TeamLogic Systems Ltd

GeDaP KeyTalk Authentication to WiFi / Wired networks (802.1 x EAP/TLS) and VPN

WiFi/Wired networks and VPN: Authentication is often cumbersome and not secure enough. However Client certificate-based authentication ensures maximum security of access to your digital infrastructure. This applies to both wireless and wired networks (802.1 x EAP/TLS) and can also be applied to VPN networks

Features

• Certificate encryption 2048-8192 bit RSA , or <512bit ECC
• Short-lived digital certificates combined with trusted device recognition
• Goes beyond PKI, seamless shortlived certificates require minimal administratio
• Binds user's identity to up to 10 trusted devices
• Facilitates single sign-on (SSO) to your IT environment
• Patented, on-demand, short-lived automated client certificate distribution
• Configurable key lengths & times automatic lifecycle management
• Key roll-over facilitates user use of certificate on multi-devices
• Option to provide hardened open LDAP S/MIME addressbook
• Optional authentication to WiFi/Wired Networks 802.1 & VPN

Benefits

• Protects against Man-in-the-Middle, Phishing & Brute Force cyber attacks
• Creates unique device hardware signature superceding 2FA authentication
• Security of PKI (<-1sec certificates)coupled with virtually zero administration.
• Provides secure connectivity for Azure/365, InTune, SAP or other ERP
• Allows secure re-enroll of certificates and key-pairs
• Ensures key-roll-over and key-escrow become secure reality
• Short-lived certificate option (1 second upward) ensures data security
• Secures privacy sensitive data exchange
• Ease of integration for multiple network infrastructure
• Works with virtually any device and operating system

£1.20 to £6.00 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@gedap.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

989408425562345

Contact

Ian Young
0151 342 4490
enquiries@gedap.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Existing Single Sign On (SSO) and authentication solutions (2FA etc) ; Worldwide patented technology fully automates enrolment and installation of non-public internal certificates and public certificates from any trusted CA, to any network domain, on virtually any device running on any OS.; Provides PKI with the benefits of virtually zero administration.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Conventionally the service would be hosted on the Cloud with UKCloud recommended to provide an appropriate level of availability for the customer's specific needs. When running on UKCloud provides high availability up to 99.9%.; If required the KeyTalk software can operate in a hybrid scenario in which Active Directory, Radius or LDAP remains in-house for security reasons. Available as software or as a Managed Service
• System requirements:
  • Users authenticate against the IAM (AzureAD, LDAP, Radius etc)
  • End users will have been already created
  • Users may have upto a maximum of 10 devices
  • KeyTalk is not demanding requires only an entry level server
  • Can operate in Hybrid environment with inhouse IAM
  • Highly scalable up to hundreds of millions of certificates
  • Handles certificates from multiple Certificate Authorities

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: As part of the support process GeDaP provides a specific email address to be used. The customer should supply all relevant detail together with a mobile number if possible.; During normal business hours (weekend by prior agreement) GeDaP will respond within 2 hours,
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Web chat under development to meet required standards
• Web chat accessibility testing: Web chat under development
• Onsite support: Yes, at extra cost
• Support levels: Standard support is covered in the basic SaaS cost and is based on a maximum 2 hour response and we will endeavour to provide a solution or work-around within a further 2 hours maximum. If the problem is not resolved within that period it will be escalated to the developers. During the incident support will use the appropriate medium and customers are advised of progress. On-site support is available by arrangement and is charged on a time and materials basis (see Rate Card)
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: KeyTalk is simple to install and has been designed to create a minimal administration overhead. GeDaP can provide web-based or on site services during the installation process.Full user/administrator documentation is readily available. Pre-installation consultancy advice and training is readily available at the relevant daily rate.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: KeyTalk works to authenticate access and encrypt data in transit. Any data is therefore most likely to be attributable to and part of one of the applications. Data accumulated by KeyTalk can be exported in an agreed format for input into the new system. KeyTalk is designed for security (authentication & encryption) there will therefore not be large quantities of data
• End-of-contract process: The content required together with its format will be determined by your plans at the time. GeDaP will provide the appropriate quotation based on volumes and content required if you decide to migrate the data. As KeyTalk authenticates users and encrypts the data in transit, volumes for KeyTalk are likely to be small.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Other
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: KeyTalk is installed to secure a device and its applications with strong authentication and encryption. It is transparent to the end user regardless of the device in use. There is thus no difference in the operation of KeyTalk when accessing by the user. a user can have up to 10 authorised devices which can in addition be authenticated by hashed and salted component serial numbers
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: KeyTalk is built on LDAP Open Directory Service
• Accessibility standards: None or don’t know
• Description of accessibility: KeyTalk secures the device based on its Operating System and is therefore transparent to end users. It therefore does not constrain a user.
• Accessibility testing: KeyTalk sits under the device's Operating System and is transparent to the end-user. It will therefore have no adverse impact on the user of assistive technology
• API: Yes
• What users can and can't do using the API: The api is distributed to authorised users of the IAM and installs on the approved device. Thereafter the application is transparent to the end user
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: GeDaP will work closely with abny approved Cloud Supplier, and can provide Cloud Services as a single source solution. GeDaP recommends the use of UKCloud whose resources are highly scalable. KeyTalk is itself highly scalable, capable of handling demands for over 1,500,000 certificates and potentially much more.; The level of service required should be discussed with UKCloud who would be happy to provide the resilient environment required.

