G-Cloud Services G-Cloud Service Description
G-Cloud Services
CipherCloud Gateway and Support
G-Cloud Service Description
CONTACT INFO
Richard Olver, EMEA Director | rolver@ciphercloud.com | 07879997757
G-Cloud Services G-Cloud Service Description
Contents
1
Service Features.......................................................................................................... 3
1.1 G-Cloud Services ............................................................................................................................ 3
1.1.1 CipherCloud Gateway ............................................................................................................. 4
1.1.2 Cloud Adaptors ....................................................................................................................... 4
1.1.3 Connect Platform.................................................................................................................... 6
1.1.4 Services ................................................................................................................................... 7
2
Service Management .................................................................................................. 7
2.1
2.2
2.3
Technical Boundaries .................................................................................................................... 7
Data Extraction, Security and Location ......................................................................................... 8
Support .......................................................................................................................................... 9
3
Restore and disaster recovery ..................................................................................... 9
4
On-boarding ............................................................................................................... 9
4.1
4.2
4.3
Onsite Deployment ....................................................................................................................... 9
Private Cloud or Hosted .............................................................................................................. 10
Configuration ............................................................................................................................... 10
5
Off-boarding ............................................................................................................. 10
6
Performance ............................................................................................................. 10
7
Training .................................................................................................................... 11
8
Ordering and Invoicing .............................................................................................. 11
9
Unit Based Pricing ..................................................................................................... 12
9.1.1
9.1.2
9.1.3
9.1.4
9.1.5
CipherCloud Gateway ........................................................................................................... 12
Cloud Adaptors ..................................................................................................................... 12
Connect Platform.................................................................................................................. 13
Software Support.................................................................................................................. 13
Services .....................................................................................Error! Bookmark not defined.
10 G-Cloud Support Pricing ............................................................................................ 14
2
G-Cloud Services G-Cloud Service Description
1 Service Features
By utilising state-of-the-art security technology, the CipherCloud platform makes it possible
for government to take advantage of the cost-savings and enhanced functionality of moving
to cloud-based applications such as Office 365, Salesforce.com and Gmail. This powerful
technology secures sensitive information while maintaining the functionality, speed and
user experience of the cloud applications.
CipherCloud’s technology is deployed within your own infrastructure, or with G-Cloud Lot 1
(IaaS) providers, enabling you to retain control of your data while your users can experience
the benefits of using cloud application services. CipherCloud ensures your data is secure by
using a range of options to ensure that data is protected from unauthorised access and
malicious users, or through accidental disclosure by cloud administrators and other third
parties. These options include a combination of encryption, tokenisation, malware checking,
data loss prevention scanning, and auditing capabilities. You retain the keys so information
can never be disclosed without your knowledge and approval.
CipherCloud provides out-of-the-box adaptors for the most widely used cloud applications
including Salesforce.com, Microsoft Office 365, Google Gmail, Amazon Web Services (AWS),
and Box. CipherCloud Connect provides the ability to integrate with almost any public or
private cloud applications. CipherCloud protected Cloud Services are supported on mobile
devices giving you the flexibility to protect your data in the cloud when your users are in the
office, at home or on the move.
CipherCloud Gateway
Authorised user
Encrypt / Tokenise
Decrypt / Detokenise
Encryp on /
Tokenisa on
CipherCloud is capable of protecting not only structured data, such as table and databases,
but also emails and attachments including spreadsheets, PDFs and JPEGs. Files can be
screened by the in-built malware detection capability to identify and protect your cloud
environments. The CipherCloud platform can provide an audit trail of all activities, including
time, location and details of files accessed.
