• No results found

Managed DDoS Protection

N/A
N/A
Protected

Academic year: 2021

Share "Managed DDoS Protection"

Copied!
19
0
0

Loading.... (view fulltext now)

Full text

(1)

G-Cloud Service Definition

Managed DDoS

Protection

(2)

Contents

Contents ... 2 1. Definitions ... 4 2. Service Summary ... 5 2.1. Functional Overview ... 5 2.2. Non-Functional Overview ... 6 2.3. Information Assurance ... 7

2.4. Eduserv Data Storage and Processing Location ... 7

2.5. Service Roadmap ... 7

2.6. Managed DDoS Protection On-boarding ... 7

2.6.1. Requirements Analysis ... 7

2.6.2. Technical On-boarding ... 8

2.6.3. Acceptance into Service ... 8

3. The Service ... 8

3.1. Service Management ... 8

3.1.1. Hours of Service ... 8

3.1.2. Service Desk and Customer Contact ... 9

3.1.3. Incident Management ... 9

3.1.4. Service Reporting ... 9

3.2. Service Levels ... 9

3.2.1. Target Incident Referral Service Level ... 10

3.2.2. Target Service Request Implementation Service Level ... 10

3.2.3. Monthly Report Delivery ... 10

3.3. Service Pricing and Invoicing ... 10

3.4. Training and Trial Service ... 11

3.5. Service Credits ... 11

3.6. Service Termination and Off-boarding ... 11

3.7. Service Constraints ... 11

3.8. Service Dependencies ... 11

3.9. Customer Responsibilities ... 11

4. Associated Services ... 12

(3)

4.3. Managed Application and SaaS ... 13

4.4. Managed Security ... 14

4.5. Consultancy ... 14

Annex 1: Managed DDoS Protection Pricing ... 15

Service On-boarding Phase (One-off) ... 15

Managed DDoS Protection ... 15

Annex 2: Eduserv Security Operations ... 16

Eduserv Datacentres ... 16

Primary Eduserv Swindon Datacentre ... 16

Disaster Recovery Slough Datacentre ... 16

Eduserv Network and Security Operations Centre ... 17

Eduserv Security Services ... 17

RMADS Accreditation ... 18

Annex 3: Government Strategy ... 19

Information principles ... 19

Government ICT Strategy ... 19

(4)

1.

Definitions

“Availability Service Level” is the Managed DDoS Protection service availability of 99.999% per calendar month.

“Business Impact Level’ is the security standard specified by the Government Security Policy Framework and the Standard Protective Marking scheme.

“Core Hours of Service” are Monday to Friday 8am to 6pm, excluding English Public Holidays.

“Customer” is the organisation for which Eduserv Managed DDoS Protection commercial arrangements have been put in place.

“Customer Change Authority” is the nominated Customer contact(s) with respect to authorising a Service Request.

“Eduserv” is a UK not-for-profit organisation and registered charity, governed by a board of Trustees. We fulfil our charitable mission by providing services for public good.

“Eduserv Network and Security Operations Centre Team” is the Eduserv technical support team charged with delivering the Managed DDoS Protection service.

“Hours of Service” are the service hours within which Service operations are provided by the Eduserv Service Desk and Network and Security Operations Centre Team.

“Incident” is an event that may compromise the security of the system being protected by the Managed DDoS Protection service and which is identified by the Eduserv Network and Security Operations Centre Team as part of the operation of the Service or reported to Eduserv by the Customer.

“Incident Referral” is the handover of an Incident to the relevant resolution team and/or the Customer following initial recording, diagnostics and assessment by the Eduserv Network and Security Operations Centre Team.

“Managed DDoS Protection Variant” is one of two service variants (‘Foundation’ or ‘Premium’) under which the Managed DDoS Protection service may be procured. “Requirements Analysis” is the first phase of the Customer on-boarding process. “Service” is the Managed DDoS Protection service.

“Service Request” is a planned change request to the Service made by a Customer Change Authority.

“Service Request Implementation” is the Eduserv Network and Security Operations Centre Team implementation of a Service Request.

“Target Incident Referral Service Level” is the target time to undertake Incident Referral following an Incident, dependent on the Managed DDoS Protection Variant undertaken.

(5)

“Target Service Request Implementation Service Level” is the target time to implement a Service Request dependent on the Managed DDoS Protection Variant undertaken.

