Bruhati Cloud Hosting Services

Bruhati provide Cloud Hosting services to Architect, Deploy, Setup and Integrate Public Cloud Infrastructure within your organisation. Our Cloud Hosting Services for Azure, AWS, GCP, Oracle, and Salesforce enable you to build, run, and host, highly available & performing services and applications in a multi-cloud ecosystem.


  • Define business case and benefit for cloud migration
  • Identify cloud migration opportunities to maximise your business objectives
  • Establish a cloud operating model
  • Cloud migrations, Hybrid Clouds, and Multi-Clouds
  • Analytics Cloud, Analytics for Applications, API Gateway, Application Migration
  • Archive Storage, Audit, Big Data, Block Volume, Compute
  • SQL and NoSQL Database, Data Integration, File Storage, Resource Management
  • Azure, AWS, Google Cloud Platform (GCP), Oracle Cloud, Salesforce Cloud
  • Automated deployment to assure ongoing change
  • Resilient and secure application design & automated data back-up


  • Deliver best in class Cloud solutions to transform Government departments
  • Improved control and development of the IT estate
  • Improved Business and IT efficiency
  • Reduced IT Operating Costs and Spend
  • Security by design & monitoring to protect your data
  • Tailored operating model to meet SLA's and KPI's
  • End to end Cloud Architecture and Design Delivery Assurance
  • Fast Deployment and technical setup
  • One supplier to handle all Cloud hosting and Cloud accounts
  • Monitor and Manage Cloud utilisation


£1,000.00 an instance

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

8 1 9 4 9 1 7 4 2 6 7 3 3 9 5


Telephone: 07554871926

Service scope

Service constraints
Any constraints to be identified during initial consultation.
System requirements
Any requirements on buyer side will be identified during consultation.

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Response times are SLA specific and dependent on overall solution needs and SLA's provided by the Cloud hosting provider (Azure, AWS, GCP, Oracle, Salesforce).
User can manage status and priority of support tickets
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
Ensured the keyboard is accessible and text-to-speech is reader-friendly. We’ve made all the default colour settings WCAG 2.1 AA compliant by default.
Onsite support
Yes, at extra cost
Support levels
With standard support offerings, we provide 4 Support levels termed as Critical Priority, High Priority, Medium Priority and Low Priority - all of which have target response times detailed in the SLA. Standard Support comes with the product for a standard fee. For more tailored support, clients can selects a Managed Service option whereby the SLA’s and response times are configured in accordance with their requests. This service can include aspects such as Technical Account Manager, Capacity Management and any other service the client might want to add. The fee for the managed service is determined by the service required.
Support available to third parties

Onboarding and offboarding

Getting started
Standard Training and Full documentation provided - Training and documentation and video's can also be tailored / created to meet specific customer requirements. Train the trainer is also available upon request.
Service documentation
Documentation formats
End-of-contract data extraction
Open standard exporting of Data can be provided at Contract end using tooling capability.
End-of-contract process
At end of contract - customer typically decide to continue with the service. Alternatively they can choose to export the data to another Service Provider, we can assist with this process.

Using the service

Web browser interface
Using the web interface
Internet Explorer 11
Microsoft Edge
Web interface accessibility standard
WCAG 2.1 AA or EN 301 549
Web interface accessibility testing
Accessibility of the Management/Admin Console is managed and tested by the Cloud Hosting providers (Azure, AWS, GCP, Oracle, Salesforce).
What users can and can't do using the API
All aspects of the service can be managed by using the API's from the Cloud Hosting providers.
API automation tools
  • Ansible
  • Chef
  • Terraform
  • Puppet
API documentation
API documentation formats
Command line interface
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface
All aspects of the Cloud Hosting services can be managed using the CLI.


