CloudLock G-Cloud Service Definition Document Products Name:

toadspottedincurableInternet and Web Development

Dec 4, 2013 (3 years and 7 months ago)

97 views



CLOUDLOCK SERVICE D
EFINITION


CLOUDLOCK CONFIDENTIAL
-

FOR INTERNAL USE ONLY

1






CloudLock

G
-
Cloud Service Definition Document



Products Name:

CloudLock Security

CloudLock Vault





LOT 3
-

Software as a Service (SaaS)

December 2011








CLOUDLOCK SERVICE D
EFINITION


CLOUDLOCK CONFIDENTIAL
-

FOR INTERNAL USE ONLY

2


Executive Summary

This document details the relevant sections for the UK G
-
Cloud Service Defi
nition...




Table of Contents


Executive

Summary

Product

Overvie
w

CloudLock

Security

CloudLock

Vault

Information

Assurance

Disaster

Recovery

and

Backup

Procedures

CloudLock

s

Disaster

Recovery

strategy

Backup

On
-
Boarding

and

Training

Service

Pricing

Data

Processing

and

Storage

Locations

Service

Constraints

and

Service

Levels

Ordering

and

Invoicing

Pr
ocess

Termination

Terms

Consumer

Responsibilities

Technical

Requirements










CLOUDLOCK SERVICE D
EFINITION


CLOUDLOCK CONFIDENTIAL
-

FOR INTERNAL USE ONLY

3


Product Overview


CloudLock Security


CloudLock provides control & visibility of all users and all documents & sites in the domain. Add
enterpr
ise class access controls, audits, governance, compliance, e
-
Discovery, and records
retention:





Find & protect exposed data by content / attribute



Detailed audit, governance & compliance reports



Sophisticated monitoring and alerts for end
-
users



CloudLoc
k provides domain wide Docs and Sites monitoring, alerting & administration


ACCESS MANAGEMENT FOR GOOGLE DOCS & SITES


Manage access rights for all your Google Docs & Sites to understand what data you have and
how it is shared. Identify internal and exte
rnal exposures, see what external data is shared with
your users and fix permissions. Use CloudLock’s ongoing exposure monitoring, alerts, and
exports for Google Docs security. Tag exposed documents for end
-
users in their native Google
Docs interface.


CO
MPLIANCE AUDITING FOR GOOGLE DOCS & SITES

CloudLock’s advanced auditing for Google Docs & Sites helps address compliance for
regulations like HIPAA, SOX, FERPA, & PCI DSS. Audit privileged user actions, changes to
permissions by end
-
users, and generate ac
cess rights reports for auditors. Get email alerts and
change reports for new exposures.


e
-
DISCOVERY FOR GOOGLE DOCS


Cloud Lock admins can now extract the exact files that need to be processed by using multiple
criteria based on both meta
-
data and conte
nt within those docs.



CloudLock Vault


RECORDS RETENTION FOR GOOGLE DOCS

CloudLock Vault™ is a secure, tamper
-
proof area in your Google Docs environment where
documents are stored and cannot be deleted or modified. Users create or upload files into the
ir
CloudLock Deposit Box™ and CloudLock Vault automatically sweeps them into a special
account where they are protected.



For more information:



CLOUDLOCK SERVICE D
EFINITION


CLOUDLOCK CONFIDENTIAL
-

FOR INTERNAL USE ONLY

4


C
loudLock

Product

Sheet

CloudLock

Solutions




Information Assurance


CloudLock appreciates that the livelihood of the company depends on its ability to a
pply

the strongest security procedures possible to protect customers’ environments


CloudLock’s security best practices and procedures can be found in the following document:

http
://
www
.
cloudlock
.
com
/
wp
-
content
/
uploads
/2011/07/
cloudlock
-
security
.
pdf




Disaster Recovery and Backup Procedures

CloudLock’s Disaster Recovery strategy

CloudLock has built its
service on top of Google App Engine, Google’s hosting infrastructure.
Using Google App Engine services CloudLock is able to provide a service that is highly
available, with no single point of failure, redundant data repositories and dynamic scale to meet
d
emand and up
-
time. Data is stored on Google App Engine datastore which is a distributed,
highly available and reliable persistent data storage solution.

The application and services are powered by by Google App Engine ‘compute’ instances which
are highly s
calable distributed run time instance.

In addition to relying on the highly available Google App Engine service CloudLock has also
implemented a recovery process that allows for quick provisioning of a new service
environment (application instances) on Go
ogle App Engine where availability to customers can
be restored in up to 2 hours. Business critical data is regularly backed up and can then be
restored.


RTO and RPO and other Parameters



Recovery Time Objective:

2 hours



Recovery Point Objective:

1 week



Disaster Recovery strategy is tested every quarter (3 months). Latest, complete,
successful test was performed on 09
\
2011



CloudLock runs on Google App Engine, Google’s hosting infrastructure. Available
capacity on this environment is elastic and scales imm
ediately. CloudLock is provisioned
with available capacity that is 3 times the required capacity. Capacity is monitored
regularly.