1.1 G-Cloud Services
CipherCloud’s G-Cloud services complement and interact with one another seamlessly,
enabling you to have the CipherCloud platform that best meets your needs. CipherCloud’s
services will enable the uptake and safe use of G-Cloud Lot 3 services (SaaS) and can be used
with other G-Cloud providers Lot 1 (IaaS) services, to provide the infrastructure required to
complete your CipherCloud platform. Each of CipherCloud’s seven G-Cloud services
G-Cloud Services G-Cloud Service Description
(Outlined below) are listed separately in CloudStore, so that you have utmost flexibility in
creating the right solution for you:
CipherCloud Gateway
Cloud
Adaptors
Salesforce.com
Office 365
Gmail
Connect
Configuration Services
Services
Management Services
1.1.1 CipherCloud Gateway
The CipherCloud Gateway is a platform for providing function-preserving encryption and
advanced tokenisation to secure data while retaining native application capabilities. This can
be deployed onto your existing server estate or on a cloud-based (IaaS) server of your
choice.
CipherCloud Gateway - Instance
An instance of the CipherCloud gateway can be deployed on physical, or virtual
infrastructure as production, development, or test environments. Multiple instances can be
load-balanced to provide a high-availability environment.
CipherCloud Gateway - Tenant
A tenant refers to an instantiation of a cloud security service. For example, an organisation
may have multiple deployments of Salesforce.com, hence requiring multiple tenants to
support the different Salesforce.com Orgs. These tenants can co-exist on the same Gateway
while retaining their own respective data protection policies.
1.1.2 Cloud Adaptors
These cloud adaptors enable your CipherCloud platform to operate with the cloud services
you choose to use. CipherCloud adaptors are tailored for each Cloud Service to adhere with
data residency, security, privacy, and compliance requirements, such as EU and UK Data
Protection Directives, PCI DSS, enabling the safe adoption of Salesforce.com, Office 365,
Gmail and any Cloud application. The most popular services have pre-built adaptors, but
with the Connect Platform and expert Configuration Services you can develop adaptors for
almost any existing, or new cloud environment that you use.
1.1.2.1 Salesforce.com
CipherCloud for Salesforce.com enables the securing of sensitive data in real-time while
retaining native Salesforce.com functionality.
4
G-Cloud Services G-Cloud Service Description
Core License
The core license represents the minimal requirements to enable usage of the CipherCloud
Gateway in combination with Salesforce.com:
CipherCloud Salesforce.com CRM
This capability supports the Salesforce.com Service Cloud, Sales Cloud, Enterprise and
Unlimited Editions.
Additional License Options
Additional license options enable further functionality in combination with Salesforce.com,
which can be purchased on an as needed basis:
CipherCloud Chatter
This capability supports the Salesforce.com Chatter Free, and Chatter Plus offerings.
CipherCloud Force.com
This capability supports the Salesforce.com platform for custom applications developed on
Force.com.
CipherCloud Salesforce.com Portal
This capability support the Salesforce.com Partner Portal, Partner Communities and Sites
typically used to enable self-service business processes securely.
CipherCloud Malware
This capability is typically utilised when internal, or external portal users are uploading files
from an un-trusted location. CipherCloud will prevent malware-infected files from being
uploaded to Salesforce, and prompt the user to upload a safe file.
CipherCloud Salesforce.com Email Relay Module
This module enables emails generated from encrypted Salesforce.com content to be relayed
through the CipherCloud gateway for decryption before being forwarded to recipients in
clear text.
CipherCloud Salesforce.com Outlook Module
This module supports the Salesforce.com Outlook plugin, allowing users to synchronize
their Outlook clients will enforcing encryption and tokenization policies on data held within
Salesforce.
CipherCloud Enterprise Integration Module
The benefits of Salesforce.com are maximized when sharing data with other in-house
systems via ETL or web-service platforms for storage, reconciliation or reporting, among
others. This module converts data to clear text as it is transferred from Salesforce.com to
internal systems, and enforces your CipherCloud data protection policies by encrypting or
tokenizing data as it is fed into Salesforce.
5
G-Cloud Services G-Cloud Service Description
CipherCloud DPaaS Module
One of Salesforce.com’s unique selling points is it’s support for highly customizable, and
often complex APEX code. CipherCloud supports higher-level operations on encrypted or
tokenized values by enabling APEX call-outs to retrieve plain-text or encrypted values over
authenticated sessions.