2.

Service Summary

Managed DDoS Protection integrates three solutions – a DDoS mitigation service, a content delivery network (CDN) and a Web Application Firewall (WAF) capability - into a single cloud-based service. The service protects the Customer against DDoS attacks, allows them to serve content to end-users with high availability and high performance and helps to meet PCI-DSS requirements.

2.1.

Functional Overview

The Service provides: a) Service on-boarding:

 Requirements analysis – discovery of the Customer’s technical and operational environment and assessment and agreement about the choice of Service options and appropriate configuration.

 Technical on-boarding and acceptance into service - infrastructure setup, Service configuration and handover to Eduserv’s Network and Security Operations Centre Team.

b) Service operation:

 The support and administration of the Service, in line with the required Managed DDoS Protection Variant. Duties include:

o Service Desk provision for incident reporting and Service Requests o Incident diagnostics referral

o Change and configuration management o Monthly service reports.

Once in operation, the Service protects Customers against current and emerging attacks, including SQL injection, cross-site scripting (XSS), illegal resource access, malicious bots, and other Open Web Application Security Project (OWASP) ‘Top 10’ threats. Customer outbound website traffic is also automatically optimised, resulting in dramatically faster web page load times, while simultaneously reducing server workload and website bandwidth consumption.

The DDoS Protection service can detect and block all of the DDoS attacks listed below:

 TCP SYN+ACK  TCP FIN  TCP RESET  TCP ACK  TCP ACK+PSH  TCP Fragment  UDP  ICMP

(6)

 IGMP  HTTP Flood  Brute FloodT  Connection Flood  Slowloris  Spoofing  DNS flood

 Mixed SYN+UDP or ICMP+UDP flood

 Ping of Death

 Smurf

 Reflected ICMP and UDP

 Teardrop

 Zero-day DDoS attacks

 Attacks against common web servers such as Apache and II.

The Service proxies all web requests, so network layer DDoS attacks are never relayed to Customer servers. The Service will therefore mitigate against all network level attacks against the Customer’s site.

2.2.

Non-Functional Overview

The Managed DDoS Protection service is hosted and run by Imperva, based on their Incapsula product (see http://www.imperva.com/products/wsc_incapsula.html). The Service is PCI-certified and routes all website and web application traffic via Imperva servers, intelligently profiling data in real-time to block even the latest web threats.

The Imperva Cloud WAF protects websites with collective knowledge about threats,

including newly emerging threats. Threat information is aggregated from the entire Imperva service network and is used to identify new attacks as they happen, simultaneously

applying mitigation rules to all websites protected by the Imperva Cloud WAF.

In addition, if card payments are accepted via a Customer website, this service will help to fulfil the requirements of the Payment Card Industry's PCI-DSS section 6.6.

The Service provides:

 Two Managed DDoS Protection Variants to meet varying Customer business requirements and budgets

 A Target Incident Referral Service Level and Target Service Request Implementation Service Level

 Service flexibility and scalability in terms of adding and removing protected devices and services.

(7)

2.3.

Information Assurance

We are ISO27001 certified and use appropriate management infrastructure, network connectivity, staff security clearances and processes to deliver our cloud services in line with the Cabinet Office Security Policy Framework (SPF), the CESG Good Practice Guides, DETER protective monitoring and the Data Protection Act (DPA) principles.

All Eduserv cloud services are underpinned by our 24/7 Network and Security Operations Centre.

2.4.

Eduserv Data Storage and Processing Location

The Managed DDoS Protection service is hosted and run by Imperva, based on their Incapsula product (see http://www.imperva.com/products/wsc_incapsula.html). Some data associated with this service may reside outside the UK. We therefore recommend that this service only be used for public data at Business Impact Level IL0.

2.5.

Any physical compute servers, storage or network infrastructure used

by Eduserv to deliver the Service will be hosted in Eduserv’s UK Datacentre

in Swindon and/or in its Disaster Recovery site in Slough.Service Roadmap

Cloud services, including the Managed DDoS Protection service, are a core part of Eduserv’s business strategy and are central to the growth of our business. Eduserv will continue to invest in cloud services.

There are no plans to reduce the functionality or features in the Managed DDoS Protection service.

2.6.

Managed DDoS Protection On-boarding

Eduserv Managed DDoS Protection service on-boarding includes the following:

2.6.1.

