Managed Embedded Security Controls

The Embedded Security Controls platform runs security policies that protect people accessing the internet from your sites. As part of the initial set-up, we’ll work with you to fine-tune these policies. The solution includes a remote access feature, which protects people using the internet when they’re away from your sites: mobile workers, home workers, and so on.

You can apply security policies at a site, which gives you flexibility when you’re setting the policies.

If you want to make tweaks to existing security policies or add new ones, you need to raise a Simple Service Request (SSR). We’ll then make the change for you.

You don’t need to do anything to add a new user. One of the benefits of Embedded Security Controls is that there’s no need to change your service for new hires or leavers - as long as your aggregated bandwidth usage stays the same, you don’t need to make any changes.

Adding a new site is different.

As part of your solution requirements you’ll have told us the number of sites that require internet breakout via the Embedded Security Controls platform. During the initial set up, we’ll have configured the IPSec tunnel on our platform to accept your internet traffic. So when you add a new site, we’ll need to setup a new IPSec tunnel for this site.

As for the initial setup, you’re responsible for configuring the IPSec tunnel on your connectivity CPE.

If you want to add a new site, you’ll need to raise a Complex Service Request (CSR) by contacting your Account Manager.

We have Embedded Security Controls platforms in London, Colindale and Guildford. Each location provides the same level of service and security.

As part of the initial set up process, we’ll provide you with the connection details to forward your internet traffic to the appropriate Embedded Security Controls platform.

When we release a new feature within the feature bundle you’ve purchased, we’ll let you know. As soon as the feature’s available, we’ll help you set it up. Sometimes there may be an installation fee to set up the new feature.

We’ll make updates to the Embedded Security Controls platform available to you at our discretion. As we’re working with a multi-tenanted platform, we may be unable to agree a rollout plan that fits with every organisations ideal. We’ll let you know of any scheduled updates and what, if any, impact you may experience. 

We host our Embedded Security Controls solution in BT datacentres. We underpin the solution with award-winning Palo Alto next-generation firewalls. Palo Alto provide firewall updates, which we roll out at our discretion. We manage and deliver the configuration of tunnels and the configuration of your security policies.

As the Managed Embedded Security Controls solution is a multi-tenanted platform, we may be unable to agree a release cycle for updates and bug fixes that best suits your organisation. If we have an urgent update or bug fix to deploy, we’ll update the platform as soon as possible.

If we deem an update to not be urgent, we will release the update or bug fix at our discretion. In both scenarios, we’ll let you know before the update takes place what, if any, impact you may face.

You can select as many of the security features as you would like for each of your sites. For example, you might choose to take five features for site A, and four features for site B.

You can also select the aggregated bandwidth that you need for your organisation.

We’ll roll out a base policy security configuration for each of the security features you select. This should help reduce the amount of customisation required as part of the initial set up. We’ll agree and sign off all of the security policies with you before we apply them. You have the option to change and tailor these to your organisation’s requirements.

When the solution’s in-life, you have the option to change all of your security policies through our SSR process.

You can’t do any customisation outside of the core product functionality.

Yes. As an admin, you’ll be using two portals: BT My Account; and the Security Hub.

You access the Security Hub through My Account, which uses multi factor-authentication. Once logged in, you’ll be able to launch the Security Hub portal without needing to provide further user credentials

As we’re managing your service, we’ll give you and any requested users, access to the Security Hub portal so you’ll be able to view reports and security statistics. In the case of leavers and new joiners, you’ll be able to change who has access to the Security Hub portal using our SSR process.

While we manage your service, only BT operations users who have successfully completed the relevant training, will be able to make changes to your solutions when instructed to do so by you.

We will audit our operational users, who have access to your account, on a quarterly basis to check that their access is still relevant and required. We have processes and procedures in place so that when operations users change roles or leave BT, we remove their access to relevant systems and accounts.

Yes. We’ll give you access to the Security Hub portal (accessible via the My Account portal), where you’ll be able to access a number of reports.

For further information on what reports are available, please refer to the service description.

Yes. Reports are available on the Security Hub portal in real time.

Support is available 24/7/365 via phone call, the My Account portal, and through online content for all components of your Embedded Security Controls service.

As your Embedded Security Controls solution is a cloud-based solution, there’s no equipment to maintain or repair.

If you experience any problems with your service, we’ll prioritise any incidents you report to our help desk according to their severity. We’ll aim to fix and resolve your incident within the target times for the priority level (from levels P1-P5) detailed in the service description document.