Cloud Managed Services powered by OpenCloud
Deloitte’s industry leading, Cloud Managed Services driven by OpenCloud, provides relentless automation with a DevOps culture delivering exceptional service outcomes and cloud optimisation for AWS, Azure and GCP workloads. We have standards based infrastructure-as-code accelerators for rapid delivery and operations of secure, scalable and agile cloud infrastructure.
Features
- Relentless automation with true DevOps and Infrastructure-as-Code (IaC)
- CI/CD Pipeline automated deployment and management
- Over 300 automated guardrails to protect your cloud
- Cloud economics, FinOps and cloud optimisation as standard
- Single-pane-of-glass multi-cloud reporting portal for complete service visibility
- Comprehensive security and event logging and reporting capabilities
- Next generation managed services with true observability and incident prevention
- Service oriented approach based on ITIL standards
- Innovative and flexible pricing and commercial models
- Seamless integration with market leading cyber services
Benefits
- Innovative approach to operationalising our clients’ journey to the cloud
- Enables Infrastructure-as-Code (IaC) to automate environment deployment
- We marry industry leading traditional ITSM knowledge with DevOps expertise
- Builds the foundations for connected, capable and scalable enterprise
- Experience working with organisations with complex needs to operationalise consumption
- Expertise in innovative approaches to Cloud Cost Management
- End-to-end continuity from implementation and transition to managed services
- Named the Gartner Leader for Managed Cloud in 2023
Pricing
£100 to £350 a virtual machine a month
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
9 3 9 5 5 9 5 2 7 5 8 1 3 6 9
Contact
Deloitte LLP
Donna Farrell
Telephone: 0207 303 0913
Email: publicsectorbidteam@deloitte.co.uk
Service scope
- Service constraints
- For the avoidance of doubt, we have listed below any activities that (in our experience) are sometimes expected to be in our scope but which are not included within this service. Processing data, licensing software or running technology platforms per se; Large-scale but low-value hosting of a client’s data or applications; and Delivering standard reporting.
- System requirements
-
- Buyer to provide integration to identity store to authenticate users.
- Buyer to own secrets management, encryption keys and PKI certificates.
- Buyers to manage CI/CD pipeline (IAC tooling available on OpenCloud).
- Optional integration to ITSM tooling (including Incident, Change, CMDB)
- Maintaining external integrations to other systems and services.
- Receipt and storage of platform security logs and forensic analysis.
- Provision of any direct connections to cloud providers.
- Optionally Buyer may provide selected tooling (e.g. Anti-Virus).
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Service desk offered through business hours Monday to Friday. Support 24 x 7 on reduced SLA as standard, option for full 24 x 7 support at increased cost. Response times are dependent on contract.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Onsite support
- Support levels
- We can offer different support levels based on the service requirement. We would agree this with the client at the time of order. Cost may be in accordance with our rate card / pricing document.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- We provide a range of services to Buyers when deploying into our cloud environment. In some cases this can be quite 'light touch' with documentation and some limited in-person and on-line training to complement this. More typically we would work alongside the Buyer to understand the needs, design the environment, and migration approach. We also offer bespoke project services to provide the engineering to build the Buyer environments and support the migration of services to the cloud where required by the Buyer.
- Service documentation
- Yes
- Documentation formats
- HTML
- End-of-contract data extraction
- Buyers will have access to their data at all times, and can take snapshots or copies of the data (subject to security policy etc) as required during the lifetime of the contract. At the end of the contract, the Buyer has responsibility and flexibility to their data via a direct network transfer / synchronisation to another supplier, and does not need Deloitte to enable this to happen. We would be willing to discuss offline data transfer methods if necessary though this is not standard.
- End-of-contract process
- Buyers will have the flexibility to facilitate a managed transfer to a new system from our system with minimal support from Deloitte. Users may also take over the existing service in-situ. To enable this happen the client will need to setup their own management platform to replace the Deloitte system, and we will transfer the AWS subscription to the Buyer. We will share configuration details that are specific to the Buyer's environment (i.e. not part of the shared multi-client configuration).