Requirements Analysis

A Requirements Analysis is required to gather the Customer business and technical context and the service requirements. It includes knowledge gathering and documentation of the Managed DDoS Protection service business, operational service and technical environment and the Service requirements, dependencies, roles and responsibilities. The Managed DDoS Protection service is offered in two variants, as follows:

Managed DDoS Protection Variant

Eduserv Service Attributes

Foundation Core Hours of Service

Target Incident Referral Service Level: 2 hours1

Target Service Request Implementation Service Level: 2 days Standard monthly report

(8)

Premium 24/7 Hours of Service

Target Incident Referral Service Level: 1 hour1

Target Service Request implementation Service Level: 8 hours Standard monthly report with root cause analysis for priority 1 Incidents

1Target for priority 1 calls

For Customers that purchase our Managed Infrastructure service, the Eduserv Managed DDoS Protection Variant will be inherited from that. All other customers will receive the ‘Foundation’ Managed DDoS Protection Variant.

2.6.2.

Technical On-boarding

Service on-boarding provides the setup of the Service.

2.6.3.

Acceptance into Service

Acceptance into service includes:

 The definition and agreement of support processes.

 Technical and operational testing.

 Handover to Eduserv Network and Security Operations Centre Team operations.

3.

The Service

The Eduserv Network and Security Operations Centre Team provides the support and administration of the Managed DDoS Protection service in line with the agreed Eduserv Managed DDoS Protection Variant (see section 2.6.1). Support duties include the following:

 Incident management, including the receipt and logging of Service Desk Incident calls and monitoring alerts

 Incident diagnostics and Incident Referral

3.1.

Service Management

Eduserv provides the Service to ITIL Service Management guidelines. This includes defining and operating Incident management and change management procedures and providing the Service and deliverables, such as monthly reports, to service levels in line with Managed DDoS Protection Variants.

3.1.1.

Hours of Service

The Managed DDoS Protection service is provided on a 24/7 operational basis. However, incident handling and service request implementation are provided by Eduserv on the basis of the Customer’s agreed Managed DDoS Protection Variant service levels.

(9)

3.1.2.

Service Desk and Customer Contact

Eduserv provide a web, telephone and email Service Desk for all Customers during Core Hours of Service in order to facilitate the logging of service incidents and/or Service Requests. The Service Desk can also be used by ‘Premium’ Managed DDoS Protection Variant Customers, to enable the logging of priority 1 calls 24/7.

Incidents affecting the system(s) being protected by the Service will be assigned a priority, defined and categorised as follows:

Incident Priority

Title Definition

1 Critical System failed or severely impaired, resulting in serious business-wide impact

2 Medium System failed or impaired resulting in some loss of functionality

3 Low Incident or enquiry with no direct impact on the Customer business. For example, a request for information. It should be noted that subsequent operational action will only be taken in line with the Hours of Service relevant to the specific Managed DDoS Protection Variant.

3.1.3.

Incident Management

The Managed DDoS Protection service will follow ITIL Incident management process guidelines to log, assign and diagnose Incidents and to refer them as quickly as possible with the minimum disruption, in line with the agreed Hours of Service and Target Incident Referral Service Level, (see section 3.2.1).

Incident management with respect to the Managed DDoS Protection service will be carried out by the Eduserv Network and Security Operations Centre Team, duties include:

 Incident detection and recording – including agreement of Incident priority and logging on Incident ticketing system

 Diagnostics, assignment and referral – Incident assessment and referral of issues to the relevant resolution team and/or the Customer.

Incident Recovery and any required call escalation will be handled as part of our Managed Infrastructure service (or by the Customer in cases where Managed Infrastructure has not been purchased).

3.1.4.

Service Reporting

The Service will provide a monthly service report, in line with the procured Managed DDoS Protection Variant and as detailed in the Service Options section below.

3.2.

Service Levels

The Managed DDoS Protection service offers a minimum Availability Service Level of 99.999% per calendar month.

(10)

As part of the Managed DDoS Protection service, automated monitoring is undertaken on a 24x7 basis with Incidents handled according to the Customer’s agreed Managed DDoS Protection Variant service levels. Alerts are sent to nominated Customer contacts by email. Security Incidents are reported proactively. Other events of interest are reported monthly. Imperva’s engineers provide 24x7 website monitoring and security policy tuning.