1.1.2.2 Office 365
CipherCloud for Office 365 transparently encrypts and protects email, calendar, and
contacts while retaining Office 365 functionality.
Core License
The core license represents the minimal requirements to enable to usage of the CipherCloud
Gateway in combination with Office 365:
CipherCloud for Office 365
This capability enables the protection of Office 365 users data for Email (Subject and Body),
Calendars, Tasks and Contacts.
1.1.2.3 Gmail
CipherCloud for Gmail transparently encrypts and protects email, while retaining Gmail
functionality.
Core License
The core license represents the minimal requirements to enable usage of the CipherCloud
Gateway in combination with Gmail:
CipherCloud for Gmail
This capability enables the protection of Gmail users data for Email (Subject and Body).
1.1.3 Connect Platform
CipherCloud Connect is a set of open connectors for securing data and infrastructure both in
the public cloud and inside your own data centres. CipherCloud Connect provides you with
the tools to plug your own applications into the secure, operations-preserving encryption
and tokenisation services of the CipherCloud Gateway.
Core License
The core license represents the minimal requirements to use the CipherCloud Gateway in
combination with the CipherCloud Connect Platform:
Connect AnyApp
CipherCloud Connect AnnyApp is a gateway that resides within your network and provides
you the tools to encrypt or tokenise applications of your choice---both in the cloud and on
premise.
Additional License Options
Additional license options enable further platform use-cases to be supported and can be
purchased on an as needed basis:
6
G-Cloud Services G-Cloud Service Description
Connect Database
Connect Database provides a simple yet effect means of enforcing Separation of Duties and
security best practices by enforcing a field-level encryption policy for data as it leaves the
application for the database.
Connect API Services
The CipherCloud platform is a robust and highly-developed system for providing functionpreserving security. This capability enables customers to take advantage of CipherCloud’s
advanced function-preserving encryption and tokenisation through APIs supporting industry
standard protocols, such as SOAP, Web Services and XML
1.1.4 Services
1.1.4.1 Configuration Services
Expert and specialist support can be provided to quickly and reliably set-up and seamlessly
integrate the CipherCloud platform with your cloud services . If you choose our AnyApp
service, our configuration team can help you customize the CipherCloud platform to your
choice of cloud application. Configuration services can also be key in ensuring successful,
timely deployments with often complex integration requirements.
1.1.4.2 Management Services
Ongoing management can be provided to give you peace of mind, ensuring your
CipherCloud platform is running at top performance, and your data is always protected.
2 Service Management
2.1 Technical Boundaries
CipherCloud provides a wide range of options to help secure your use of cloud applications.
Options include encryption, tokenization, malware scanning and Data Loss Prevention.
Integration with third-party authentication systems is also supported. The aim of the
CipherCloud solution is to provide enhanced levels of security while preserving end-user
functionality. To achieve this end, the CipherCloud gateway is deployed as a proxy server on
the perimeter of your network. In the case of a Cloud Application accessed via a browser, it
seamlessly intercepts web traffic between the end user and the protected cloud application
as follows:



The gateway examines every request sent by a user’s browser and determines what
sensitive data the request contains based on pre-defined policy defined by you for
the Cloud Application.
Sensitive information in the request or query is automatically encrypted or tokenized
based on the defined rules. The CipherCloud gateway also examines attachments or
uploaded files and processes the files accordingly. CipherCloud forwards the request
containing encrypted or tokenized values to the cloud application.
A log entry is created for this request in the user activity monitoring logs.
7
G-Cloud Services G-Cloud Service Description

The cloud application response to the end user passes through the gateway where
any encrypted or tokenized values are automatically replaced with their plain-text
equivalents. Any file downloads or attachments sent in the response are also
converted to plain text as required.
The CipherCloud gateway processes both cloud requests and responses in real time. It also
caches static content such as style sheets and graphics at the gateway level to enhance
performance of cloud applications. The flow of encrypted data between users and cloud
services via your CipherCloud gateway is depicted below.
