It’s all about Security
Defense subcontractors trust FutureFeed with their data, and this responsibility is something we take very seriously! We combine enterprise-class security features, serious logging and auditing of our infrastructure, access and data to ensure customer data is always protected. Our customers rest easy knowing their information is safe, and their compliance data secure.
Classified and Export Controlled Information Notification
Although FutureFeed is designed to meet or exceed the security requirements in NIST SP 800-171, FutureFeed may not be used to store or process any US Government information, including classified information or information subject to export controls (e.g, ITAR, EAR, CUI with NOFORN or RELTO markings, etc.). All clients are responsible for ensuring that information submitted to FutureFeed meets these requirements.
Data Center Security
We ensure the confidentiality and integrity of your data with industry best practices. FutureFeed hosts its service and client data on AWS Govcloud. Our Security Team is on call 24/7 to respond to security alerts and events
AWS Govcloud
FutureFeed uses AWS Govcloud for the storage of all uploaded documents. AWS Govcloud is rated as FedRamp High.
Application Security
We take steps to securely develop and test against security threats to ensure the safety of our customer data. In addition, FutureFeed employs third-party security experts to perform detailed penetration tests on different applications within our family of products.
Product Security Features
We make it seamless for customers to manage access and sharing policies with multi-factor authentication. All communications with FutureFeed servers are encrypted using industry standard HTTPS over public networks, meaning the traffic between you and FutureFeed is secure.
US Based Data Processing and Storage
All client data is stored, processed, and retained on U.S. based infrastructure. To help troubleshoot problems within a client account, FutureFeed may access client data. All such access is logged and initiated by background checked, U.S. citizen-based support representatives. Client screenshares may be used from time to time in support of client needs. All such access occurs only when initiated by the client in a session that clearly identifies the remote session. Screenshare sessions are logged.
Best Practices
FutureFeed provides a range of security options to ensure data is protected and secure. But an ounce of prevention is worth a pound of cure. By following these best practices, you can increase the security of your FutureFeed.
- Never give out usernames, email addresses, or passwords.
- Limit the number of users with administrator access.
- Use multi-factor authentication to secure your account.
Data center & network security
Physical Security
Facilities
FutureFeed hosts service data on AWS Govcloud.
AWS Govcloud infrastructure services includes back-up power, HVAC systems, and fire suppression equipment to help protect servers and ultimately your data.
On-site Security
FutureFeed hosts service data on AWS Govcloud.
AWS Govcloud infrastructure services includes back-up power, HVAC systems, and fire suppression equipment to help protect servers and ultimately your data.
Monitoring
FutureFeed hosts service data on AWS Govcloud.
AWS Govcloud infrastructure services includes back-up power, HVAC systems, and fire suppression equipment to help protect servers and ultimately your data.
Location
FutureFeed hosts service data on AWS Govcloud.
AWS Govcloud infrastructure services includes back-up power, HVAC systems, and fire suppression equipment to help protect servers and ultimately your data.
Network Security
Dedicated Security Team
Our Security Team is on call 24/7 to respond to security alerts and events.
Protection
Our network is protected through the use of key AWS security services, integration with our Cloudflare edge protection networks, regular audits, and network intelligence technologies which monitor and/or block malicious traffic and network attacks.
Architecture
Our network security architecture consists of multiple security zones. More sensitive systems, like database servers, are protected in our most trusted zones. Other systems are housed in zones commensurate with their sensitivity, depending on function, information classification, and risk. Depending on the zone, additional security monitoring and access controls will apply. DMZs are utilized between the Internet, and internally between the different zones of trust.
Network Vulnerability Scanning
Network security scanning gives us deep insight for quick identification of out-of-compliance or potentially vulnerable systems.
Security Incident Event Management (SIEM)
Our Security Incident Event Management (SIEM) system gathers extensive logs from important network devices and host systems. The SIEM alerts on triggers which notify the Security team based on correlated events for investigation and response.
Intrusion Detection and Prevention
Service ingress and egress points are instrumented and monitored to detect anomalous behavior. These systems are configured to generate alerts when incidents and values exceed predetermined thresholds and use regularly updated signatures based on new threats. This includes 24/7 system monitoring.
Threat Intelligence Program
FutureFeed participates in several threat intelligence sharing programs. We monitor threats posted to these threat intelligence networks and take action based on our risk and exposure.
DDoS Mitigation
FutureFeed has architected a multi-layer approach to DDoS mitigation. A core technology partnership with Cloudflare provides network edge defenses, while the use of AWS scaling and protection tools provide deeper protection along with our use of AWS DDoS specific services.
Logical Access
Access to the FutureFeed Production Network is restricted by an explicit need-to-know basis, utilizes least privilege, is frequently audited and monitored, and is controlled by our Operations Team. Employees accessing the FutureFeed Production Network are required to use multiple factors of authentication.
Security Incident Response
In case of a system alert, events are escalated to our 24/7 teams providing Operations, Network Engineering, and Security coverage. Employees are trained on security incident response processes, including communication channels and escalation paths.
Encryption
Encryption in Transit
Communications between you and FutureFeed Support Chat and Screensharing servers are encrypted via industry best-practices HTTPS and Transport Layer Security (TLS) over public networks. TLS is also supported for encryption of emails.
Encryption at Rest
Customers of FutureFeed benefit from the protections of encryption at rest for their data. Service Data is encrypted at rest in AWS using AES 256 key encryption.
Availability & Continuity
Redundancy
FutureFeed employs service clustering and network redundancies to eliminate single points of failure. Our strict backup regime and/or our Enhanced Disaster Recovery service offering allows us to deliver high level of service availability.
Disaster Recovery
Our Disaster Recovery (DR) program ensures that our services remain available or are easily recoverable in the case of a disaster. This is accomplished through building a robust technical environment, creating Disaster Recovery plans, and testing activities.
Application Security
Authentication
To prevent unauthorized account access, a strong passphrase is used for both our AWS user account and SSH keys. SSH keys are stored securely to prevent disclosure. SSH keys are replaced if lost or disclosed.
Secure Development Practices
FutureFeed applies development best practices for our development language(s) and framework(s) to mitigate known vulnerability types such as those on the OWASP Top 10 Web Application Security Risks.