Using the service
- Web browser interface
- Yes
- Using the web interface
- Users can use the standard cloud GUI provided by the hyperscalers to deploy and maintain their environments as required. Our service is compatible with a number of independent IAC tools including Terraform, Ansible and Jenkins, but also supports several vendor specific tools out-of-the-box (e.g. AWS CloudFormation). Buyers have limited flexibility within their own environments to select tools which meet their needs, but this may affect the 'guardrails' that are in place as standard on our OpenCloud platform. Not all tools are supported.
- Web interface accessibility standard
- None or don’t know
- How the web interface is accessible
- The web interface supports the standard access methods to the vendor tools and web GUI, though selection of an optimal browser (e.g. Chrome for GCP) may improve user experience.
- Web interface accessibility testing
- Deloitte makes use of the standard accessibility features of the vendor's tooling.
- API
- No
- Command line interface
- Yes
- Command line interface compatibility
-
- Linux or Unix
- Windows
- MacOS
- Other
- Using the command line interface
- We allow users to configure environments using CLI both via the hyperscaler console and via the relevant tooling (e.g. HCL in Terraform). Our platform has more than 300 'guardrails' which are enforced using the platform tooling (including Cloud Custodian and Tenable). This prevents users from deploying code via the CLI for some basic insecure or sub-optimal features (for example auto-provision of public IP addresses when spinning up new VMs).
Scaling
- Scaling available
- Yes
- Scaling type
-
- Automatic
- Manual
- Independence of resources
-
The ability to scale is dependent on the hyperscaler's (AWS, Azure, GCP) ability to scale. Whilst in principle there is a limit, we are not aware of any practical likelihood of any Buyer being subject to limits due to shared use of the platforms except in the most extreme circumstances (equivalent to a force majeure event).
All users workloads are provisioned in independent, segregated accounts. - Usage notifications
- Yes
- Usage reporting
-
- API
- SMS
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- HTTP request and response status
- Memory
- Network
- Number of active instances
- Other
- Other metrics
-
- Any provided by AWS/Azure/GCP
- Any provided by Deloitte's standard 3rd party monitoring tools
- Can include synthetic transactions
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP)
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- Other locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- Files including media
- VMs
- Containers
- All databases
- All environments (e.g. prod, test, dev)
- Configuration files
- Backup controls
- Backups can be configured for User services using tiered backup ( using different levels of storage for different performance and retention). Backups are usually scheduled but can be undertaken in an ad hoc manner via service request. Full snapshots of environments can be taken if required to allow for activities such as testing. All of this will be subject to any data backup, access and retention policies in effect from the client. Both on-line backup is possible, or integration with the client's existing storage systems (this may require additional detailed design).
- Datacentre setup
- Multiple datacentres with disaster recovery
- Scheduling backups
- Users contact the support team to schedule backups
- Backup recovery
-
- Users can recover backups themselves, for example through a web interface
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Bonded fibre optic connections
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- The service is capable of 24x7x365 availability dependant on configuration and options deployed. Specific SLAs and any credit arrangements will be agreed with a Buyer on a case-by-case basis.
- Approach to resilience
- Our CMP is fully resilient. More detail can be provided on request. For our clients we provide flexibility to use multiple availability zones and regions according to the need, data policies etc to provide full resilience that meets the needs of the Buyer.
- Outage reporting
- Our service can support several methods including API integration to the Buyer's service desk tool, a real-time service link, automated email alerts, and text messages. Usually we will discuss with the Buyer the most efficient way to achieve this.
Identity and authentication
- User authentication
- 2-factor authentication
- Access restrictions in management interfaces and support channels
-
Deloitte has a separate management platform (Cloud Management Platform or CMP) that centrally manages all client subscriptions. There is limited access to the Buyer teams to elements of this (e.g. ServiceNow and Cloud Orchestration tooling), with Deloitte performing security and operational monitoring in a secure area only accessible by the Cloud Ops Team. To enforce the separation, monitoring and logging we have >20 tools including Splunk, Tenable, Prisma Cloud, Cloud Custodian, Trend Micro and many more.
