"Nothing is more important to our company than the security and privacy of our customers' data."
— Moodi Mahmoudi, Co-founder, NEXT
NEXT ensures full security at the infrastructure level on various layers as detailed below:
Data Center Security
NEXT offsite SAS70 Type II data center provides 24/7/365 video surveillance, biometric and pin based locks, strict personnel access controls and detailed visitor entry logs.
All connections toNEXT are secured via SSL/TLS with Perfect Forward Secrecy enforced for all supported browsers. Any attempt to connect over HTTP is redirected to HTTPS.
All emails sent byNEXT are DKIM signed.
Application Development Security
NEXT utilizes secure development best practices that integrate security reviews throughout design, prototype and deployment.
Customer Data Protection
All data is classified as confidential and treated as such. Sensitive production data is never migrated or used outside of the production network. Data uploaded by users is encrypted at rest, and only decrypted when it is requested.
Customer data is backed up hourly, and stored across multiple data centers.
NEXT requires every request to its Application Programming Interface (API) to be authenticated via unique user names and passwords that must be entered when a user logs. Passwords are stored salted and hashed.
Users are required to set a secure password.NEXT supports different patterns to create secure passwords like long passwords or shorter password with lots of different types of characters.
Robust enterprise-grade user administration ensure deep control on all data visibility and accessibility by users. By defining customized roles and authorizations, you're able to easily limit visibility and/or access of users to certain data parameters of the system.NEXT comes out-of-the-box with a set of best practice configured roles for innovation project and program management capabilities.
Access point management
The application provides out-of-the-box a dedicated user storage, which can be used for authentication and authorization. Customers can create and configure the accounts for user logins via the NEXT API. Alternatively,NEXT can support for an external OAuth2- or SAML-based authentication service.
Customers can assign roles to users via theNEXT API, thereby allowing to manage the access permissions in an Enterprise Identity Governance system.
NEXT supports Multi-Factor Authentication (MFA). You can choose to use SMS text messages, or time-based one-time (TOTP) passwords as second factors in signing in your users.
NEXT registers and monitors each users login to provide for full traceability and audit of the systems' usage at the user level.NEXT provides comprehensive reporting and audit trails for nearly every action or activity that occurs withinNEXT.NEXT tracks account actions, posts, and more in tremendous granularity. Some of the capabilities are:
- Track user name and date/time for various action types
- Generate detailed reports and sort by date range or user
- Predefined reports give insight into potential security concerns
Our system architecture is designed to virtually partition its data and configuration, and each client organization works with a customized virtual application instance. This ensure thorough ringfencing of your data and optimal privacy and security at the infrastructure level.