Security at NEXT

We take security seriously here at NEXT, and we are proud to exceed the industry standard when it comes to protecting your organization.


Service Organization controls


Federal Risk and Authorization Management Program

SOC 2 (Type II)

Trust Service Principles

ISO/IEC 27018

Protection of Personally Identifiable Information (PII)

ISO/IEC 27001

Information Security Management Systems (ISMS)

ISO/IEC 27017

Security Controls for the Provision and Use of Cloud Services

ISO 9001

Quality Management Systems


Cloud Security Alliance Controls

Compliance certifications and regulations of data centers

NEXT Enterprise Key Management (EKM)

Complete control and visibility of access to your data in NEXT using your own encryption keys.

Learn more about EKM

Data Privacy Policy

NEXT has received TRUSTe’s Privacy Seal signifying that this Privacy Policy and our practices have been reviewed for compliance with the TRUSTe program viewable on the validation page available by clicking the TRUSTe seal.


Data Center Security

NEXT leverages AWS for its data centers. NEXT offsite SAS70 Type II data centre provides 24/7/365 video surveillance, biometric and pin-based locks, strict personnel access controls and detailed visitor entry logs.


Secure Connections

All connections to NEXT are secured via SSL/TLS with Perfect Forward Secrecy enforced for all supported browsers (default TLSv1.2; TLSv1.0/1.1 will be supported until 2019-12-31). Any attempt to connect over HTTP is redirected to HTTPS.

All emails sent by NEXT are DKIM signed.

NEXT's high-security standards apply also to embed media content hosted by third-party providers. Only secure content (URLs starting with https) will be directly shown in the browser to the users. Users will have to explicitly give their permission in the browser to load insecure content (URLs starting with http). NEXT will automatically pick the secure connection for common content providers like Youtube, Vimeo, etc.


Application development security

NEXT utilizes secure development best practices that integrate security reviews throughout design, prototype and deployment.


Customer data protection

All data is classified as confidential and treated as such. Data uploaded by users is encrypted at rest and in transit, using strong algorithms (AES-256, SHA-512).


Business continuity

Customer data is backed up hourly, and stored across multiple data centers.


DDoS protection

NEXT employs always-on DDoS detection and automatic mitigation against infrastructure (Layer 3 and 4) attacks to minimize application downtime.


Robust authentication

NEXT requires every request to its Application Programming Interface (API) to be authenticated via unique user names and passwords that must be entered when a user logs in. Passwords are stored salted and hashed. Users are required to set a secure password and can enable Multi-Factor authentication (MFA).

NEXT supports different patterns to create secure passwords like long passwords or shorter password with lots of different types of characters.


User administration

Robust enterprise-grade user administration ensures deep control on all data visibility and accessibility by users. By defining customized roles and authorizations, you're able to easily limit visibility and/or access of users to certain data parameters of the system. NEXT comes out-of-the-box with a set of best practice configured roles for innovation project and program management capabilities.


Access point management

The application provides out-of-the-box a dedicated user storage, which can be used for authentication and authorization. Customers can create and configure the accounts for user logins via the NEXT API. Alternatively, NEXT can support for an external OAuth2- or SAML-based authentication service.

Customers can assign roles to users via the NEXT API, thereby allowing to manage the access permissions in an Enterprise Identity Governance system.

NEXT supports Multi-Factor Authentication (MFA). You can choose to use SMS text messages or time-based one-time (TOTP) passwords as second factors in signing in your users.


Safe desktops

NEXT delivers only pure HTML and JavaScript so your desktops don’t require any changes or special permissions. This ensures the utmost security of the desktop environment.



NEXT registers and monitors each user's login to provide for full traceability and audit of the systems' usage at the user level. NEXT provides comprehensive reporting and audit trails for nearly every action or activity that occurs within next. NEXT tracks account actions, posts, and more in tremendous granularity. Some of the capabilities are:

  1. Track user name and date/time for various action types
  2. Generate detailed reports and sort by date range or user
  3. Predefined reports give insight into potential security concerns


Threat detection

We continuously monitor for malicious activity and unauthorized behavior within our infrastructure. We use machine learning, anomaly detection, and integrated threat intelligence to identify and prioritize potential threats.


Data ringfencing

Our system architecture is designed to virtually partition its data and configuration, and each client organization works with a customized virtual application instance. This ensures thorough ringfencing of your data and optimal privacy and security at the infrastructure level.


Virus protection

All uploaded files are scanned for viruses before they are available for download from the application. This ensures that no viruses are distributed via our platform

Security features and practices

Data residency

Data residency for NEXT lets organizations choose the region where they want to store their encrypted data at rest.

EU General Data Protection Regulation (GDPR)

NEXT is committed to helping our users understand the rights and obligations under the General Data Protection Regulation (GDPR), which took effect on May 25, 2018.

Security questions or issues?

If you think you may have found a security vulnerability within NEXT, please get in touch with our security team.

Read more about Privacy Policy and Terms of Use.