Security at NEXT
We take security seriously here at NEXT, and we are proud to exceed the industry standard when it comes to protecting your organization.
Service Organization controls
Federal Risk and Authorization Management Program
SOC 2 (Type II)
Trust Service Principles
Protection of Personally Identifiable Information (PII)
Information Security Management Systems (ISMS)
Security Controls for the Provision and Use of Cloud Services
Quality Management Systems
Cloud Security Alliance Controls
Compliance certifications and regulations of data centers
NEXT Enterprise Key Management (EKM)
Complete control and visibility of access to your data in NEXT using your own encryption keys.
Data Center Security
NEXT leverages AWS for its data centers. NEXT offsite SAS70 Type II data centre provides 24/7/365 video surveillance, biometric and pin-based locks, strict personnel access controls and detailed visitor entry logs.
All connections to NEXT are secured via SSL/TLS with Perfect Forward Secrecy enforced for all supported browsers (default TLSv1.2; TLSv1.0/1.1 will be supported until 2019-12-31). Any attempt to connect over HTTP is redirected to HTTPS.
All emails sent by NEXT are DKIM signed.
NEXT's high-security standards apply also to embed media content hosted by third-party providers. Only secure content (URLs starting with https) will be directly shown in the browser to the users. Users will have to explicitly give their permission in the browser to load insecure content (URLs starting with http). NEXT will automatically pick the secure connection for common content providers like Youtube, Vimeo, etc.
Application development security
NEXT utilizes secure development best practices that integrate security reviews throughout design, prototype and deployment.
Customer data protection
All data is classified as confidential and treated as such. Data uploaded by users is encrypted at rest and in transit, using strong algorithms (AES-256, SHA-512).
Customer data is backed up hourly, and stored across multiple data centers.
NEXT employs always-on DDoS detection and automatic mitigation against infrastructure (Layer 3 and 4) attacks to minimize application downtime.
NEXT requires every request to its Application Programming Interface (API) to be authenticated via unique user names and passwords that must be entered when a user logs in. Passwords are stored salted and hashed. Users are required to set a secure password and can enable Multi-Factor authentication (MFA).
NEXT supports different patterns to create secure passwords like long passwords or shorter password with lots of different types of characters.
Robust enterprise-grade user administration ensures deep control on all data visibility and accessibility by users. By defining customized roles and authorizations, you're able to easily limit visibility and/or access of users to certain data parameters of the system. NEXT comes out-of-the-box with a set of best practice configured roles for innovation project and program management capabilities.
Access point management
The application provides out-of-the-box a dedicated user storage, which can be used for authentication and authorization. Customers can create and configure the accounts for user logins via the NEXT API. Alternatively, NEXT can support for an external OAuth2- or SAML-based authentication service.
Customers can assign roles to users via the NEXT API, thereby allowing to manage the access permissions in an Enterprise Identity Governance system.
NEXT supports Multi-Factor Authentication (MFA). You can choose to use SMS text messages or time-based one-time (TOTP) passwords as second factors in signing in your users.
NEXT registers and monitors each user's login to provide for full traceability and audit of the systems' usage at the user level. NEXT provides comprehensive reporting and audit trails for nearly every action or activity that occurs within next. NEXT tracks account actions, posts, and more in tremendous granularity. Some of the capabilities are:
We continuously monitor for malicious activity and unauthorized behavior within our infrastructure. We use machine learning, anomaly detection, and integrated threat intelligence to identify and prioritize potential threats.
Our system architecture is designed to virtually partition its data and configuration, and each client organization works with a customized virtual application instance. This ensures thorough ringfencing of your data and optimal privacy and security at the infrastructure level.
All uploaded files are scanned for viruses before they are available for download from the application. This ensures that no viruses are distributed via our platform
Security features and practices
Data residency for NEXT lets organizations choose the region where they want to store their encrypted data at rest.
EU General Data Protection Regulation (GDPR)
NEXT is committed to helping our users understand the rights and obligations under the General Data Protection Regulation (GDPR), which took effect on May 25, 2018.