CDW Limited

CDW Rubrik Polaris M365

Rubrik provides policy-based protection of Microsoft 365 via its Rubrik SaaS platform. Built on a zero trust architecture, assuming all users, devices and applications are untrustworthy and can be compromised, the solution offers unprecedented security, simplicity and performance for search and restore operations across Exchange Online, OneDrive, SharePoint, Teams.

Features

• Immutable data protection
• SLA Policy based management
• Instant search and restore
• Secure set up and role based access
• Support for Microsoft Exchange, SharePoint, Teams, OneDrive
• Air gapped architecture
• Zero trust architecture
• Unify management across M365, and other SaaS and datacenter environments
• Ransomware protection
• Reporting and compliance capability for M365

Benefits

• Policy Based-Simplicity SLA policy engine to automate backup policies
• Rapid (RTO/RPO) Return to operation capability
• Architected for cloud use elastic compute to minimize costs
• Rubrik provides administrators global search capability
• Recover individual specific emails or calendar items
• Role Based Access Control
• Single pane of glass management
• Backup data hosted by Rubrik within Azure UK South
• Simplicity implements within a couple of hours, simple to operate
• Drastically simplifies Data protection for M365.

£1.50 a unit

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@uk.cdw.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

868677316864222

Contact

Andy Wood
0161 837 7744
tenders@uk.cdw.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Microsoft native data protection tools m365 litigation hold, retention policy’s
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements: Complements Microsoft M365 licence F1/F3/E3/E5

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: World-Class 24/7 telephone and web support Committed to Your Success; Rubrik provides around-the-clock support and customized support to deliver the best customer experience. Our highly experienced Support Engineers deliver proactive, real-time professional services 24/7 to increase your stability, efficiency, and effectiveness. If you have a question, we have an answer.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Rubrik’s support team will provide 24 x 7 incident-based coverage globally,Premium Support, customers receive the following benefits:; •Telephone and web support on a 24x7x365 basis. ; •Product updates and fixes: Our support engineers will keep your IT team apprised of latest software updates and new releases and handle critical product fixes, allowing you to maintain a consistent high level of productivity.; •Advanced hardware replacements: For any hardware failures, Rubrik will ship an advanced replacement to arrive at your site the next business day if the request is received before 3pm local time. Please note that shipping to certain locations may be subject to local customs clearance processing and associated delays. Proactive Add-On Support Program: Customer Experience Manager (CEM) and an Assigned Support Engineer (ASE) as single points of contact for your IT organization. ; •The CEM will proactively monitor performance and facilitate business planning through continuous evaluation of business metrics. Through quarterly business reviews, the CEM will recommend strategies to improve your Rubrik operations and returns.; •The ASE will collaborate closely with your IT team to pre-emptively detect underlying issues. The ASE will proactively assist with software updates and upgrades to enhance system availability and maximize uptime and rapid support escalation
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Rubrik university can provide both online and offline training as well and certification and user documentation
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Per EULA Customer will have 30 days to assess and export the data
• End-of-contract process: N/A

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Telephone and web support on a 24x7x365 basis. Rubrik does not have a native Mobile application but has a responsive web design that works on desktop and mobile. User Interface is all HTML5 (no java or flash).
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: N/A
• Accessibility standards: None or don’t know
• Description of accessibility: N/A
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: Rubrik is a API first architecture. Everything can be easily called via RESTful API. Rubrik has a robust REST API implementation that is publicly available on GitHub. https://github.com/rubrikinc . One can also get access to private APIs as well. Check out our API documentation at: https://build.rubrik.com; ; Rubrik provides variety of pre-built templates optimized by use case, such as capacity growth, SLA compliance, and protection status. Drill-down ad-hoc for granular metrics across any dimension (application, time, location, status, etc.). Adjust views by selecting filters on the fly to be applied to multiple data sources directly in the browser. Export and schedule them as needed. All reporting data can also be easily integrated to other reporting systems via Rubrik RESTful API.; ; Polaris does not expose an API
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: Rubrik hosts internal engineering and product development servers at a co-location service provider with state-of-the-art physical security measures. The co-location provider maintains high SLAs for availability, redundancy, and disaster recovery to support our business continuity plans.; ; Rubrik uses third-party SaaS services and co-location data services providers to manage our IT operations. Our HR systems, email and calendaring, internal communications, requirements, and ticketing management systems use best-of-breed SaaS services. These services offer more than requisite SLAs for availability, reliability, and security.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Rubrik

