UST Global Pvt Ltd

UST Cloud Manager

UST Cloud Manager is a multicloud service management platform that enables customers to visualize, provision, manage, optimize, and automate their cloud environments. The Service Offering collects and consolidates all a customer's cloud environment data in a single platform to enable the customer to efficiently optimize and govern its cloud environment.

Features

• Self-service portal for resource provisioning
• Built-In Approval Workflow for Managers
• IT Service Catalog Creation
• Build in Guardrails
• Cost Visibility for Cloud Providers
• Chargeback
• Role-Based Access Control
• Compliance & IT Governance
• Monitoring of Resource Landscape
• Automation to increase operational Efficiency.

Benefits

• Single pane of glass to manage entire resource landscape.
• 3 step simple workflow for provisioning which works across providers
• Effectively manage multiple public and private clouds
• User friendly interface
• Manage cloud resources from single console
• Create alerts and notifications for set resource parameters
• Get insights into security threats and system vulnerabilities
• Get insights into budget forecasts.
• Chargeback to projects and departments
• Understand cost at different levels

£3,250 a unit a month

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ukpublicsectorsales@ust.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

950416191865903

Contact

Patrick Marren
07544102103
ukpublicsectorsales@ust.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: N/A
• System requirements: 4 VMs of minimum 4 vCPU, 8 GB RAM each

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Customers are able to raise requests to service through email, phone or a web portal 24x7x365 days a year with defined service SLAs to respond to those requests based on incident/issue severity.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Via a centralised portal that enables webchat.
• Web chat accessibility testing: N/A
• Onsite support: Yes, at extra cost
• Support levels: We have L1, L2 and L3 support levels and are finalized per the client requirements. Cost and resources are subject to discussions and are determined as per the client needs.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Online training and user documentation is available. Onsite training can be provided based on the engagement model.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: UST will export any customer specific data in an agreed format
• End-of-contract process: We will assist with export of data as required at end of the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: No differences.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Secure service interface is available for selected features of the platform.
• Accessibility standards: None or don’t know
• Description of accessibility: Service is available via a standard webbrowser protected by various authentication measures.
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: Yes. API is available for specific features like cloud resource provisioning, Cloud governance, Cost module etc.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users can customize the automation workflows and architecture blueprints. When used as private cloud solution extensive modifications can be made to the platform.

Scaling

• Independence of resources: Every tenant will have their own dedicated and independent environment.

Analytics

• Service usage metrics: Yes
• Metrics types: Cpu, disk, memory, network, budget utilization at resource level, security/compliance (e.g. untagged resources) and others.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest: Other
• Other data at rest protection approach: Encryption and other standards followed by AWS and Azure
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: We will assist with export of data as required at end of the contract.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: VNET, Subnet level protection

Availability and resilience

• Guaranteed availability: The level of availability depends on the availability mechanisms chosen by the customer for the infrastructure services (public and private)
• Approach to resilience: Available on request.
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: Authentication against customer Active Directory.
• Access restrictions in management interfaces and support channels: Role based access for users based on the Organisational structure defined, which can be integrated with external identity systems such as Microsoft Active Directory and Okta.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: Role Based Access integrated with Identity systems such as customer Active Directory, Okta, or others.

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Information can be provided upon request
• ISO/IEC 27001 accreditation date: Information can be provided upon request
• What the ISO/IEC 27001 doesn’t cover: Information can be provided upon request
• ISO 28000:2007 certification: Yes
• Who accredited the ISO 28000:2007: Information can be provided upon request
• ISO 28000:2007 accreditation date: Information can be provided upon request
• What the ISO 28000:2007 doesn’t cover: Information can be provided upon request
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: UST follow a defined escalation and reporting approach. Full details can be supplied upon request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Undisclosed. Information can be provided to individual customers under an NDA.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Undisclosed. Information can be provided to individual customers under an NDA.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Undisclosed. Information can be provided to individual customers under an NDA.
• Incident management type: Supplier-defined controls
• Incident management approach: Our incident management approach is based on the ITIL v3/v4 framework.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Tackling economic inequality:

  Tackling economic inequality

  UST typically aim to fill at least 10-15% of roles with people from a disadvantaged background, providing employment and training opportunities to disadvantaged people from economically underprivileged areas who may face barriers to digital jobs, such as not having a university degree. UST work with partners who provide employment opportunities, along with training, and personal development for their staff. We will hire disadvantaged staff who would typically be unable to find opportunities in the technology industry, provide them with all necessary training and experience, and then bring them onto projects where they will bring value and success both to the project and their own careers. Where possible, UST will hire from areas that have over 20% of the community on out-of-work benefits. Our head of Social Value will assist in assessing suitable areas and provide feedback to recruitment teams. UST will be visible in these deprived areas through local community workshops and advertise the roles to these communities. Additionally, UST will work with Job Centre Plus to help find suitable candidates who would benefit from training and work opportunities.
• Equal opportunity:

  Equal opportunity

  UST implement processes to eliminate bias in our hiring and promotion practices, working to support people who fall under the nine ‘protected characteristics’ detailed in the Equality Act 2010. Our recruitment process is designed to eliminate bias. We use software that removes all personally identifying information from CVs, such as gender, race, and age, before they are reviewed to ensure these characteristics don’t factor into hiring. We have a multi-phase interview process, with a team of five people selected randomly for each interview to provide a wide range of perspectives on each candidate. Salaries adhere to a defined pay structure and are based entirely on role and skills. Our recruitment team is trained in strategies to ensure the recruitment process does not demotivate or bias against any group. This includes the Unconscious Bias course provided by LinkedIn, which details the impact of bias, how it arises, and how to combat it. We provide training to staff at all levels, and renew this training on an ongoing basis, to create an inclusive environment where staff are empowered to identify and tackle bias.

Pricing

• Price: £3,250 a unit a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: A 60 day trial version is available upon request for the standard subscription

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ukpublicsectorsales@ust.com. Tell them what format you need. It will help if you say what assistive technology you use.