FrontifyThe Frontify Logo

Frontify Security Controls

Infrastructure & Data Center

Frontify is hosted with one of the biggest data center providers, Amazon Web Services (AWS). Access to these data centers is strictly controlled and monitored by 24/7 on-site security staff, biometric scanning, and video surveillance. AWS maintains multiple certifications for its data centers, including ISO 27001, PCI DSS, Cloud Security Alliance Controls, and SOC reports. For more information about their certification and compliance, please visit the AWS Security website and the AWS Compliance website.
Frontify runs in a VPC protected environment which has a logically separated database and dedicated file storage for each individual enterprise client. All services that make up the Frontify system are highly-available. We use a combination of clustering, load-balancing, and replication in order to ensure that there are no single points of failure in the system. Each of our regions makes use of two or more availability zones, with redundancy across them.

Frontify uses a WAF, Firewall, and Malware protected environment which meets the highest security standards.

Patching Policy

All of Frontify’s production servers run with the latest security patches from their operating system vendors. Security Patches are applied at regular intervals. Critical patches are applied as soon as they are available.

Penetration Tests & Vulnerability Scanning

In addition to the weekly vulnerability scan, Frontify has hired an external company that performs a pentest every six months. Should a medium or high-risk vulnerability be found, it will be resolved as quickly as possible. Low risks are treated and discussed individually.

Encryption

Encryption In Transit

Every page is only available via HTTPS and HSTS headers are set for every subdomain.

Frontify supports full encryption in transit. No non-encrypted data leaves our datacenter. All our monitoring and backend systems either send local traffic over the VPC, or they use transport-level encryption when communicating with the rest of the internet.

Encryption At Rest

Frontify encrypts all customer data at rest on default.

Monitoring

Our platform uses a centralized logging system which facilitates 24/7 monitoring, reporting, and traceability.

User Access

For access purposes, we use dedicated roles and access for database administrators, general administrators, and support staff. In addition, we follow the principle of least privilege. All our employees are forced to use 2-factor-authentication whenever possible and our password policy for all internal and external tools.

Backup

As a SaaS provider, we run a nightly backup of files, databases, configuration, and servers. A disaster recovery plan is in place and tested yearly.

Incidents Handling & Reporting

Frontify has an application incident management and reporting process in place which enables unified security monitoring and protection for our cloud environment.

Development

Frontify maintains separate testing, development, and production environments to ensure that the highest code quality is met. This includes code reviews and peer programming conducted by experienced developers with a strong focus on security and stability. In addition, we run automated tests and code builds are in place. By using a hosted code platform, we are able to reach a high level of traceability and automatically monitor our third-party dependencies for security vulnerabilities.

Data Sovereignty

Frontify enterprise customers have the option of having the data hosted in one of the following regions: North Virginia (US), or Frankfurt (Germany). Further regions may be available if requested; ask your sales representative if you have a need to be hosted in a specific region for data sovereignty or legal purposes. Frontify uses a worldwide CDN for caching purposes, which means application speed is the same everywhere in the world.