Additionally, they provide proactive security event management and response. The Eduserv Service Desk and Network and Security Operations Centre Team will act as an interface between the Customer and Imperva and will react as required in the event of a security Incident to collaboratively resolve the issue.

3.2.1.

Target Incident Referral Service Level

The Target Incident Referral Service Level is the target time for Incident Referral. It is measured in relation to the relevant Hours of Service, from the time an Incident occurs until the Incident is referred to the relevant resolution team and/or Customer. Targets are as follows per Managed DDoS Protection Variant.

Managed DDoS Protection Variant

Target Incident Referral Service Level

Foundation 2 hours (Core Hours of Service)

Premium 1 hours (24/7)

3.2.2.

Target Service Request Implementation Service Level

The Target Service Request Implementation Service Level is the target time for

implementing a Service Request estimated as less than 2 hours total effort. It is measured in relation to the relevant Hours of Service, from the time a Service Request is logged with Eduserv until the Service Request is implemented. Targets are as follows per Managed DDoS Protection Variant.

Managed DDoS Protection Variant

Target Service Request Implementation Service Level

Foundation 2 days (Core Hours of Service)

Premium 8 hours (24/7)

Larger Service Requests within scope (over 2 hours’ duration) will be regarded as ad hoc requests and the implementation will be agreed on a case by case basis.

3.2.3.

Monthly Report Delivery

All monthly reports will be provided within 5 working days of the end of the calendar month.

3.3.

Service Pricing and Invoicing

(11)

3.4.

Training and Trial Service

The Managed DDoS Protection service does not include any Customer training or trials.

3.5.

Service Credits

The Eduserv Managed DDoS Protection service does not issue service credits.

3.6.

Service Termination and Off-boarding

The Customer or Eduserv may terminate the Managed DDoS Protection service in line with the relevant Eduserv Terms and Conditions.

On service termination, Eduserv will commence a service off-boarding process, including:

 The supply to the Customer, on request and on agreed Customer supplied media, of any relevant Customer data or logs held by Eduserv

 The purging of any Customer data or logs held on Eduserv server, storage, media or other infrastructure, within 30 working days of service termination.

3.7.

Service Constraints

The Eduserv Managed DDoS Protection service has the following limitations and exclusions:

 The Service excludes support to security accreditation and testing (including penetration testing)

 The Service excludes visits to Customer sites, including the attendance of service reviews; attendance will be subject to prior agreement with any expenses incurred charged additionally.

3.8.

Service Dependencies

The Eduserv Managed DDoS Protection service has the following dependencies:

 Managed DDoS Protection is dependent on an initial requirements analysis being conducted to assess requirements in terms of the required Managed DDoS Protection Variant(s) and technical on-boarding, see section 2.6.1, 2.6.2.

 Managed DDoS Protection is dependent on the continued delivery of the Encapsula service by Imperva.

3.9.

Customer Responsibilities

The Customer has the following responsibilities in relation to the service:

 The Customer will provide a list of authorised staff names for logging Service Requests with Eduserv, including a Customer Change Authority

(12)

 The Customer will follow designated procedures for logging Service Requests with Eduserv

 The Customer must take reasonable steps to ensure that Eduserv is only called for Incidents and Service Requests that are within the scope of the Service.

4.

Associated Services

Eduserv offers a suite of G-Cloud-listed and other services covering colocation, IaaS, managed infrastructure, managed services and associated professional services. These can be taken up individually or in combination to support a wide range of hybrid cloud solutions with differing information assurance, security and connectivity requirements.

4.1.

Hybrid Cloud IaaS

Our Secure Cloud Compute service is a multi-tenant public cloud IaaS platform that provides managed and self-managed compute, storage and network connectivity on a contended or non-contended basis. Provided from our UK data centres and capable of hosting OFFICIAL Information Assets, including those marked with the OFFICIAL-SENSITIVE handling caveat, the service allows you to cost-effectively manage peaks in demand and take advantage of cloud technology for secure off-site hosting. The service utilises VMware technology and associated tools to provision and manage services.

