Defense subcontractors trust FutureFeed with their data, and this responsibility is something we take very seriously! We combine enterprise-class security features, serious logging and auditing of our infrastructure, access and data to ensure customer data is always protected. Our customers rest easy knowing their information is safe, and their compliance data secure.
Although FutureFeed is designed to meet or exceed the security requirements in NIST SP 800-171, FutureFeed may not be used to store or process any US Government information, including classified information or information subject to export controls (e.g, ITAR, EAR, CUI with NOFORN or RELTO markings, etc.). All clients are responsible for ensuring that information submitted to FutureFeed meets these requirements.
All client data is stored, processed, and retained on U.S. based infrastructure. To help troubleshoot problems within a client account, FutureFeed may access client data. All such access is logged and initiated by background checked, U.S. citizen-based support representatives. Client screenshares may be used from time to time in support of client needs. All such access occurs only when initiated by the client in a session that clearly identifies the remote session. Screenshare sessions are logged.
FutureFeed provides a range of security options to ensure data is protected and secure. But an ounce of prevention is worth a pound of cure. By following these best practices, you can increase the security of your FutureFeed.
FutureFeed hosts service data on AWS Govcloud.
AWS Govcloud infrastructure services includes back-up power, HVAC systems, and fire suppression equipment to help protect servers and ultimately your data.
AWS on-site security includes a number of features such as security guards, fencing, security feeds, intrusion detection technology, and other security measures. Learn more about AWS physical security.
All Production Network systems, networked devices, and circuits are constantly monitored and logically administered by FutureFeed staff. Physical security, power, and internet connectivity are monitored by AWS.
FutureFeed leverages AWS data centers in the United States. Customers’ data is located in the US-only. From time to time, FutureFeed may utilize ancillary services for billing management and customer services. Should ancillary services be utilized that are not located in the U.S., they will have no access, nor storage of client data beyond the minimal data required for customer support connectivity and billing. All such organizations must meet GDPR regulatory requirements.
|Dedicated Security Team|
Our Security Team is on call 24/7 to respond to security alerts and events.
Our network is protected through the use of key AWS security services, integration with our Cloudflare edge protection networks, regular audits, and network intelligence technologies which monitor and/or block malicious traffic and network attacks.
Our network security architecture consists of multiple security zones. More sensitive systems, like database servers, are protected in our most trusted zones. Other systems are housed in zones commensurate with their sensitivity, depending on function, information classification, and risk. Depending on the zone, additional security monitoring and access controls will apply. DMZs are utilized between the Internet, and internally between the different zones of trust.
|Network Vulnerability Scanning|
Network security scanning gives us deep insight for quick identification of out-of-compliance or potentially vulnerable systems.
|Security Incident Event Management (SIEM)|
Our Security Incident Event Management (SIEM) system gathers extensive logs from important network devices and host systems. The SIEM alerts on triggers which notify the Security team based on correlated events for investigation and response.
|Intrusion Detection and Prevention|
Service ingress and egress points are instrumented and monitored to detect anomalous behavior. These systems are configured to generate alerts when incidents and values exceed predetermined thresholds and use regularly updated signatures based on new threats. This includes 24/7 system monitoring.
|Threat Intelligence Program|
FutureFeed participates in several threat intelligence sharing programs. We monitor threats posted to these threat intelligence networks and take action based on our risk and exposure.
FutureFeed has architected a multi-layer approach to DDoS mitigation. A core technology partnership with Cloudflare provides network edge defenses, while the use of AWS scaling and protection tools provide deeper protection along with our use of AWS DDoS specific services.
Access to the FutureFeed Production Network is restricted by an explicit need-to-know basis, utilizes least privilege, is frequently audited and monitored, and is controlled by our Operations Team. Employees accessing the FutureFeed Production Network are required to use multiple factors of authentication.
|Security Incident Response|
In case of a system alert, events are escalated to our 24/7 teams providing Operations, Network Engineering, and Security coverage. Employees are trained on security incident response processes, including communication channels and escalation paths.
|Encryption in Transit|
Communications between you and FutureFeed Support Chat and Screensharing servers are encrypted via industry best-practices HTTPS and Transport Layer Security (TLS) over public networks. TLS is also supported for encryption of emails.
|Encryption at Rest|
Customers of FutureFeed benefit from the protections of encryption at rest for their data. Service Data is encrypted at rest in AWS using AES 256 key encryption.
FutureFeed employs service clustering and network redundancies to eliminate single points of failure. Our strict backup regime and/or our Enhanced Disaster Recovery service offering allows us to deliver high level of service availability.
Our Disaster Recovery (DR) program ensures that our services remain available or are easily recoverable in the case of a disaster. This is accomplished through building a robust technical environment, creating Disaster Recovery plans, and testing activities.
To prevent unauthorized account access, a strong passphrase is used for both our AWS user account and SSH keys. SSH keys are stored securely to prevent disclosure. SSH keys are replaced if lost or disclosed.
|Secure Development Practices|
FutureFeed applies development best practices for our development language(s) and framework(s) to mitigate known vulnerability types such as those on the OWASP Top 10 Web Application Security Risks.
© 2022 FutureFeed.co. All rights reserved.
Disclaimer: The appearance of U.S. Department of Defense (DoD) visual information does not imply or constitute DoD endorsement.