Scaling available
Scaling type
Independence of resources
The hypervisor provided by the Cloud Hosting providers enforce memory and process separation between virtual machines.
Usage notifications
Usage reporting
  • API
  • Email


Infrastructure or application metrics
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Azure, AWS, GCP, Oracle and Salesforce Cloud

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
What’s backed up
  • Virtual Machines
  • SQL Databases
  • NoSQL Databases
  • File Storage
  • Deployment configuration
Backup controls
Backup schedules are agreed during customer onboarding and initial requirement workshops.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
The Cloud Hosting provider (Azure, AWS, GCP, Oracle, Salesforce) SLA's will be used.
Approach to resilience
Cloud Hosting service is designed to be resilient by:

1. Defining the business continuity objectives
2. Workloads across multiple Availability Zones (where possible)
3. Support Region routing
4. Establish an incidence management process
5. Backing up of data
Outage reporting
Public dashboards and email alerts.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
Access restrictions in management interfaces and support channels
Access to management interfaces and support channels is restricted through a combination of username and passwords, multifactor authentication, firewalling, IP restrictions, the use of bastion hosts as appropriate.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications
Any other security certifications
Cloud providers comply ISO/IEC 27001:2013, ISO/IEC 27017:2015, and ISO/IEC 27018:2019

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
Information security policies and processes
Jisc is certified as compliant with ISO27001:2005 (Certificate CI/12868IS) by a UKAS accredited certifying body. Services that we have designed, implemented and operate have been subject to risk assessment including ITHCs and penetration testing by independent CHECK providers. We are able to supply our Information Security Policy subject to a non-disclosure agreement being put in place with the receiving party.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Our service is committed to ITIL aligned Change and Configuration Management for effective management and control of its infrastructure. Change management tool incorporates an automated Change Management Database (CMDB) at the heart of its operation, with all service support and delivery modules linked to the CMDB to ensure a complete and accurate view of customer estates. A CAB team exists within the services department and liaises closely with all other teams to ensure changes are successful and our infrastructure is maintained and accurately modelled within the CMDB.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Cloud Hosting support services to ensure we are operating in line with the latest recommendations and are made aware of any potential vulnerabilities. The patch deployment policy is ITIL aligned and undertaken in accordance with our ISO27001 security policy. For exceptional patching, our processes allow for the management of exceptions which require emergency maintenance to protect your service from vulnerabilities. Notifications are sent to ensure that customers are informed of planned works and all patches are tested before deployment to live.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Use of the cloud-native applications for the collection, monitoring, analysis, alerting and reporting of all IT event, log and performance data. A real-time analytics engine is used to correlate events, logs and performance metrics across your cloud and on-premise infrastructure. A comprehensive suite of highly configurable rules allow alerts to be sent in response to malicious activity and performance-impacting events, all of which is included as standard in the service.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
ITIL-aligned Incident Management process ensures that we respond to any reported faults and sets out target resolution times to ensure that these are fixed within agreed timeframes Customers can report incidents via phone, email or our portal. Our Incident Management process ensures that we respond to any reported faults and sets out target resolution times to ensure that these are fixed within agreed timeframes. For Major Incidents, once the Incident has been resolved, the Incident Manager will ensure an Incident Review Meeting is held and a Major Incident Report is created and distributed.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Who implements virtualisation
Virtualisation technologies used
Other virtualisation technology used
Some Cloud Hosting providers use their own VM (Azure VM, Oracle VM) and others Cloud providers are open to which virtualisation can be used based on customer preference (VMware, Hyper-V, Red Hat etc).
How shared infrastructure is kept separate
The hypervisor enforces memory and process separation between virtual machines.

Energy efficiency

Energy-efficient datacentres
Description of energy efficient datacentres
This is defined by Cloud Hosting provider (Azure, AWS, GCP, Oracle, Salesforce) and this information is made publicly available.

Social Value

Fighting climate change

Fighting climate change

Bruhati Solutions Ltd recognises that it has a responsibility to the environment beyond legal and regulatory requirements. We are committed to reducing our environmental impact and continually improving our environmental performance as an integral part of our business strategy and operating methods. We endeavour to: • Comply with all relevant regulatory requirements. • Continually improve and monitor environmental performance. • Continually improve and reduce environmental impacts. • Incorporate environmental factors into business decisions. • Increase employee awareness and training.
Covid-19 recovery

