Defense subcontractors trust FutureFeed with their data, and this responsibility is something we take very seriously! We combine enterprise-class security features, serious logging and auditing of our infrastructure, access and data to ensure customer data is always protected. Our customers rest easy knowing their information is safe, and their compliance data secure.
We ensure the confidentiality and integrity of your data with industry best practices. FutureFeed hosts its service and client data on Heroku infrastructure in AWS data centers that have been certified as ISO 27001, PCI/DSS Service Provider Level 1, and/or SOC 2 compliance. Our Security Team is on call 24/7 to respond to security alerts and events.
FutureFeed uses AWS Govcloud for the storage of all uploaded documents.
AWS Govcloud is rated as FedRamp High.
We take steps to securely develop and test against security threats to ensure the safety of our customer data. In addition, FutureFeed employs third-party security experts to perform detailed penetration tests on different applications within our family of products.
We make it seamless for customers to manage access and sharing policies with multi-factor authentication. All communications with FutureFeed servers are encrypted using industry standard HTTPS over public networks, meaning the traffic between you and FutureFeed is secure.
All client data is stored, processed, and retained on U.S. based infrastructure.
To help troubleshoot problems within a client account, FutureFeed may access client data. All such access is logged and initiated by background checked, U.S. citizen-based support representatives.
Client screenshares may be used from time to time in support of client needs. All such access occurs only when initiated by the client in a session that clearly identifies the remote session. Screenshare sessions are logged.
FutureFeed provides a range of security options to ensure data is protected and secure. But an ounce of prevention is worth a pound of cure. By following these best practices, you can increase the security of your FutureFeed.
|Facilities||FutureFeed hosts service data in AWS data centers through the Heroku service that have been certified as ISO 27001, PCI/DSS Service Provider Level 1, and/or SOC II compliance.
AWS/Heroku infrastructure services includes back-up power, HVAC systems, and fire suppression equipment to help protect servers and ultimately your data. Learn more about Heroku Security.
|On-site Security||AWS on-site security includes a number of features such as security guards, fencing, security feeds, intrusion detection technology, and other security measures. Learn more about AWS physical security.|
|Monitoring||All Production Network systems, networked devices, and circuits are constantly monitored and logically administered by FutureFeed staff. Physical security, power, and internet connectivity are monitored by AWS.|
|Location||FutureFeed leverages Heroku/AWS data centers in the United States. Customers’ data is located in the US-only. From time to time, FutureFeed may utilize ancillary services for billing management and customer services. Should ancillary services be utilized that are not located in the U.S., they will have no access, nor storage of client data beyond the minimal data required for customer support connectivity and billing. All such organizations must meet GDPR regulatory requirements.|
|Dedicated Security Team||Our Security Team is on call 24/7 to respond to security alerts and events.|
|Protection||Our network is protected through the use of key AWS security services, integration with our Cloudflare edge protection networks, regular audits, and network intelligence technologies which monitor and/or block malicious traffic and network attacks.|
|Architecture||Our network security architecture consists of multiple security zones. More sensitive systems, like database servers, are protected in our most trusted zones. Other systems are housed in zones commensurate with their sensitivity, depending on function, information classification, and risk. Depending on the zone, additional security monitoring and access controls will apply. DMZs are utilized between the Internet, and internally between the different zones of trust.|
|Network Vulnerability Scanning||Network security scanning gives us deep insight for quick identification of out-of-compliance or potentially vulnerable systems.|
|Third-Party Penetration Test||In addition to our extensive internal scanning and testing program, each year, Heroku employs third-party security experts to perform a broad penetration test(s) across the Production Network.|
|Security Incident Event Management (SIEM)||Our Security Incident Event Management (SIEM) system gathers extensive logs from important network devices and host systems. The SIEM alerts on triggers which notify the Security team based on correlated events for investigation and response.|
|Intrusion Detection and Prevention||Service ingress and egress points are instrumented and monitored to detect anomalous behavior. These systems are configured to generate alerts when incidents and values exceed predetermined thresholds and use regularly updated signatures based on new threats. This includes 24/7 system monitoring.|
|Threat Intelligence Program||FutureFeed participates in several threat intelligence sharing programs. We monitor threats posted to these threat intelligence networks and take action based on our risk and exposure.|
|DDoS Mitigation||FutureFeed has architected a multi-layer approach to DDoS mitigation. A core technology partnership with Cloudflare provides network edge defenses, while the use of AWS scaling and protection tools provide deeper protection along with our use of AWS DDoS specific services.|
|Logical Access||Access to the FutureFeed Production Network is restricted by an explicit need-to-know basis, utilizes least privilege, is frequently audited and monitored, and is controlled by our Operations Team. Employees accessing the FutureFeed Production Network are required to use multiple factors of authentication.|
|Security Incident Response||In case of a system alert, events are escalated to our 24/7 teams providing Operations, Network Engineering, and Security coverage. Employees are trained on security incident response processes, including communication channels and escalation paths.|
|Encryption in Transit||Communications between you and FutureFeed Support Chat and Screensharing servers are encrypted via industry best-practices HTTPS and Transport Layer Security (TLS) over public networks. TLS is also supported for encryption of emails.|
|Encryption at Rest||Customers of FutureFeed benefit from the protections of encryption at rest for their data. Service Data is encrypted at rest in AWS using AES 256 key encryption.|
|Availability & Continuity|
|Redundancy||FutureFeed employs service clustering and network redundancies to eliminate single points of failure. Our strict backup regime and/or our Enhanced Disaster Recovery service offering allows us to deliver high level of service availability.|
|Disaster Recovery||Our Disaster Recovery (DR) program ensures that our services remain available or are easily recoverable in the case of a disaster. This is accomplished through building a robust technical environment, creating Disaster Recovery plans, and testing activities.|
|Authentication||To prevent unauthorized account access, a strong passphrase is used for both our Heroku user account and SSH keys. SSH keys are stored securely to prevent disclosure. SSH keys are replaced if lost or disclosed, and by policy FutureFeed uses Heroku’s RBAC model to invite contributors rather than sharing user accounts.|
|Secure Development Practices||FutureFeed applies development best practices for our development language(s) and framework(s) to mitigate known vulnerability types such as those on the OWASP Top 10 Web Application Security Risks.|