Modux

Cloud Hosting

Modux provide a range of hosting services for cloud environments. We have support for all major cloud platforms.

Features

• remote access
• fully-managed infrastructure
• secure
• scalable
• resizable

Benefits

• Robust cyber security posture
• Automated delivery

£800 to £1,200 a unit

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at danny@modux.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

967540453166100

Contact

Danny Rigby
02081 337 808
danny@modux.co.uk

Service scope

• Service constraints: Tbc
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Next working day (Working days are Monday to Friday)
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Modux provides support at the design, development and deployment phases.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide consultation with all of our clients to identify their needs and how we can best support.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Modux will provide access to all data when the contract ends.
• End-of-contract process: Tbc

Using the service

• Web browser interface: Yes
• Using the web interface: Access to the web interface of the original cloud hosting supplier is available to manage infrastructure access.
• Web interface accessibility standard: WCAG 2.1 AAA
• Web interface accessibility testing: N/A. Supplier web interface.
• API: Yes
• What users can and can't do using the API: Access to the web APIs of the original cloud hosting supplier are available to manage infrastructure access.
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
• API documentation: Yes
• API documentation formats: HTML
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: Access to the command line interface of the original cloud hosting supplier is available to manage infrastructure access.

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Infrastructure is design by our elite technical experts, each having worked on some of the world’s largest digital security and technology programmes.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email
  • SMS

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: All major cloud providers

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Files
  • Virtual machines
  • Databases
  • Configuration
  • Infrastructure
• Backup controls: Tbc
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Tbc
• Approach to resilience: Available on request
• Outage reporting: Available on request

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Tbc
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: UKAS
• ISO/IEC 27001 accreditation date: 14/05/2021
• What the ISO/IEC 27001 doesn’t cover: Nothing. Certification is whole company and all services.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISO9001
• Information security policies and processes: Modux operate a UKAS ISO27001 certified information security management system (ISMS) to instruct all our information security policies and processes.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Changes are reviewed by our in-house security team.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Vulnerabilities are managed by our in house security team. Patches are generally deployed within 24hrs where possible.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Modux is positioned as a specialist cybersecurity boutique, able to respond in a quick and agile way to our clients’ needs. We have an incredibly strong Security Consulting skill set and have been responsible for servicing cyber security engagements across both private and government sectors, with extensive experience in the UK across all sectors. This, coupled with our in-house research and software development skills uniquely positions us to deliver this Scope of Work both with high value and quality expertise.
• Incident management type: Undisclosed
• Incident management approach: The Modux team are experienced in incident response management and technical investigations, and have worked on a number of complex projects for several large companies.; From the technical side, our team is able to investigate external and internal breaches, understand how the breach occurred, and help clients to get back to operational business as quickly as possible. Our team has experience working with web server compromises, malware on internal systems, malicious insiders and ransomware.; We have experienced system administrators on the team, and have worked with clients to rebuild their platforms securely to quickly get back to operational capability.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: All major cloud providers
• How shared infrastructure is kept separate: Tbc

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Energy efficiency is managed by the original supplier. We operate with all major cloud providers.

Social Value

• Fighting climate change:

  Fighting climate change

  We have taken steps to reduce our carbon footprint and plan for a sustainable future. Over the last two years we have replaced company ICE cars with modern EVs. When traveling to client sites, we encourage car sharing, and the use of public transport such as trains. Finally we operate a paperless office.
• Wellbeing:

  Wellbeing

  Other key pillars of social value are mental wellbeing and innovation to support new ways of working. To support this we have promoted flexible working arrangements for staff impacted with mental health issues. This has included part time working, remote working and flexible working hours. Furthermore we have also worked on innovative solutions to enable remote working. As an example of this, our unified OT gateway software, Silverhawk, was deployed across the entire fleet of a leading UK rail operator in 2021. This has already shown a great benefit to their ways of working and environmental impact as engineers both UK based and internationally are now able to remotely access the systems they need in a secure manner. By securing this remote access, engineers are no longer required to travel extensively to the UK and around the country.

Pricing

• Price: £800 to £1,200 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at danny@modux.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.