Covid-19 recovery

It’s critical that we make it possible for our clients to continue operations and help respond to the unique demands that are being faced during these times. Bruhati has been doing the mission-critical work that keeps every organisation – especially those in the public sector – operational and successful. During these challenging times, you can count on Bruhati to support your organisation. Everyone’s health and welfare are a priority, as most Bruhati employees are working from home. We have extensive online collaboration capabilities to help ensure business continuity and we’re working tirelessly to help everyone stay safe while at the same time continuing to serve our clients. Bruhati aims to: ● Create employment, re-training and other return to work opportunities for those left unemployed by COVID-19, particularly new opportunities in high growth sectors. ● Support organisations and businesses to manage and recover from the impacts of COVID-19, including where new ways of working are needed to deliver services. ● Support the physical and mental health of people affected by COVID-19, including reducing the demand on health and care services.
Tackling economic inequality

Tackling economic inequality

Social purpose is a priority for Bruhati, from creating new businesses and new employment opportunities, to improving education and training, Bruhati is committed to tackling economic inequality at root. Our overriding vision is to help lower the unequal distribution of income and opportunity between different groups in society. ● Create employment and training opportunities, particularly for people in industries with known skills shortages or in high growth sectors. ● Support educational attainment relevant to the contract, including training schemes that address skills gaps and result in recognised qualifications. ● Influence staff, suppliers, customers and communities through the delivery of the contract to support employment and skills opportunities in high growth sectors.
Equal opportunity

Equal opportunity

Bruhati Solutions Ltd recognises that discrimination and victimisation is unacceptable and that it is in the interests of Bruhati and its employees to utilise the skills of the total workforce. It is the aim of Bruhati to ensure that no employee or job applicant receives less favourable facilities or treatment (either directly or indirectly) in recruitment or employment on grounds of age, disability, gender / gender reassignment, marriage / civil partnership, pregnancy / maternity, race, religion or belief, sex, or sexual orientation (the protected characteristics). Our aim is that our workforce will be truly representative of all sections of society and each employee feels respected and able to give of their best. We oppose all forms of unlawful and unfair discrimination or victimisation. To that end the purpose of the Bruhati policy is to provide equality and fairness for all in our employment. All employees, whether part-time, full-time or temporary, will be treated fairly and with respect. Selection for employment, promotion, training or any other benefit will be on the basis of aptitude and ability. All employees will be helped and encouraged to develop their full potential and the talents and resources of the workforce will be fully utilised to maximise the efficiency of the organisation. Our staff will not discriminate directly or indirectly, or harass customers or clients because of age, disability, gender reassignment, pregnancy and maternity, race, religion or belief, sex, and sexual orientation in the provision of Bruhati’s goods and services. All employment policies and arrangements have a bearing on equality of opportunity. Bruhati policies are reviewed regularly.


Bruhati Solutions Ltd is committed to the protection and promotion of the mental health and wellbeing of all staff to provide a working environment that promotes and supports the mental health and wellbeing of all employees. Bruhati shall continuously strive to improve the mental health environment and culture of the organisation by identifying, eliminating, or minimising all harmful processes, procedures and behaviours that may cause psychological harm or illness to its employees. Bruhati shall promote mental health throughout the organisation by establishing and maintaining processes that enhance mental health and wellbeing. Bruhati aims to: ● Reduce discrimination and stigma by increasing awareness and understanding. ● Complete an employee survey to identify mental health needs. ● Give employees information on and increase their awareness of mental wellbeing. ● Include information about the mental health policy in the staff induction programme. ● Provide opportunities for employees to look after their mental wellbeing, for example through physical activity, stress reducing activities and social events. ● Provide systems that encourage predictable working hours, reasonable workloads and flexible working practices where appropriate. ● Ensure all staff have clearly defined job descriptions, objectives and responsibilities and provide them with good management support, appropriate training and adequate resources to do their job. ● Manage conflict effectively and ensure the workplace is free from bullying and harassment, discrimination and racism. ● Establish good two-way communication to ensure staff involvement, particularly during periods of organisational change. ● Ensure that employees have a clearly defined role within the organisation and a sense of control over the way their work is organised. ● Ensure that job design is appropriate to the individual, with relevant training, supervision and support provided as required. ● Ensure a physical environment that is supportive of mental health and wellbeing.


£1,000.00 an instance
Discount for educational organisations
Free trial available
Description of free trial
Cloud Hosting Service providers offer a free trial.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.