Analytics

• Service usage metrics: Yes
• Metrics types: A range of standard reports is provided together with a range of audit reports to help meet the requirements of the EUGDPR. Customized reports can be readily provided and GeDaP are happy to quote based on the standard rates.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: GeDaP is the KeyTalk distributor for the UK & Ireland

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: As KeyTalk is authenticating and encrypting data belonging to applications; users are highly unlikely to have data to export.; Data maintained is in logs on activity which would be the administrators responsibility and which could be readily exported
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • ASCII
  • XML
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats: XML

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection between networks: The data in transit would be secured with PKI based on public or private certificates.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection within supplier network: All data between devices is secured by device authentication (hashed and salted component serial numbers) and encryption (public or private certificate) via PKI

Availability and resilience

• Guaranteed availability: GeDaP recommends the computing power of UKCloud which provides a guaranteed 99.90% availability for its users
• Approach to resilience: GeDaP recommends UKCloud Service which is designed for deployment across a number of sites, regions and zones. Each zone is designed to eliminate single points of failure (like power, network & hardware). GeDaP encourages customers to ensure that their solution spans multiple sites, regions or zones to ensure continuity of service even if a failure occurs.
• Outage reporting: All outages will be reported via the Software Service Status page and the notifications service within the UKCloud portal. Outages are identified as Planned Maintenance, Emergency Maintenance and platform issues. In addition the GeDaP Technical Support Manager will contact the designated customer contact,

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Other
• Other user authentication: KeyTalk authenticates using the existing system (LDAP, Radius, Active Directory etc). In addition to the user name and password, it uses the device footprint. This footprint consists of a unique identifier constructed from a number of components, hashed and salted to a formula selected by the installation.
• Access restrictions in management interfaces and support channels: KeyTalk is integrated to the appropriate system in use (LDAP, Radius Active Directory etc). The system which is currently in use will be controlling the user access.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
• Description of management access authentication: Authentication from usage of an authorised device (hashed and salted components) together with usage of PKI

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Though an SME, GeDaP has its own security policies in place and regularly reviews its capability against both the current Data Protection requirements and EUGDPR. Customer data is processed on UKCloud which is dedicated to customer processing and which is regularly assessed against ISO20000, ISO27002, and ISO27018 by LRQA a UKAS certified audit body.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: GeDaP works closely with the developers of KeyTalk, who operate a system which tracks changes and provides the input to GeDaP's own change management. If sites require, a test bed can be provided allowing a short period of testing and approval prior to the update's incorporation in the production system.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: GeDaP provides their service based on UKCloud servers which offer a high degree of security. As KeyTalk is an internal application and sits between the user application and the devices to verify authentication and encryption it is not an application. GeDaP is established in Cyber Security and are members of Cyber Exchange
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: GeDaP has a documented approach based on ISO20000 and ISO27001. Any potential incidents identified by staff or customers are monitored, controlled and resolved as high priority.
• Incident management type: Supplier-defined controls
• Incident management approach: GeDaP has an incident management and reporting system based on the requirements of ISO20000 and ISO 27001. Any incident raised is resourced, tracked, and resolved

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Health and Social Care Network (HSCN)
  • Other
• Other public sector networks:
  • PSN Assured
  • PSN Protected
  • RLI
  • Hybrid Connect
  • UKCloud would be happy to meet your requirement

Social Value

• Fighting climate change:

  Fighting climate change

  Strengthens authentication allowing remote/distance working to reduce carbon footprint and make better use of environmental resources.
• Covid-19 recovery:

  Covid-19 recovery

  Supports secure remote/home working assisting organisations to maximise the benefits of back towork.; Allows organisations to securely grow in the Global market minimising infection risks
• Tackling economic inequality:

  Tackling economic inequality

  Creates facilities for rapid organisation growth. Facilitates growth regardless of size or location.; ; Ensures workforce can appear securely and authenticated regardless of oreigins and background
• Equal opportunity:

  Equal opportunity

  Provides secure authentication for the workforce which can securely work from their chosen location
• Wellbeing:

  Wellbeing

  Facilitates secure authentication regardless of location or physical well being.; Ensures opportunities for community integration

Pricing

• Price: £1.20 to £6.00 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: GeDaP provide a 30 day "Proof of Concept" to allow customers to evaluate the software against established and agreed criteria. On completion of the POC there would be a review with GeDaP

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@gedap.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.