Buyer environments are separated from this and are more customisable according to the specific architectural principles and policies being used. - Access restriction testing frequency
- At least once a year
- Management access authentication
- 2-factor authentication
- Devices users manage the service through
-
- Dedicated device over multiple services or networks
- Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- BSI Assurance UK Limited
- ISO/IEC 27001 accreditation date
- 01/04/2022
- What the ISO/IEC 27001 doesn’t cover
- The scope of the Information Security Management System is limited to the scope of Deloitte LLP and its subsidiaries in the UK, Gibraltar, Switzerland and Liechtenstein.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- We have the following policies in place: Service Control, Approvals (workflow), Resourcing Naming & Tagging, IAM Policies (RBAC), Security (Violations), Network (Architecture), Logging & Monitoring, Image & Patch Management, Encryption, Backup & Retention, Replication, Regulatory, Budget (Quotas), Cost Control (Wastage). Content of these policies will generally be a blend of Deloitte good practice (e.g. for IAM we require 2-Factor Authentication), and client specific requirements. To the extent practical, these policies are enforced by the tooling on the CMP with - where applicable - integration into the Buyer's tooling to support this (e.g. for user authorisation / authentication). Depending on the specifics of the policies, this may involve a level of detailed work between Deloitte and the Buyer to identify how the policies are best applied and enforced. We have over 300 standard guardrails that enforce good practice within each cloud environment (e.g. blocking auto-allocation of public IP addresses to new VMs). We log all security violations and unusual activity and will make this information available to the Buyer. For cost and budget enforcement we pro-actively monitor and flag unusual patterns of usage, or unused / minimally used environments to allow cost efficient management of the environments.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- We track our own configuration and service components on the CMP long-term to be able to identify changes and historic situations. Our core offering will not require Deloitte to be a part of the change management process for most Buyer's who retain the delivery engineering in a BAU capacity. Where required by the client, or where we are providing engineering services to the Buyer, we will integrate into the Buyer's processes. Buyers can request security related information from Deloitte where it relates to the platform. Our tooling will automatically apply 'guardrails' to any change to avoid known common security errors.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- We monitor across all our clients for potential security threats, and actively monitor the CMP for attacks. We flag material security risks we become aware of to our clients. In our most basic service, the Buyer will have responsibility for managing their environment and patching the services. Our service will provide updated underlying versions of O/S, Db, etc, to maintain currency of the services (though older images will be available for backwards compatibility). Where we provide a managed service for the Buyer of their environments / hosted service, a bespoke vulnerability management process can be discussed.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- We have continuous monitoring of the CMP to identify any potential compromises. We also monitor Buyer environments for certain characteristics. For full SIEM monitoring of the Buyer's environments, we can offer this as an additional service, or the Buyer can provide their own service. We log all material events using our Splunk platform and will forward this to a Buyer provided security monitoring tool to enable holistic monitoring - and where required - forensic analysis by the Buyer. When we are aware of a live security issue, we will work with the Buyer to mitigate this as quickly as practical.
- Incident management type
- Supplier-defined controls
- Incident management approach
- Our Incident management process is underpinned by ServiceNow, which has our processes built into the workflow. We can integrate this with client ITSM tooling to allow the passing of tickets between the Deloitte service desk and the Buyer's. Buyers can raise Incidents using this, or via a templated email. We provide incident reports via our online portal which has near real time information on the status of the services and both live and historic incidents. We can provide a service manager to supplement the incident process as an optional additional service.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Third-party
- Third-party virtualisation provider
- Amazon (AWS), Microsoft (Azure) and/or Google (GCP).
- How shared infrastructure is kept separate
- Each organisation is placed in a dedicated instance, separated out from all other clients by our secure Cloud Management Platform. The virtualised infrastructure deployed for each client is based on the standard hyperscaler deployments and are kept completely separate. Indeed Buyers can implement sophisticated rules within their own infrastructure environments to allow for different security zones with access control between them.
