Managed Operations Packages

Many of the functions contained in the below packages would be considered mandatory by medium to large organisations to support data security and environment integrity over time. However not every company has the in- house resources to perform these functions with the necessary consistency or resources may be focussed on different priorities.

We believe that these complementary managed operations services make our hosted private cloud offering even more compelling.

If you have specific regulatory requirements which aren’t addressed in our packages, please let us know and we should certainly be able to work out a solution for your purposes. We can also combine individual aspects of the packages to suit your specific requirements.

Men working at computers
Package 1: ADVANCED SECURITY

A set of services designed to complement the basic security hygiene provided in the standard setup of your CleanSafeCloud hosted private cloud estate

  • Security Patch Management
    • Ensures automatic security updates are enabled and verifies they are being applied as expected.
    • Automatic restart of impacted services and applications.
  • Kernel Updates
    • Verifies kernel updates and executes reboots to apply according to agreed schedule.
    • Customer defined automated sanity checks executed to ensure correct operation post- reboot.
  • O/S Lifecycle Assessment
    • Report highlights EOL O/S and standard apps schedule, up to 18 months out.
  • User Access Review
    • Comprehensive report of user access and entitlements, for up to 50 accounts.
    • Coverage includes standard applications such as MySQL, NextCloud or GitLab (to name just a few), as well as standard VM and OpenStack accounts.
  • Firewall Review
    • Report to show all access points in each firewall layer, highlighting inconsistencies and any access deemed exceedingly wide.
  • Firewall - Enhanced
    • Support for Geo-based access filtering to your environment.
    • Monthly report and analysis of rejected access attempts.
  • DDoS Monitoring
    • We monitor DDoS threat level and trigger mitigation as required.
Men working at computers
Package 2: ADVANCED OPERATIONS MANAGEMENT

Takes care of the essential day-to-day management of your environment, ensuring its continuous, safe operation

  • Access Management
    • On-demand service for user account management (create, update, amend, revoke)
    • Instant user access revocation across standard OS, infrastructure and applications.
  • Major O/S upgrades
    • Report pro-actively highlights EOL O/S and standard apps schedule up to 18 months out.
    • We perform major upgrades in a parallel staging environment to allow you to test your apps.
  • SSL certificate management
    • Set-up, auto-renewal and monitoring of “Let’s Encrypt” certificates (up to 50 deployments).
    • Available even where not supported by DNS provider.
  • SSL certificate monitoring
    • Monitors validity of SSL certificates of up to 50 URLs with real-time alerts.
    • Weekly report of upcoming expiries.
  • Availability monitoring and escalation
    • Continuous monitoring of externally visible resources from up to eight worldwide locations.
    • Real-time escalation via email (other mechanisms such as SMS or mobile app are available).
    • Weekly and monthly reports showing uptime and average response time among others.
Men working at computers
Package 3: ENTERPRISE SECURITY

A comprehensive package to secure your enterprise environment. These services may be added to, or chosen separately from, the Advanced Security package.

  • Security patch assessment
    • Deploys automated OS and infra security patches to a staging environment and performs user-defined automated sanity-checks before progressing them to your production environment
  • Intrusion detection - static
    • Comprehensive intrusion detection through monitoring of specific filesystem resources.
    • Acts as an additional safety layer by verifying effective deployment of OS patches.
    • Out-of-band assessment defeats root-kits and avoids compromising production performance.
  • Network intrusion detection
    • Real-time monitoring of network traffic in-bound to your environment.
    • Detection of suspicious activity raises immediate alerts.
  • Emergency critical updates
    • Critical vulnerabilities which directly impact your estate patched within 24 hours of availability.
  • Vulnerability scanning
    • Monthly scanning of the software installed across your environment.
    • A vulnerability report highlights components to be remediated with upgrades or replacements.
Men working at computers
Package 4: CAPACITY MANAGEMENT

Provides important capacity management functions helping you monitor the performance of your estate in real-time as well as plan and budget ahead for resources.

  • Real-time performance monitoring/alerting
    • Monitor performance of your environment in real-time with a graphical dashboard and compare it against historical peaks and trends.
    • Built-in alerting on key threshold breaches.
  • Trend analysis / Recommendations
    • Reporting to show usage trends and peaks across all resources within your environment.
    • Recommendations to address pinch-points with short term mitigation where appropriate.
    • Analysis predicts future requirements out to 3, 6, 12 months timescales
Men working at computers
Package 5: BUSINESS CONTINUITY

These services provide essentials to ensure your business remains operational in the event of catastrophic loss or corruption of data and services. Your basic CleanSafeCloud hosted private cloud service provides excellent reliability and durability for your data – by replicating it on 3 physically separate hosts among others – but this doesn’t guard against risks such as user error (accidental deletion), ransomware or other force majeure events.

  • Load Balancing
    • Per application, across multiple service instances, ensuring continuity in the event of the loss of an instance, subject to application architecture support.
  • On-site checkpoints
    • This provides automation of the snapshotting feature to ensure that checkpoints are automated and compliant with policies.
  • On-site independent backups
    • Mitigation against user error, system malfunction, ransomware, etc...
    • Data is encrypted at all times, and remains within our Swiss Data Centre.