- We provide full range of Protective Monitoring services in support of CESG Good Practice Guide 13 requirements. These ensure that appropriate measures are in place, providing an oversight of how ICT systems are used while supporting user accountability where cloud services are being provided by a number of suppliers.
- Incident management type
- Supplier-defined controls
- Incident management approach
- Secure senior management approval and confirmation Establish an incident response capability Provide specialist training Define the required roles and responsibilities Establish a data recovery capability Test the incident management plans
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
-
- Public Services Network (PSN)
- NHS Network (N3)
- Joint Academic Network (JANET)
- Scottish Wide Area Network (SWAN)
- Health and Social Care Network (HSCN)
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
We are following strict protocols to achieve Zero Emissions by taking various steps towards,in
summary
We followed 2019 HM Government Environmental and Reporting Guidelines. We have also used
the GHG Reporting Protocol - Corporate Standardand the UK Government's Greenhouse gas
reporting: conversion factors 2021.
Our protocols to achieve TZCE(Target Zero Carbon Emissions)
Our office spaces have
• Double glazing windows and door to reduce usage of electricity during day light
• All our lighting bulbs are energy efficient and sensors
• Clear directions and separate bins for recycling bags
• We provide each staff reusable coffee cups and reclable coffee cups for visitors
• Participate in local events on Recycling and working closely with local council(s)
• Gift vouchers and further discounts for employees who come on car pooling or public
transport
•
2024 to 2025 plans for towards Carbon Reduction
We have plans to implement below protocols in coming future
• further discounts for employee who come on Public transport
• dedicated car parks for car pooling resources
• Reduce working hours for people who travel through public service or car pooling
• Encourage to use electric vehicles
• Financial/loan support for employees who buy electric vehicles
• We are focused on improving the ease and accuracy of our GHG emissions measurements,
including changes to our internal business systems, driving greater transparency and
granularity in monitoring our progress towards the carbon reduction
• Switching for renewable energy sources (solar panels installation, usage of recycled water
for gardens) etc. by end of 2025Covid-19 recovery
1. We have hired morethan 50% of employees who left due to covid and train them in the new technologies matching to latest skills and techniques
2. Supporting families who lost their beloved due to Covid
3. Still maintaining some of the basic things to avoid any future pandemics and making hygienic part of life cycle including effective social distancing, remote working, and sustainable travel
solutions.Tackling economic inequality
We are following many innovate ideas to develop and help new young people to present their ideas in developing new applications, projects and solutions for social needs
The new solutions leads to new employment and social empower
We are conducting many trainings to upgrade the staff skill sets , covering training in the area of Data Science, Cyber Security, Azure Devops and ChatGPT etcEqual opportunity
We have strict guidelines and procedures in maintain equality among male/female/transgender and disable people
We are in the process of providing infrastructure for disabled people. We are helping disable people to develop new skills in IT SectorWellbeing
We are providing good environment for staff to avoid any physical and mental health issues.
We have associated with many Yoga sessions to help employees to avoid any mental health issues and give further discounts on Gym subscriptions.
Encourage employees to participate in UK 5k marathon and Sadguru Yoga sessions
Pricing
- Price
- £600 to £2,500 a user a day
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
-
Demonstration our tools
Customer feedback
Free security check on two applications