Built on a foundation of Security
At FUTRLI we know the safety and privacy of your data is top priority. Security is fundamental to our business, and we go considerable lengths to ensure we keep your data is kept safe.
We don’t have one person responsible for security, our culture means that everyone who works on our app plays a part. While technical leads are driving us forward – our production teams ensure every design adheres to our strict Information Security Policy.
Our team are always watching. No matter what time or where, our team are automatically alerted before anything can go wrong.
- We use multiple monitoring services to check the health and uptime of our application
- We store historical logs for application performance and error details.
- We regularly audit access to all key services.
- We monitor users typical login behaviour, using ThisData to identify when a users account is compromised e.g. Logins from unknown locations, abnormal locations etc
- We use Logz.IO to give us cognitive insights using our logging data so we’re alerted to potential security threats and intrusions.
We’re proud to maintain an excellent uptime record, and you can view our current status below:
Best Practice Response
We’ve a tried and tested resolution practise that’s always ready to be initiated, just in case. We’re typically able to react to issues in real-time due to our continuous service monitoring, and our service desk typically responds to queries within 1 hour.
Immediate Incident Response
- All our technical staff are trained to deal with security and application events, and our process is built into our culture.
- In case of any event being detected, our technical teams are automatically notified and we assemble a dedicated investigation and resolution team.
- We treat the smallest of events as the biggest mistake. Our team review every step in the lead-up to an event, and provide long-term resolutions that become part of our roadmap.
- Investigation findings and resolutions are presented to our entire team to ensure the prevention knowledge is shared, and similar events are negated in future.
Automated Build Process
- Our automated build processes includes several layers of automated tests too.
- The test suite is constantly growing, evolving, and test cover the application security too.
- This allows us to safely and reliably roll out changes to our infrastructure and application within minutes.
We treat our infrastructure with the same care as our product. We use the same review and test process when altering how our application is delivered as we do when we deploy new features. This ensures no-one person can make a change without it passing our vetting and testing process.
Built in the Cloud
- We don’t run our own physical servers, which means we can focus on writing an innovative application.
- Our services run across multiple geographical routers, load balancers, DNS servers and Storage solutions ensuring rapid response times.
- Our operations run on hosted Amazon Web Services (AWS) facilities primarily in Ireland.
- The application is deployed across multiple geographical zones, and cached regionally to ensure minimal load times.
Safe and Secure
- Our entire network runs within our private cloud (VPC) and we control access (ACL’s) and restrict to a single point of entry to stop unauthorised requests getting data out of our network.
- Data access services and data stores are all firewalled in our VPC, and all communication is within our VPC – so there’s no public access points to your data.
All our customer data is securely stored and backed up within AWS facilities based in Ireland, or for our Australian and New Zealand customer data is stored and backed up in our AWS facilities based in Sydney, Australia.
- All customer data is stored within one of several multi-tenant datastores.
- Strict data access layers ensure that customers cannot access others data.
- Our automated test suite and integration tests implement multiple positive and negative permission checks.
- Everytime a line of code gets updated, our test suite checks everything is working as expected.
- It only takes one test failure to stop any new code getting through the pipeline.
- We use the latest SSL in-transit encryption for all data sent between server and client browser within our application.
- TLS 1.2 protocols, RSA 2048-bit SSL, ECDHE-RSA-P-256 key exchange and AES-128-GCM ciphers ensure your data cannot be siphoned & decrypted
Authentication & Access Control
FUTRLI is 100% served over a https connection, and our application implements zero-trust policies for all network requests.
- We use two-factor authentication on all our services, including GitHub, Google Work, AWS and all other services we use or rely on. We use minimum 32 character complex password variations and never reuse the same password across multiple services.
- There’s no access advantage being on our internal network, our entire team must authenticate themselves when interacting with our services.
- While we operate with an experienced team, not everyone gets access by default. We provide access on a needs basis, requiring experienced service knowledge.
- Our permissions give you fine grained control over all your employees who have FUTRLI access.
- Organisational permissions allow you to keep clients data separated.
- Account Category permissions allow to restrict individuals access by category, per organisation
- Roles allow you to restrict who can add and invite other users.
We’re always here when you need us to be, and we’ve got plans in place to ensure we can be back up and running incase the worst happens.
- All our data is securely backed up in protected facilities, to ensure its available as a fall back.
- We take regular snapshots, allowing us to bring databases back online with minimal fuss.