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Please note that for CDM, Customer Data resides in their own data centers and/or cloud tenants. ; ; For hosted SaaS, such as M365, access to Customer data is restricted to a small set of employees on the M365 team. Access is provided on a request driven basis with time limits, and granted through an approval process. Access is through a bastion host, not directly through the employees' laptops. Customer Data never leaves the customers isolated Azure Storage account, and all access is logged to generate an untampered audit trail.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: N/A
• Data export formats: Other
• Other data export formats: Original Format
• Data import formats: Other
• Other data import formats: Original Format

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Rubrik does not manage or control the use of the products and as such, does not provide a RPO or RTO of the services. For Rubrik products and services that are fully hosted and managed by Rubrik, we does not provide specific RTO or RPO timelines, however Rubrik does provide service SLAs.
• Approach to resilience: Rubrik’s business continuity and disaster recovery program is designed to address the risks when Rubrik services are unavailable. Business continuity and disaster recovery plans are reviewed annually and are periodically tested through tabletop tests, functional tests, or actual incidents. Rubrik also leverages leading providers that provide systems and services with high availability and redundancy.
• Outage reporting: Status.rubrik.com

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to Rubrik’s production environment is restricted on an explicit need-to-know basis, utilizes least privilege, and is logged and monitored. Employees accessing the Rubrik production network are required to use multi-factor authentication.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Bureau Veritas
• ISO/IEC 27001 accreditation date: 29 October 2021
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • SOC 2 Type 2 and ISO 27001 certified.
  • https://www.rubrik.com/compliance-program

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Rubrik's information security program is based on ISO 27001 standard, and as such, has policies covering all information security areas. Rubrik has a dedicated, globally distributed security team that focuses on product and enterprise security capabilities such as secure product development and testing, cloud security, endpoint, user and communications security, vulnerability management, incident management, security culture and training, secure logging and monitoring, security governance, security risk management, vendor risk management, and identity and access management.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Rubrik maintains a robust configuration and change management process in place which includes secure design, secure coding, secure testing, and secure release. We have a set of standards for enforcing security and configuring new servers and computers and pushing in new code. All the team’s changes are recorded and auditable. We apply security controls during the development process and do security reviews as well. There are multiple approvals required before making any changes. There is an implementation window, for early access, before changes impact customers minimizing the impact on customers. There is a process for emergency changes and hotfixes.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: All incoming vulnerability reports are triaged immediately to assess impact. Rubrik will treat vulnerabilities found in the 3rd party (open source and other) components with the same level of urgency. We typically use the CVSS score provided by the component owner and determine the impact of the vulnerability based on the component usage. Based on our assessment, they are classified using CVSSv3-like scoring mechanism, and mapped to the internally defined SLAs based on criticality.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Rubrik has security capabilities in place to detect data exfiltration through Rubrik provided laptops, workstations and cloud environments. We also monitor our on-prem and multi-cloud environment 24x7, detect security threats, investigate and respond to security events and incidents. In addition to capabilities such as log storage, search and indexing, our SIEM solution supports threat detection, monitoring and response, threat hunting, machine learning and digital forensics.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Rubrik’s Security Incident Response Team (SIRT) is responsible for responding to security incidents. They manage the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to our products and networks. In case of a Rubrik related security incident, customers should contact security@rubrik.com.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  CDW is committed to fighting climate change and protecting the environment. CDW has made a commitment to achieve Net Zero emissions by 2040, 10 years earlier than mandated by the UK government. To achieve this, CDW has implemented (and continues to implement) initiatives to reduce our emissions and carbon footprint, all of which are underpinned by CDW’s ISO14001 certified Environmental Management System (EMS) and our beGreen program.; ; CDW’s distribution centre and our flagship offices hold ISO 14001 environmental management certifications, with our UK distribution centre also holding REGO energy certifications. In parallel with our EMS and beGreen program, CDW has invested in and implemented a range of initiatives to help tackle our contribution towards climate change across our operational activities. These initiatives include (but are not limited to):; ; -Solar panel usage. As a result, in 2021, we were able to achieve 100% renewable energy sourcing for CDW-owned buildings.; -Energy-efficient lighting solutions, including indoor and outdoor LED lighting.; -Motion sensor lighting and conveyor systems that turn off in response to inactivity.; -Water consumption solutions, including rainwater harvesting efforts.; -“Smart” HVAC systems that adjust according to business hours and seasonal temperatures.; -A ‘Pin to Print’ program enabling enhanced print queue management to reduce wasted print jobs; -A goal to achieve 100% renewable energy sourcing for electricity by 2027. In 2021, 98% of electricity consumed in the UK was from renewable sources.; ; Additionally, at our distribution centres, we have recycled:; ; -2,966 tons of packaging material; -9,794 tons of cardboard; -636 tons of paper; -Thousands of wood and plastic pallets; ; Furthermore, at a coworker level, CDW has established a ‘WE GET Our Environment’ Business Resource Group and an Environment Committee with the purpose of increasing awareness of the environmental and social strategy, and to empower coworkers to get involved in environmental initiatives.

