State-of-the-art cryptography
Implement only publicly vetted cryptographic algorithms and protocols in order to protect sensitive information in transit, as well as at rest.
Security Principles and Philosophy
Defense-in-depth
Follow a layered approach in security in order to minimize the chances of a successful attack.
Need-to-know & minimize attack surface
Expose functionality and information only to the entities that need to access it.
Four-eyes principle
Always require at least two people to approve security-sensitive activities or information.
Pentesting
We build all our systems with all the necessary precautions and following the best industry standards, such as the OWASP security engineering guidelines. But there’s no better way to test a system than getting the real bad guys to break it. Futurae routinely mandates third parties to perform gray-box pen-testing on all our systems:
- Backend: all the authentication and admin APIs
- Admin Dashboard: the tool that our customers love and use to manage their cloud instances
- Mobile Apps: the security key for all our users
Not only do we work hard to fix anything that might be found, we are also incredibly open and share the reports with our customers.
And that’s not all, we enable our customers to mandate their own preferred pentesters to try and break our security.
Cloud Security
Too often the cloud is seen with a skeptical eye from companies. We’re here to convince you otherwise.
We partner with the best providers in the world to guarantee that customers' data remain available, and safe. Some of the great features and guarantees:
- European and Swiss provider, no data shared with overseas entities
- Redundant data-centers for zero-downtime deployments
- ISO 9001:2008, ISO/IEC 27001:2013, PCI DSS 3.2, SOC-1 type II, SOC-2 type II, Finma compliant
- 24x7 Active monitoring from world-wide vantage points
- 24x7 cascading alerting to the DevOps Team
Want to learn more about our security guarantees?
Get in touch with our security experts