Network connectivity to the service is available over the standard Internet, Janet, the Public Services Network (PSN) and dedicated links. This service is optionally available in

(13)

Our Private Cloud Compute service is an accredited single-tenant IaaS platform that

provides secure, non-contended compute, storage and network connectivity, dedicated to a single organisation. You'll get all the benefits of cloud computing on a dedicated platform capable of hosting OFFICIAL Information Assets, including those marked with the

OFFICIAL-SENSITIVE handling caveat. Our Private Cloud Compute service is available on an annual fixed-price basis, so you can safely predict your expenditure. The service utilises VMware technology and associated tools to provision and administer services. All

underlying physical hardware is dedicated to a single customer. Network connectivity is available over the Public Services Network (PSN) and dedicated links. This service is only available in combination with our Managed Infrastructure service.

Our Cloud Compute (AWS) service provides a procurement route for Amazon Web Services, allowing us to procure and manage AWS cloud services on your behalf. This service is only available in combination with our Managed Infrastructure service.

Our Colocation service provides racks, power, cooling, network connectivity and secure physical access for organisations that require data centre capacity without the expense of supporting an in-house data centre environment. This service is not listed on G-Cloud but can be used to support the early phases of your cloud journey (see our Cloud Migration service description). Services are provided from within our state of the art, carrier neutral, high integrity Swindon Data Centre with resilient power allocation and providing an availability commitment to the levels of a Tier III data centre. We offer a wide range of features and service options including resilient internet peering, dedicated circuits from mainstream carriers, JANET access for academic institutions and ‘remote hands’ on-site technical support.

4.2.

Managed IaaS

Based on our Secure Cloud Compute, Private Cloud Compute and Cloud Compute (AWS) services, our Managed Infrastructure service looks after the day-to-day running of your cloud infrastructure, freeing you up to focus on more strategic work. We'll take care of your virtual machines, operating systems and network connectivity, undertaking provisioning, general housekeeping, anti-virus configuration and patching. We also offer a number of optional add-on managed services including managed firewall, VPN, backup, DR, Active Directory, load balancing and protective monitoring.

4.3.

Managed Application and SaaS

Our Managed Database service looks after the day-to-day running, maintenance and backup of your SQL Server and MySQL databases. The service includes availability and health monitoring, integrity checking, regular housekeeping, user management,

performance tuning and incident handling. Our Database Architects can also design and build custom databases to your requirements and coordinate data and database migrations (see our Cloud Professional Services service description).

Our Managed Application service looks after the day-to-day running of your applications, providing operational management of off-the-shelf and/or bespoke applications. We can take care of everything from the operational administration of hosted applications, to

(14)

configuration-specific and code-level management. If you already use our Managed Infrastructure service, you can also benefit from the Managed Application service. Enterprise Collaboration as a Service provides access to cloud-based Microsoft Active Directory (AD), Exchange, Lync and SharePoint services, either separately or in combination, in order to deliver an enterprise collaboration platform for a Customer organisation. The Service includes Active Directory and application management, availability and health monitoring, backups, integrity checking, regular housekeeping, performance tuning and incident handling. Optionally, Eduserv can also provide user and mailbox management services and DR facilities.

Our Website Development and Support service looks after the development and support of your websites using the Sitecore and Umbraco Content Management Systems. The service includes project management, requirements gathering, functional specification, technical design, CMS setup, availability & health monitoring, incident management, CMS support, website solution maintenance, training and monthly reporting. It also offers options for CMS marketing, web analytics and website hosting infrastructure support.

4.4.

Managed Security

Our Managed DDoS Protection service integrates three solutions – a DDoS mitigation service, a content delivery network (CDN) and a Web Application Firewall (WAF) capability - into a single cloud-based service. The service protects the Customer against DDoS attacks, allows them to serve content to end-users with high availability and high performance and helps to meet PCI-DSS requirements.

Our Managed Protective Monitoring service provides the setup, configuration and ongoing operation of log monitoring, event analysis and automated alerting in line with CESG’s Good Practice Guide no.13 (GPG-13). All relevant logs are collected, analysed, reported on and archived appropriately. This Service eases the burden of compliance for PSN and enables customers to adhere to GPG-13 which is required for accrediting Business Impact Level IL3 systems; we also offer this Service to other customers in order to help them adopt a robust approach to security and service resilience.

4.5.