CipherCloud Encryption Method
CipherCloud Gateway
Cloud Applica on
Authorised user
Encrypt
Decrypt
Cipher Text
Plain Text
Symmetric Encryp on
(Same key encrypts & decrypts)
CipherCloud Tokenisation Method
CipherCloud Gateway
Cloud Applica on
Authorised User
Tokenise
Subs tute Tokens
Original Data
Mapping
of Tokens
On-premise
database
2.2 Data Extraction, Security and Location
CipherCloud allows you to keep control of your data, ensuring that from the moment it
leaves your network, it remains encrypted, including within the infrastructure of the cloud
services being protected. CipherCloud is deployed on hardware or virtual infrastructure and
can be integrated with most cloud (SaaS) services.
To satisfy compliance requirements, CipherCloud supplements the logs provided by the
Cloud Provider and records all “write” actions (and optionally all “read” actions). User
activity logs can then be fed into existing log management solutions for correlation and
reporting.
8
G-Cloud Services G-Cloud Service Description
The CipherCloud platform improves data management through its Data Loss Prevention
capability (DLP). Out-of-the-box DLP capabilities provided by CipherCloud can also be
integrated with enterprise DLP solutions (such as Symantec and RSA). Because it is deployed
inline as a proxy, the CipherCloud platform is ideally suited to enforce DLP policies to
protect personally identifiable information (PII), personal health information (PHI), credit
card data, financial transactions, and intellectual property.
2.3 Support
CipherCloud offers two levels of support: Premium and Standard. These are are outlined
below and correspond to the G-Cloud service ‘CipherCloud Gateway’. The level of support
needed will be agreed with the customer prior to ordering and will be detailed in the call-off
contract.
Premium Support Services
 Access to and delivery of CipherCloud Support Services 24 hours a day 7 days a week
until the error is resolved.
 Updates and Upgrades as released by CipherCloud.
 Unlimited number of Incident Report submissions.
 Customer portal access for additional error reporting and follow up of any Severity
Level.
Standard Support Services
 Access to and delivery of CipherCloud Support Services from 7 AM to 5 PM local time
until the error is resolved.
 Updates and Upgrades as released by CipherCloud.
 Unlimited number of Incident Report submissions.
 Customer portal access for additional error reporting and follow up of any Severity
Level.
3 Restore and disaster recovery
Industry standard backup and restore procedures can be used to recover from hardware
failures and other system faults. To provide the highest levels of scalability and failover.
Multiple CipherCloud gateways can be installed behind third-party load balancers in an
active-active configuration.
4 On-boarding
CipherCloud can be deployed in the enterprise or in the cloud:
4.1 Onsite Deployment
The CipherCloud gateway is installed on a server or virtual machine behind your own
firewall in a data centre that you, or your service provider, owns. This is ideal for customers
9
G-Cloud Services G-Cloud Service Description
who want to restrict access to cloud applications only from within the corporate network or
VPN.
4.2 Private Cloud or Hosted
CipherCloud can be installed in a virtual private cloud (IaaS) using Amazon Web Services
(AWS) or customers contract with third-parties such as Rackspace, or any other suitable GCloud Lot 1 provider, to host and manage their CipherCloud installation. The CipherCloud
platform may run on any Red Hat or CentOS compatible physical or virtual server.
4.3 Configuration
After installing the software, there are some high level tasks to perform to complete
deployment:
1. Determine the custom URL (Custom host name) to use for gateway access, for
example: salesforce.acme.com.
2. Create or import an SSL certificate.
3. Use the Appliance Admin Console wizard to import or create encryption keys.
4. Use the Management Console wizard to configure the data protection policy.
5. Start protecting data stored in the cloud.
Expert support and advice to ensure the very best deployment possible can be bought from
CipherCloud’s Configuration service.
5 Off-boarding
Data is retained within the SaaS services protected by CipherCloud and data will not be
retained by CipherCloud should you choose to stop using CipherCloud services.