Energy efficiency
- Energy-efficient datacentres
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
Deloitte is committed to delivering effective stewardship of the natural environment both with our clients and within communities. We do this through our methodologies, how we run projects, how we work in partnership with our Social Value Delivery Partners and how we think about the future direction of our business. Specific action we would take to support a client with this theme would depend on the scale and scope of the engagement, the Social Value Model Award Criteria (MACs) deemed relevant to the contract, and the locality/beneficiaries/communities we are targeting.
Each engagement will be designed as an impact led service, with Social Value run as a workstream in parallel with the core phases/deliverables of the contract. A Social Value Lead will be assigned to each engagement to agree KPIs and oversee progress and delivery of commitments.
We have infrastructure in place to deliver against this theme. Our Social Value Team manages our ecosystem of Social Value Delivery Partners, and shapes our commitments for delivering additional environmental benefits and influencing environmental improvement and protection. This is done in collaboration with our WorldClimate team, Responsible Business team and Net Zero Transformation, Strategy and Innovation Team.
Our WorldClimate strategy focuses on four objectives where we can make the biggest impact: achieving Net Zero by 2030: Operating Green; empowering individuals through education and sustainability challenges/tools; and engaging ecosystems by collaborating with our clients, alliance partners, NGOs, industry groups, suppliers, and others to address climate change at a systems and operations level.
Our engagement teams can undertake volunteering activities with our climate related Social Value Delivery Partners as social value commitments, contributing to habitat creation and increasing biodiversity (e.g. WWT, WDC). We also have partnerships where we can co-design commitments around green skills, green jobs and carbon literacy.Covid-19 recovery
Deloitte is committed to integrating the five Social Value (SV) themes within the UK Government’s SV Model into engagements through our methodologies, how we run projects, how we work in partnership with other organisations and how we think about the future direction of our business. Specific action we would take to support a client with this theme would depend on the scale and scope of the engagement, the SV Model Award Criteria (MACs) deemed relevant to the contract, and the locality/beneficiaries/communities we are targeting.
Each engagement will be designed as an impact led service, with Social Value run as a workstream in parallel with the core phases/deliverables of the contract. A Social Value Lead will be assigned to each engagement to agree KPIs and oversee progress and delivery of SV commitments.
Our dedicated SV Team provides the bidding and governance infrastructure to deliver against all 5 themes. The team manages our ecosystem of SV delivery partners, shapes our commitments, promotes good practice, and monitors delivery/impact for our clients to ensure the policy outcomes are met.
Via our social impact strategy, 5 Million Futures (5MF), we also have access to a broad range of societal partners across 24 geographies in the UK, 16 nationwide partnerships and 34 partnerships with schools. The priority areas within our strategy are digital skills, education and employability, with inclusion at their core. The Strategy focuses the firm's resources and efforts on addressing inequality, helping people/communities to develop job skills and recover from the impact of the Covid-19 pandemic, improve educational outcomes and access opportunities to succeed in this rapidly changing economy. We have also co-developed a range of products and services with our 30+ Social Value Delivery Partners, enabling us to deliver a range of activities specific to an engagement.Tackling economic inequality
Deloitte is committed to integrating the five Social Value (SV) themes within the UK Government’s SV Model into engagements through our methodologies, how we run projects, how we work in partnership with other organisations and how we think about the future direction of our business. Specific action we would take to support a client with this theme would depend on the scale and scope of the engagement, the SV Model Award Criteria (MACs) deemed relevant to the contract, and the locality/beneficiaries/communities we are targeting.
Each engagement will be designed as an impact led service, with Social Value run as a workstream in parallel with the core phases/deliverables of the contract. A Social Value Lead will be assigned to each engagement to agree KPIs and oversee progress and delivery of SV commitments.