  Equal opportunity

  CDW is committed to creating a working environment for coworkers dedicated to inclusion, diversity and equal opportunities, as detailed in our CDW Way Code, which teaches all CDW coworkers to:; ; -Always do their best to make everyone at CDW feel welcome; -Treat other coworkers with respect and dignity; -Maintain an inclusive workplace in which all coworkers can demonstrate their full potential; -Respect the unique attributes and perspectives of every coworker; ; CDW provides equal treatment and opportunity without regard to:; ; -Race; -Skin colour; -Religion; -National origin; -Gender; -Sexual orientation; -Gender identity; -Disability; -Age; ; Our commitment to equality is underpinned by six Business Resource Groups (BRGs). BRGs ensure all coworkers have a voice, build awareness, and provide support to similar groups in their communities. The BRGs include:; ; -Armed Forces Network; -Black Coworker Network; -Disability Support Network; -PRIDE+; -United Support Network; -Women’s International Network; ; CDW coworkers are empowered to reach their highest potential, and we are focused on providing them with a wide variety of tools and development opportunities to help them achieve their career aspirations at CDW, regardless of origin, background or situation. Within our learning culture, all coworkers are surrounded by comprehensive resources and support, ongoing education and skills training, and robust advancement opportunities. We offer a variety of programs to help current and future leaders build diverse teams and to help diverse coworkers develop their leadership skills so they can continue to advance in the organisation.; ; Our commitment to equal opportunities and diversity is demonstrable across our organisation. As an example, CDW’s CEO and President, Chris Leahy, is female and CDW’s Executive Committee consists of 50% female and 50% male coworkers, with 42% coming from multi ethnic backgrounds.; ; CDW is also committed to reducing the gender pay gap and produces an annual gender pay gap report - https://www.uk.cdw.com/site-tools/pay-gap-report/.

  Wellbeing

  CDW is committed to providing coworkers and their families with the knowledge necessary to make the best health and wellness choices for themselves and their families. ; ; Our approach to wellness is designed to help coworkers be safe, healthy and successful. We understand that managing work and personal life is a balancing act of shifting priorities and so we offer a variety of benefits that supports a coworker’s physical, financial, emotional and social ; wellbeing, including access to telemedicine, a suite of family benefits and a variety of wellness incentives and programs.; ; CDW provides coworkers with an Employee Assistance Program, which offers confidential, individualised coaching to help coworkers achieve personal or professional goals. It also features enhancements for crisis care, 24/7 phone support and an emergency referral system.; ; Ongoing coworker engagement is fostered through regular communications events, including: ; ; -Monthly wellness e-newsletters promoting benefits available to coworkers; -Workshops and activities focused on timely topics; -Various campaigns to raise awareness for meaningful topics throughout the year, including mental health, emotional wellbeing and heart-mind gratitude; ; As a further example of our commitment, in response to the COVID-19 pandemic, our Coworker Services team implemented “coworker calls” - informal, but regular check-ins to ensure all coworkers are caring for their mental health and receiving the support they need.; ; CDW also established ‘The CDW Community’, an initiative set up to provide coworkers with activities that they could participate in to keep them physically and mentally active, and to give them a platform for social engagement with other coworkers during a time where many were feeling isolated.; ; Following its success during COVID, the CDW Community initiative has remained operational as we exit the pandemic, continuing to provide CDW coworkers with activities and resources centric to physical and mental wellbeing, as well as sessions to support a healthy family life.

Pricing

• Price: £1.50 a unit
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: 30 day trail of Rubrik Polaris for M365 Free trial lasts 30 days and is open to new and existing customers. .This offer is subject to availability and subject to change without notice. Restrictions apply.
• Link to free trial: https://www.rubrik.com/lp/contact-us/polaris-m365

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@uk.cdw.com. Tell them what format you need. It will help if you say what assistive technology you use.