As this service is a pay-as-go service based on a user or instance fee, the service can be
terminated at the end of any subscription period. Simply download the data via CipherCloud
using standard tools to return it to plain text. Upload the plain text version of the data again
directly to the SaaS service to return it to its unencrypted and unprotected state.
6 Performance
A single gateway can typically handle between 5,000 and 7,000 users depending on the
number of requests per second, amount of hardware, memory, and network resources
dedicated to the machine. As needs increase, customers can simply add more CipherCloud
virtual machines or scale down just as easily, making this an elastic and scalable solution.
The CipherCloud platform has been engineered for high performance encryption for large
scale deployments with extremely low latency. The gateway is stateless with no local
database management system for encryption. The gateway processes 99.96% of requests in
less than 100 milliseconds, and provides static content caching for boosting cloud
application performance. Multiple instances of the CipherCloud platform can work
10
G-Cloud Services G-Cloud Service Description
seamlessly behind a load balancer with common encryption keys and flexible plug-ins for
redirection and clustering.
7 Training
Supporting the configuration of your CipherCloud platform can be bought through the
support services that are available on CloudStore. As CipherCloud works hard in the
background, but maintains the user experience of your cloud applications there is no
training requirement for users, they will be able to continue to enjoy the normal
functionality of the SaaS applications you choose to use.
8 Ordering and Invoicing
Orders can be made by contacting us and we will be happy to discuss your requirements
and progress the G-Cloud call off contract and order form accordingly.
11
G-Cloud Services G-Cloud Service Description
9 Unit Based Pricing
9.1.1 CipherCloud Gateway
DESCRIPTION
Core License
CipherCloud Gateway - Instance
Additional License Options
CipherCloud Gateway - Tenant
UNIT
Instance/Year
Subject to Scope
UNIT PRICE
£6,000.00
£4,000.00 –
£6,000.00
9.1.2 Cloud Adaptors
9.1.2.1 Salesforce.com
DESCRIPTION
Core License
CipherCloud Salesforce.com CRM Users
Additional License Options
CipherCloud Chatter Users
CipherCloud Force.com Users
CipherCloud Salesforce.com Portal
CipherCloud Malware Updater Module
CipherCloud Malware
CipherCloud SFDC Email Relay Module
CipherCloud SFDC Outlook Module
CipherCloud SSO Integration Module
CipherCloud Enterprise Integration Module
CipherCloud DPaaS Module
UNIT
User/Month
UNIT PRICE
£20.00
Subject to Scope
£0.50 –
£500.00
Subject to Scope
£10,000.00 –
£20,000.00
9.1.2.2 Office 365
DESCRIPTION
Core License
CipherCloud for Office 365
UNIT
UNIT PRICE
Users/Month
£4.00
9.1.2.3 Gmail
DESCRIPTION
Core License
CipherCloud for Gmail
UNIT
Users/Month
UNIT PRICE
£4.00
12
G-Cloud Services G-Cloud Service Description
9.1.3 Connect Platform
DESCRIPTION
Core License
CipherCloud Connect AnyApp
Additional License Options
CipherCloud Connect Database
CipherCloud Connect API Services
UNIT
UNIT PRICE
Users/Month
Subject to Scope
£5.00
£200.00 –
£300.00
9.1.4 Software Support
DESCRIPTION
Support
Standard Support
Premium Support
UNIT
% of License
% of License
UNIT PRICE
10%
20%
13
G-Cloud Services G-Cloud Service Description
10 G-Cloud Support Pricing
1.
2.
3.
4.
5.
6.
7.
Follow
Assist
Apply
Enable
Ensure/Advise
Initiate/Influence
Set Strategy/Inspire
£1200
£1200
Client Interface
Procurement &
Management Support
(Management Services)
Service management
(Configuration Services)
Solution Development &
Implementation
Business Change
Strategy & Architecture
Services are either Configuration Services one-time or Management Services on an ongoing
basis and based on the day rates per below:
£1200
£1200
14