Consultancy

We offer a range of specialist technical and business Professional Services to organisations utilising or planning to utilise Cloud-based IT Service Delivery models,

covering both cloud and security. We have a broad range of practical experience in relation to managing many aspects of cloud and IT service design, migration and operation. We draw on this experience to offer organisations skilled, flexible and pragmatic resources to meet short-term business challenges and/or to contribute to, or lead, long-term projects or cloud-centred IT transformation programmes.

(15)

Annex 1: Managed DDoS Protection Pricing

Service On-boarding Phase (One-off)

Managed DDoS Protection on-boarding includes completion of a requirement analysis, technical on-boarding and acceptance into service (see section 2.7.)

The day rate for this activity is ‘Solution development & implementation, 4. Enable’ in the provided SFIA Table.

Managed DDoS Protection

Managed DDoS Protection pricing is based on the standard Imperva list price plus a per website Eduserv service management fee, as follows:

Bandwidth Package (per month)

Enterprise 10 up to 10Mbps, 1 website included £187.50 Enterprise 20 up to 20Mbps, 1 website included £312.50 Enterprise 50 up to 50Mbps, 1 website included £687.50 Enterprise 100 up to 100Mbps, 1 website included £1,250.00

DDoS Upgrades (per month)

DDoS protection up to 1Gbps (included) £0.00

Upgrade DDoS protection to 4Gbps £625.00

Upgrade DDoS protection to 8Gbps £1,875.00

Upgrade DDoS protection to unlimited £3,125.00

Additional Websites (per month)

None (1 website included above) £0.00

1 additional website £31.25 5 additional websites £125.00 10 additional websites £218.75 20 additional websites £406.25 50 additional websites £937.50 100 additional websites £1,718.75 500 additional websites £7,812.50 1000 additional websites £14,062.50

Service Management (per month)

1 website £137.00 2 websites £244.00 6 websites £626.00 11 websites £1,062.00 21 websites £1,931.00 51 websites £4,414.00 101 websites £8,275.00 501 websites £36,588.00 1001 websites £65,755.00

(16)

Annex 2: Eduserv Security Operations

Eduserv has a well-established Service and Security Operations framework for managing IL3 Infrastructure services and for supporting IL3 RMADS accreditation. It is centred on Eduserv’s ITIL Service Management approaches, our ISO27001 certification, with appropriate consideration of IL3 security operations compliance including mandated Security Policy Framework and recommended practice in CESG Good Practice Guides (GPG-8, 12 and 13). The key elements of the framework include:

 Service support and delivery: consideration of incident management, change and release management; availability management and IT service continuity

management

 Security Operations: vulnerability and operational risk assessment, system access controls and security incident management procedures. Protective monitoring services to IL3 ‘Deter’ level, including appropriate event log and incident recording, review, analysis and action re threats. Ongoing liaison with business owners re security policy and procedures.

Eduserv security operations are underpinned by a mature, fit for purpose delivery framework in terms of Datacentre operations and a Network and Security Operations Centre with appropriate infrastructure, toolsets, specialist staff, processes and vendor relationships. Key security elements of the delivery framework include:

Eduserv Datacentres

Primary Eduserv Swindon Datacentre

 Modern, green, UK Datacentre, 37,000 sq. ft. capacity, Tier-3 designed

 24/7 on-site security and 24/7 security monitoring with a direct connection to the emergency services

 High security perimeter fence

 360° coverage from external CCTV cameras

 Site visits restricted to pre-approved visitors with photo ID

 Locked racks contained within independently managed vaults.

Disaster Recovery Slough Datacentre

 Provided by our partner Equinix (LD5)

 Modern, green UK Datacentre, 36,000 sq. ft. capacity

 High-security fences, CCTV surveillance and biometric entrance points

(17)

Eduserv Network and Security Operations Centre

Eduserv has a Network and Security Operations Centre located in our Swindon Data Centre. It is manned on a 24/7 basis by a dedicated, specialist team appropriately trained and security cleared.

It utilises a broad range of tools to monitor all key Eduserv Datacentre LAN and WAN network connections and customer-specific network and security service solutions.

Eduserv Security Services

Eduserv work extensively with Government and 3rd Sector organisations, where information

security is a primary concern. Security is therefore a key priority for Eduserv across all its operation, ranging from our Datacentre, Network and Cloud infrastructures to our managed services and application development capability. Much of our good practice is captured under our ISO27001 certification framework.

