Product CMMC Pricing Request Demo Sign in

It's all about Security

Defense subcontractors trust FutureFeed with their data, and this responsibility is something we take very seriously! We combine enterprise-class security features, serious logging and auditing of our infrastructure, access and data to ensure customer data is always protected. Our customers rest easy knowing their information is safe, and their compliance data secure.

ITAR Notification

FutureFeed is designed to meet or exceed the requirements of DFARS under the NIST 800-171 Guidance.

FutureFeed undergoes regular audits to validate compliance. As such, it is not designed for the storage of client information subject to export controls.

It is the sole responsibility of client users to limit any storage of technical or other data marked with classifications above CUI/CDI.

Data Center Security

We ensure the confidentiality and integrity of your data with industry best practices. FutureFeed hosts its service and client data on Heroku infrastructure in AWS data centers that have been certified as ISO 27001, PCI/DSS Service Provider Level 1, and/or SOC 2 compliance. Our Security Team is on call 24/7 to respond to security alerts and events.
Read more...

Application Security

We take steps to securely develop and test against security threats to ensure the safety of our customer data. In addition, FutureFeed employs third-party security experts to perform detailed penetration tests on different applications within our family of products.
Read more...

Product Security Features

We make it seamless for customers to manage access and sharing policies with multi-factor authentication. All communications with FutureFeed servers are encrypted using industry standard HTTPS over public networks, meaning the traffic between you and FutureFeed is secure.

US Based Data Processing and Storage

All client data is stored, processed, and retained on U.S. based infrastructure.

To help troubleshoot problems within a client account, FutureFeed may access client data. All such access is logged and initiated by background checked, U.S. citizen-based support representatives.

Client screenshares may be used from time to time in support of client needs. All such access occurs only when initiated by the client in a session that clearly identifies the remote session. Screenshare sessions are logged.
Read more...

Best Practices

FutureFeed provides a range of security options to ensure data is protected and secure. But an ounce of prevention is worth a pound of cure. By following these best practices, you can increase the security of your FutureFeed.

  • Never give out usernames, email addresses, or passwords.
  • Limit the number of users with administrator access.
  • Use multi-factor authentication to secure your account.

Data center & network security

Physical Security
Facilities FutureFeed hosts service data in AWS data centers through the Heroku service that have been certified as ISO 27001, PCI/DSS Service Provider Level 1, and/or SOC II compliance.

AWS/Heroku infrastructure services includes back-up power, HVAC systems, and fire suppression equipment to help protect servers and ultimately your data. Learn more about Heroku Security.
On-site Security AWS on-site security includes a number of features such as security guards, fencing, security feeds, intrusion detection technology, and other security measures. Learn more about AWS physical security.
Monitoring All Production Network systems, networked devices, and circuits are constantly monitored and logically administered by FutureFeed staff. Physical security, power, and internet connectivity are monitored by AWS.
Location FutureFeed leverages Heroku/AWS data centers in the United States. Customers’ data is located in the US-only. From time to time, FutureFeed may utilize ancillary services for billing management and customer services. Should ancillary services be utilized that are not located in the U.S., they will have no access, nor storage of client data beyond the minimal data required for customer support connectivity and billing. All such organizations must meet GDPR regulatory requirements.
Network Security
Dedicated Security Team Our Security Team is on call 24/7 to respond to security alerts and events.
Protection Our network is protected through the use of key AWS security services, integration with our Cloudflare edge protection networks, regular audits, and network intelligence technologies which monitor and/or block malicious traffic and network attacks.
Architecture Our network security architecture consists of multiple security zones. More sensitive systems, like database servers, are protected in our most trusted zones. Other systems are housed in zones commensurate with their sensitivity, depending on function, information classification, and risk. Depending on the zone, additional security monitoring and access controls will apply. DMZs are utilized between the Internet, and internally between the different zones of trust.
Network Vulnerability Scanning Network security scanning gives us deep insight for quick identification of out-of-compliance or potentially vulnerable systems.
Third-Party Penetration Test In addition to our extensive internal scanning and testing program, each year, Heroku employs third-party security experts to perform a broad penetration test(s) across the Production Network.
Security Incident Event Management (SIEM) Our Security Incident Event Management (SIEM) system gathers extensive logs from important network devices and host systems. The SIEM alerts on triggers which notify the Security team based on correlated events for investigation and response.
Intrusion Detection and Prevention Service ingress and egress points are instrumented and monitored to detect anomalous behavior. These systems are configured to generate alerts when incidents and values exceed predetermined thresholds and use regularly updated signatures based on new threats. This includes 24/7 system monitoring.
Threat Intelligence Program FutureFeed participates in several threat intelligence sharing programs. We monitor threats posted to these threat intelligence networks and take action based on our risk and exposure.
DDoS Mitigation FutureFeed has architected a multi-layer approach to DDoS mitigation. A core technology partnership with Cloudflare provides network edge defenses, while the use of AWS scaling and protection tools provide deeper protection along with our use of AWS DDoS specific services.
Logical Access Access to the FutureFeed Production Network is restricted by an explicit need-to-know basis, utilizes least privilege, is frequently audited and monitored, and is controlled by our Operations Team. Employees accessing the FutureFeed Production Network are required to use multiple factors of authentication.
Security Incident Response In case of a system alert, events are escalated to our 24/7 teams providing Operations, Network Engineering, and Security coverage. Employees are trained on security incident response processes, including communication channels and escalation paths.
Encryption
Encryption in Transit Communications between you and FutureFeed Support Chat and Screensharing servers are encrypted via industry best-practices HTTPS and Transport Layer Security (TLS) over public networks. TLS is also supported for encryption of emails.
Encryption at Rest Customers of FutureFeed benefit from the protections of encryption at rest for their data. Service Data is encrypted at rest in AWS using AES 256 key encryption.
Availability & Continuity
Redundancy FutureFeed employs service clustering and network redundancies to eliminate single points of failure. Our strict backup regime and/or our Enhanced Disaster Recovery service offering allows us to deliver high level of service availability.
Disaster Recovery Our Disaster Recovery (DR) program ensures that our services remain available or are easily recoverable in the case of a disaster. This is accomplished through building a robust technical environment, creating Disaster Recovery plans, and testing activities.
Application Security
Authentication To prevent unauthorized account access, a strong passphrase is used for both our Heroku user account and SSH keys. SSH keys are stored securely to prevent disclosure. SSH keys are replaced if lost or disclosed, and by policy FutureFeed uses Heroku’s RBAC model to invite contributors rather than sharing user accounts.
Secure Development Practices FutureFeed applies development best practices for our development language(s) and framework(s) to mitigate known vulnerability types such as those on the OWASP Top 10 Web Application Security Risks.



FutureFeed © 2019