CLOUDLOCK SERVICE D
EFINITION


CLOUDLOCK CONFIDENTIAL
-

FOR INTERNAL USE ONLY

5




Backup

In order to protect customer data and the availability of the CloudLock service backups are
performed (optionall
y) for specific data sets. The scope of backup is limited as the risk of data
loss is reduced due to the high availability nature of the Google App Engine data
-
store and the
nature of the data that CloudLock stores (meta
-
data only).


If backup is configure
d for a customer only the following data sets, which are classified as
business critical, will be backed up:



Customer configuration records



Customer settings



Customer audit logs



Customer administration statistics and logs




On
-
Boarding and Training


On
-
bo
arding and 4 hours of training are included in the annual CloudLock subscription.


Beyond this, additional training can be included in a separate SOW at a discounted government
rate of $150/ Hour


Deployment Process Outline

The CloudLock Deployment process

has six steps:

1.

Deployment Launch Meeting

-

CloudLock Ops team meets with customer to kick off
and plan the deployment process and articulate all the steps and expectations

2.

Collecting
Google Apps Stats
-

these are statistics from the customer Google Apps
e
nvironment collected from the CPanel (can be found by the following URL:


https
://
www
.
google
.
com
/
a
/
cpanel
/
customer
/
AdminSupport
#
Reports

under the Docs
section. The info
rmation about the last 3 months should be exported in the CSV format
and sent to CloudLock (
support@cloudlock.com
).

3.

Deployment in Production in Trial Mode
-

CloudLock should be first run in the trial
mode. This will allow collection of CloudLock statistics

from the CloudLock application
about the customers production environment without full scans.

4.

CloudLock Ops Analysis
-

the CloudLock Ops team will analyze the collected stats
from the cpanel and CloudLock Trial and extrapolate the required configuration

5.

C
loudLock Deployment Configuration
-

CloudLock team will tune the CloudLock
instance according to the collected information and ask the customer to run a full scan
while monitoring the performance of the application. If any additional tuning is required, it

will be communicated to the customer.



CLOUDLOCK SERVICE D
EFINITION


CLOUDLOCK CONFIDENTIAL
-

FOR INTERNAL USE ONLY

6


6.

Customer Acceptance
-

Once the CloudLock team concludes that the system is fully
configured and that there is full utilisation of the resources, CloudLock support team will
communicate expected performance and all th
e usage aspects to the customer. If there
will be any open questions, CloudLock will work with the customer to ensure the best
possible results and highest satisfaction level.





Service Pricing


CloudLock is a subscription based software as a service of
fering. Pricing is based on the
number of employees (Google Apps user accounts) an organization has. Once installed, end
users can be added as direct users of the CloudLock service.


Special price for Government organizations includes:



CloudLock Security f
or US$10/ User annual subscription



CloudLock Vault for US$16/ User annual subscription


Volume Discounts available for organizations with over 1,000 users


Full pricing is available on the
Pricing

page


CloudLock Trial

CloudLock offers a FREE 7 day trial of the product with no upfront commitment.

The trial offers the full product features but is limited to 200 users
.






Data Processing and Storage Locations



CloudLock runs on Google App Engine, Google’s hosting infrastructure. Available capacity on
this environment is elastic and scales immediately. CloudLock is provisioned with available
capacity that is 3 times
the required capacity. Capacity is monitored regularly.


CloudLock has built its service on top of Google App Engine, Google’s hosting infrastructure.
Using Google App Engine services CloudLock is able to provide a service that is highly
available, with no

single point of failure, redundant data repositories and dynamic scale to meet
demand and up
-
time.




CLOUDLOCK SERVICE D
EFINITION


CLOUDLOCK CONFIDENTIAL
-

FOR INTERNAL USE ONLY

7


Data is stored on Google App Engine data
-
store which is a distributed, highly available and
reliable persistent data storage solution.


The application and

services are powered by by Google App Engine ‘compute’ instances which
are highly scalable distributed run time instance.





Service Constraints and Service Levels


Support
:

CloudLock’s support can be reached via:

support
@
cloudlock
.
com

or calling us at 781
-
996
-
4332 (x
-
116) or using the live cha
t support on our website.


SLA
:

CloudLock

s

SLA





Ordering and Invoicing Process


Invoicing is done by submitting a p.o to
orders
@
cloudlock
.
com

or via an approved CloudLock
partner.





Termination Terms


See CloudLock’s
Terms

of

Service



Consumer Respons
ibilities


Customer responsibilities and restrictions are listed in CloudLock’s
Terms

of

Service



CLOUDLOCK SERVICE D
EFINITION


CLOUDLOCK CONFIDENTIAL
-

FOR INTERNAL USE ONLY

8





Technical Requirements


Google Apps administrative account is required for installation of CloudLock