Our Government security services are designed to meet the requirements and constraints of computer systems housing IL3 data and of related RMADS planning and accreditation. Key relevant security services include:

 Service threat reduction measures: Datacentre physical security, system security hardening; secure access and rights policies and controls, staff security clearance, vulnerability scanning and independent penetration testing services

 Security Design: Network separation, physical DMZ design and implementation, boundary protection, transit data encryption, internet transit security measures

 Protect measures:

o Firewall management (based on industry standard firewall architectures and practices up to and including EAL4 common criteria certification)

o Anti-virus controls

o System security patching

o IPS/IDS boundary protection (Eduserv currently utilise Cisco appliances for network intrusion monitoring and prevention)

 Detect and Deter: Protective Monitoring

o Network and Security Operations Centre staff ‘on station’ during Core Hours of Service, with 365/24/7 call out

o Event and security log monitoring and retention, in line with GPG-13. Including network, server, firewall and IPS/IDS logs. Retention period 6 months

o Routine Log file analysis, using appropriate trained staff and analysis tools o Threat intervention (Deter) and incident management procedures typically

defined and implemented via an agreed customer-specific security rulebook o Monthly report on incidents and salient preventative monitoring events

(18)

o Annual review in conjunction with RMADS appraisal.

These services are chargeable and depend on specific Customer requirements which will be established during the on-boarding process.

RMADS Accreditation

Eduserv will work with customers to ensure that IL3 Private Cloud designs, builds and operational frameworks are appropriate for IL3 RMADS accreditation. We also can assist in planning and managing the IL3 RMADS accreditation project.

(19)

Annex 3: Government Strategy

Information principles

Through our hosting and development services we host, publish and make available – both publicly and to restricted audiences – large amounts of information for a range of public and third sector customers. Our activities in this sphere align fully with the Government’s

Information Principles and we will be happy to assist you in achieving your objectives under this strategy.

We are committed to Open Data and Open Standards and take care to ensure that the data we are responsible for is standardised and re-usable. We have worked and continue to work closely with a variety of Government departments and agencies to help them publish data and information in a way that is accessible, clear and helpful; we also have extensive knowledge and experience of the Data Protection Act.

Government ICT Strategy

Eduserv has been working with public sector organisations to provide better and better-value services through the use of ICT for over a decade. As a not-for-profit organisation we are driven not by shareholders’ interests but by our stated mission to “help public-good organisations make best use of IT”.

Our cloud services have been specifically designed to allow public and third sector customers to benefit from the same infrastructure and services wherever possible. We have no history of failed projects and have proven ourselves as a “safe pair of hands” with an open, collaborative approach. All our projects are managed in accordance with

appropriate methodologies (principally but not exclusively Agile and PRINCE2) and we encourage engagement from our customers to ensure the best value for taxpayers’ money.

Greening Government

By allowing you to get away from using dedicated equipment and using our cloud services we can help you meet the commitments of the Greening Government ICT Strategy. You will be using power-efficient virtualised infrastructure housed in our purpose-built datacentre, designed and operated according to industry best practice for energy efficiency. Equipment is re-used and eventually disposed of via an accredited recycling agency, after guaranteed erasure or destruction of all data.

Eduserv maintains a proactive awareness of the impact of its activities on the environment and we are certificated to the ISO 14001 standard by a UKAS accredited auditing body.

References

Related documents

Both measures are discussed, a model for clustering discrete time series is introduced and the applicability of the new algorithm is demonstrated on a quite large data set from

The ship routing problem with multi-products and inventory constraints (SRPMPIC) can be shortly described as the problem of finding a feasible route for each ship, including

“Today, that means having purpose-built DDoS mitigation protection at the enterprise network perimeter, together with a managed security service that offers DDoS mitigation in the

Managed Firewall ("Service") is a managed security service for Internet access customers that provides firewall configuration, administration, monitoring, support and use of

We are helping public sector and charity organisations to improve services, reduce costs, free-up real estate and increase security by migrating to cloud based solutions..

Equivalent weight of a reducing agent is defined as the number of parts by mass of the reducsing agent that oxidised by 8 parts by mass of oxygen8. what is meant by

Project cost estimates are based on identifying, quantifying and estimating the cost of consuming all the resources (e.g. people, machines, materials, services,

The behavior of our membranes with elec- trolyte solutions, however, is most markedly changed after oxidation They are all uniformly active, possessing far greater