CDW Limited

CDW Cohesity

Cohesity provide resilient data management for hybrid and multicloud environments. Cohesity helps organisations to reduce the threat of ransomware and data exfiltration with a security first next-gen data management solution designed to keep your data secure.

Features

• Backup and Recovery/Back up as a Service
• Immutable Backups
• Instant Mass Restore
• Clone for Test and Dev
• Native multi protocol File Services
• Public cloud integration / Cyber Vaulting
• Virtual Machine protection / Threat Detection
• Database protection / Data Classification
• Multi-tenancy and RBAC
• Scale out storage

Benefits

• Best in class protection of production systems
• Consolidate secondary storage infrastructure
• Anomoly Detection
• Reduce RTO/RPO
• Lower TCO
• Consolidate management silos
• Faster Recovery
• Threat defense architecture
• Allow customers to meet NIST and other comparable requirements

£900 a terabyte

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@uk.cdw.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

964043476109503

Contact

Andy Wood
0161 837 7744
tenders@uk.cdw.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: Software must be installed on specified architecture (physical, virtual, cloud), Software must be licensed appropriately, Must be used to protect/manage supported systems.
• System requirements:
  • Software must be installed on specified architecture (physical, virtual, cloud)
  • Software must be licensed appropriately
  • Must be used to protect/manage supported systems

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times will be between 1-4 hours dependent on the severity of the issue. Support is provided on a 24/7 follow the sun basis, this is not affected by the weekend.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Cohesity are able to offer Premium and Platinum support, costing is based on the total license cost of the deployment. Platinum support provides the customer with a designated support engineer (DSE) and a technical account manager (TAM) to act as an escalation point in case of any support issues.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: On-site, remote, and web training is available to be purchased covering installation and administration of the solution. All Cohesity solutions will come with 'as sold' documentation providing detail on the sizing of the environment and licenses included as part of the solution.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data can be restored to production systems upon conclusion of the contract if required. Alternatively it will expire based on policy based retention (which can be architected around contract dates) or can be forcibly deleted by an admin provide that File Lock (WORM) has not been employed.
• End-of-contract process: Cohesity provides access to software and support services as part of the contract, customers can leverage our professional services capabilities for any complex onboarding and setup. For offboarding customers typically do not engage Cohesity but services can be provided via Cohesity or the partner network

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: All operations on the Cohesity platform can be managed through the HTML based UI, with customers also able to manage multiple clusters based in different geographies or within the public cloud holistically through use of Helios. There is also a mobile version of Helios that allows for remote management and visibility of the environment via smartphone application.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The Cohesity GUI is used or full administration of the solution, including; DataProtect, SmartFiles, Reporting, Performance Management etc.
• Accessibility standards: None or don’t know
• Description of accessibility: Cohesity's UI is all accessible through a standard HTML5 based browser. We also have a mobile Cohesity monitoring application that is available through the Apple and Google App Stores.
• Accessibility testing: Not applicable.
• API: Yes
• What users can and can't do using the API: Cohesity is an 'API First' environment and all GUI functions of the cluster can be accessed via a RESTful API library. API documentation and sample scripts are included with our standard documentation. API integration can be used to automate or personalise features of the solution or to integrate with other third party tools.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Cohesity's default management is done through its HTML5 web interface, yet is based on an API first architecture. 100% of functionalities are possible by RestAPI calls. Furthermore Cohesity has prebuilt integration with popular enterprise management systems such as ServiceNow, VMware vRealize Automation, and Ansible. These solutions can incorporate the process of deploying and decommissioning systems with Cohesity's features of DataProtection and archiving.

Scaling

• Independence of resources: Cohesity solutions are sized and architected based on both storage and performance requirements based on the customers data footprint and data management requirements. As customer data grows, nodes can be added to the solution as required with linear performance guaranteed across the whole cluster.