Our dedicated SV Team provides the bidding and governance infrastructure to deliver against all 5 themes. The team manages our ecosystem of SV delivery partners, shapes our commitments, promotes good practice, and monitors delivery/impact for our clients to ensure the policy outcomes are met.
Via our social impact strategy, 5 Million Futures (5MF), we also have access to a broad range of societal partners across 24 geographies in the UK, 16 nationwide partnerships and 34 partnerships with schools. The priority areas within our strategy are digital skills, education and employability, with inclusion at their core. The Strategy focuses the firm's resources and efforts on addressing inequality, helping people/communities to develop job skills and recover from the impact of the Covid-19 pandemic, improve educational outcomes and access opportunities to succeed in this rapidly changing economy. We have also co-developed a range of products and services with our 30+ Social Value Delivery Partners, enabling us to deliver a range of activities specific to an engagement.Equal opportunity
Deloitte is committed to integrating the five Social Value (SV) themes within the UK Government’s SV Model into engagements through our methodologies, how we run projects, how we work in partnership with other organisations and how we think about the future direction of our business. Specific action we would take to support a client with this theme would depend on the scale and scope of the engagement, the SV Model Award Criteria (MACs) deemed relevant to the contract, and the locality/beneficiaries/communities we are targeting.
Each engagement will be designed as an impact led service, with Social Value run as a workstream in parallel with the core phases/deliverables of the contract. A Social Value Lead will be assigned to each engagement to agree KPIs and oversee progress and delivery of SV commitments.
Our dedicated SV Team provides the bidding and governance infrastructure to deliver against all 5 themes. The team manages our ecosystem of SV delivery partners, shapes our commitments, promotes good practice, and monitors delivery/impact for our clients to ensure the policy outcomes are met.
Via our social impact strategy, 5 Million Futures (5MF), we also have access to a broad range of societal partners across 24 geographies in the UK, 16 nationwide partnerships and 34 partnerships with schools. The priority areas within our strategy are digital skills, education and employability, with inclusion at their core. The Strategy focuses the firm's resources and efforts on addressing inequality, helping people/communities to develop job skills and recover from the impact of the Covid-19 pandemic, improve educational outcomes and access opportunities to succeed in this rapidly changing economy. We have also co-developed a range of products and services with our 30+ Social Value Delivery Partners, enabling us to deliver a range of activities specific to an engagement.Wellbeing
Deloitte is committed to integrating the five Social Value (SV) themes within the UK Government’s SV Model into engagements through our methodologies, how we run projects, how we work in partnership with other organisations and how we think about the future direction of our business. Specific action we would take to support a client with the wellbeing theme would depend on the scale and scope of the engagement, the SV Model Award Criteria (MACs) deemed relevant to the contract, and the locality/beneficiaries/ communities we are targeting.
Each engagement will be designed as an impact led service, with Social Value run as a workstream in parallel with the core phases/deliverables of the contract. A Social Value Lead will be assigned to an engagement to agree KPIs and oversee progress and delivery of SV commitments.
Our dedicated Social Value Team provides the bidding and governance infrastructure to support engagement teams. The team manages our ecosystem of Social Value Delivery Partners, shapes our commitments, promotes good practice, and monitors delivery/impact for our clients to ensure the policy outcomes of improving the health and wellbeing within the contract workforce and community cohesion are met.
We have an extensive programme of wellbeing initiatives, tools and events to support our contract workforce. Our Future of Wellbeing team also specialises in wellbeing impact measurement, strategy, and culture, and can work with clients on improving these areas in their organisation. Their methodology is informed by best practice from around the world (e.g. CIPD, COMB-model of behaviour change, World Happiness Report, BSI ISO 45003, Thriving at work standards Stevenson/Farmer, City Mental Health Alliance).
Pricing
- Price
- £100 to £350 a virtual machine a month
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- On a case-by-case basis, we may offer a free, limited proof-of-concept (POC) for users. This will usually be in agreement with our cloud provider. The exact deployment usually is customised for the Buyer's services so some engineering services maybe required to enable the POC and this maybe partially chargeable.