Analytics

• Service usage metrics: Yes
• Metrics types: Capacity and Usage (total capacity vs capacity in use), Design and Build (backups sources, growth, duplicates etc), Backup Operations (backup job reports),
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Cohesity

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: User data will be restored from Cohesity in the native format.
• Data export formats: Other
• Other data export formats:
  • NFS
  • SMB
  • S3
• Data import formats: Other
• Other data import formats:
  • NFS
  • SMB
  • S3

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The Cohesity solution consists of a minimum of 3 highly-available nodes in a cluster. Each cluster has has no single point of failure and can be configured to meet redundancy levels that can vary by workload if desired.
• Approach to resilience: Cohesity infrastructure will typically provide 99.999% availability.
• Outage reporting: Alerts can be accessed through the main dashboard view as part of the overall health of the cluster. The Cohesity cluster creates alerts when potential problems are found, thresholds are exceeded, job failures etc.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: Cohesity has full RBAC capabilities which comprises of role and user. A role defines actions that can be carried out whilst a user has specific objects associated with them in order to limit where those actions can be carried out. Cohesity has a built in firewall with support for granular restruction over set interfaces and set IP/subnets for management access. Support access is disabled by default and is operated by the user who can allow remote access if needed. This can be temporarily enabled and will turn off automatically after a defined period.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • SEC 17a-4(f) Certification (WORM & Data Security)
  • FIPS 140-2 encryption
  • Common Criteria EAL2+

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: For compliance and governance, backup jobs have the option of including a Datalock retention option that can be set for a configurable time period (ie 1, 3, 7 years). Once this is set and jobs run with this configuration, the data associated with these backup sets cannot be deleted from the Cohesity system, including by the backup administrator.; ; To support e-discovery efficiency, Cohesity has very granular role based access that can be customized to any level; one of the built in roles is Data Security.
• Information security policies and processes: For compliance and governance, backups jobs have the option of including a Datalock retention option that can be set for a configurable time period. Once this is set and jobs run with this configuration, the data associated with these backup sets cannot be deleted rom the Cohesity system, including by the backup administrator.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Cohesity maintains a range of change management controls to protect code. These include design and architecture reviews, peer code reviews, central tracking of pull requests and merges, systematic testing both functional and security, and reviews and approvals. All controls must pass prior to changes and new code reaching production.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Scanning is conducted daily, patching is performed in accordance with our remediation and patching standard. Critical vulnerabilities are prioritized and fixes and generally implemented in the next product release. Cohesity resolves vulnerabilities based on their impact (as evaluated by Cohesity).
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Cohesity reviews security at each phase of the software development life cycle. Vulnerability scanners are run to assess the state of the operating system, networking layer, and services running on the Cohesity cluster. Based on the scans, unused ports and services are closed and the kernal or system libraries are updated for known vulnerabilities.
• Incident management type: Supplier-defined controls
• Incident management approach: Cohesity maintains an Information Security Incident Management procedure defining incidients with direct impacts on the customer's systems or information, Cohesity would provide notification and updates as appropriate.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Cohesity is committed to conserving, protecting, and respecting the environment. We conduct our operations in compliance with all applicable environmental laws, regulations and standards and expect our partners to do the same. We encourage our partners to have their own environmental management plan and create internal goals to reduce environmental impact.

  Covid-19 recovery

  Cohesity have developed clear safety protocols covering testing, hygiene, and other working practicings. We have amended our travel policies for those employees that may be required to visit client sites to ensure we are fully compliant with all relevant health and safety guidelines in each location.

  Tackling economic inequality

  Cohesity are proud to be a company that cares about the communities around us. Giving our time, talents and passions to our local communities is something we care about and take great pride in. Throughout the year, our teams across the globe support various causes and organizations through our Cohesity Cares program.

  Equal opportunity

  Cohesity is driven to create a culture of belonging where everyone is seen, heard, celebrated, and empowered to bring our authentic selves to work and thrive. We believe there is strength in our differences and are committed to building and fostering a more diverse, equitable and inclusive community within Cohesity. Our global diversity, equity, and inclusion strategies center around community building, recruiting (or attracting) and developing talent, sourcing, and supplier relationships. We strive to increase the demographic of diversity of our employee populatio&I is a key component of our hiring and development practices, increasing our focus on women in technology and underrepresented talent, and creating opportunities for new affinity and employee resource groups (ERGs).

  Wellbeing

  Cohesity is committed to providing all Cohesians with a safe and healthy work environment.

Pricing

• Price: £900 a terabyte
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Cohesity provide a 30-day free trial of Cohesity Cloud Services (CCS). Proof of Concept can also be provisioned.
• Link to free trial: N/A

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@uk.cdw.com. Tell them what format you need. It will help if you say what assistive technology you use.