Huddle: Secure by Design Security Whitepaper... · a foundation of best practice from which...
Transcript of Huddle: Secure by Design Security Whitepaper... · a foundation of best practice from which...
THIS DOCUMENT AND THE INFORMATION IN IT ARE PROVIDED IN CONFIDENCE, AND MAY NOT BE DISCLOSED TO ANY THIRD PART Y OR USED FOR ANY OTHER PURPOSE WITHOUT THE E XPRESS WRIT TEN PERMISSION OF HUDDLE. © Huddle Nov 20172
Huddle: Information Security Overview
Contents1 Introduction 3
2 Security principles 4
3 Huddle in government 6
4 Huddle’s hosting partners 7
5 Certifications, standards & accreditations 8
6 Technical engineering 10
7 Application security 12
3
Huddle: Information Security Overview
1. Introduction
To be a trusted cloud provider, Huddle understands today’s
organizations require an exceptionally high standard of security
management without compromising ease of use or functionality.
Enterprises and governments require their content to be stored
securely and be made available to their employees and partners
across multiple devices and geographies in the knowledge that
what they’ve entrusted to Huddle remains available, secure and
intact. That’s why maintaining the highest level of confidentiality,
integrity and availability of our customers’ content is one of the
guiding principles of Information Security at Huddle.
Huddle’s services are audited by accredited third party
organizations to ensure we meet industry standards.
Additionally, our approach to ISO 27001 certification is
designed to be as holistic as possible, allowing us to introduce
a foundation of best practice from which Huddle’s certification
and compliance strategy can be built. ITIL v3 and COBIT5 best
practices coupled with ISO 27002:2013 requirements have
created a base which is sufficiently flexible to allow the adoption
of other certifications, best practices and regulatory and
compliance standards e.g. Huddle’s accredited compliance to
FedRAMP (a standardized approach to Information Security in
U.S. Government).
Huddle invests significantly in Information Security strategies
and has a security team focused on information security,
compliance and risk management to advise the company board,
management, employees and clients.
Information Security is driven by the board through the
management hierarchy, and within Huddle through a security
program that ensures knowledge and best practice is spread
across all departments of the business. Effective information
security is about continual improvement to already established
and accepted practices from across the information security
ecosystem. Benchmarking against ITIL, COBIT and other
frameworks provides the ability to properly maintain and
improve processes, policies and audit functions to ensure
Huddle’s Information Security is at the forefront of best practice.
All of Huddle’s products are protected by various
proprietary, open source, and internally authored solutions.
Countermeasures are in place to protect customers against ever-
changing threats and risks, including (but not limited to): Man in
the Middle, malware, session hijacking, Cross-Site Scripting (XSS),
Cross-Site Request Forgery (XSRF), SQL Injection and Denial of
Service (DoS).
Since 2006, Huddle has provided cloud collaboration solutions to global enterprises, governments and public sector organizations.
THIS DOCUMENT AND THE INFORMATION IN IT ARE PROVIDED IN CONFIDENCE, AND MAY NOT BE DISCLOSED TO ANY THIRD PART Y OR USED FOR ANY OTHER PURPOSE WITHOUT THE E XPRESS WRIT TEN PERMISSION OF HUDDLE. © Huddle Nov 20174
Huddle: Information Security Overview
CLOUD SECURITY PRINCIPLE WHAT HUDDLE DOES
DATA IN TRANSIT PROTECTION Huddle protects all data in transit with the TLS 1.2 protocol which utilizes strong ciphers capable of up to 256 bits.
ASSET PROTECTION AND RESILIENCE Huddle has partnered with some of the industry’s leading infrastructure providers who have adopted AT101, SSAE16, and industry practices for the physical protection of information processing assets. Customer’s file content can be protected by 256-bit AES data at rest encryption. ISO 27001:2013 certi-fied policies and processes ensure that all endeavors to protect information assets have been verified and audited by an external independent third party.
SEPERATION BETWEEN USERS Huddle’s services are multi-tenanted and follow stringent industry practices and business logic. This ensures that no unintended information disclosure is permitted between Huddle users. The confi-dentiality, privacy and ownership of information is maintained at all times. Access must be explicitly granted by the customer.
GOVERNANCE FRAMEWORK Huddle’s global Information Security Management System (ISMS), which incorporates the protec-tion of information security assets, is third party verified by Bsi for adherence to the ISO 27001:2103 standard. Huddle’s U.S. instance is FedRAMP approved and audited by Coalfire Controls LLC.
OPERATIONAL SECURITY Huddle’s global services are monitored and managed via continuous improvement methodologies that allow for the review of current security policies and procedures. Huddle reviews its Information Security through the Plan, Do, Check, Act cycle.
PERSONNEL SECURITY All Huddle employees are screened prior to employment with the following checks:• Six year address history • Right to work in UK or U.S• Three years employment history • Education Verification • Criminal (federal, state, county), unspent convictions, DMV (motor vehicles) and SSN matching
Huddle employees with authorized access to production and test environments are screened prior to access being granted. These employees undertake Disclosure Scotland, which is an equivalence to BS 7858 where a more in depth check is undertaken for providing criminal records disclosure.
SECURE DEVELOPMENT Huddle’s services are developed with stringent OWASP derived industry standard practices. Huddle’s product has Information Security built into the heart of the Software Development Lifecycle (SDLC) policy and process.
SUPPLY CHAIN SECURITY All of Huddle’s suppliers are subject to a rigorous due diligence processes to ensure that their security management controls polices and processes are acceptable to Huddle’s high acceptance criteria.
SECURE USER MANAGEMENT Huddle’s services allow for rich management functionality to enable company’s/department’s secu-rity requirements e.g. access control, audit of usage, creation and deletion of users. Huddle’s services provide rich security-centric functionality such as mobile application PIN, viewer-only, and native 2FA.
2. Security principles
5
Huddle: Information Security Overview
CLOUD SECURITY PRINCIPLE WHAT HUDDLE DOES
IDENTITY & AUTHENTICATION Customer’s web and devices are secured and authenticated by the industry standard OAuth 2.0. Single sign-on (SSO) via SAML, allows customers to have greater granularity and control over authen-tication and identity management.
HOSTING PROVIDERS / EXTERNAL INTERFACE PROTECTION
Huddle has partnered with industry leaders in IaaS hosting who are both seasoned and have well-established governance programs in place. They adhere to some of the most stringent security management methodologies and standards; ISO 27001, AT101, SSAE16. All controls, managed by both Huddle internally and infrastructure partners, include all public, physical or logical interfaces that include patch management, access control and audit of access and usage.
SECURE SERVICE ADMINISTRATION Huddle’s services are governed by infrastructure management policies and processes which includes the utilization of industry standard practices governing Change and Operational Management. The governance practiced by Huddle ensures the integrity, confidentiality, performance and uptime (availability) of client content.
AUDIT INFORMATION FOR USERS Huddle provides end-user and administrative reports that detail usage and access to all content stored in its services.
SECURE USE OF THE SERVICE Consumers are provided with the knowledge of how to best implement and manage the product to ensure content remains accessible and available on a need to know basis which is achieved through the utilization of:• Customer Success Managers• Extensive online help archive• Instructional usage videos• Ticket based support portal
THIS DOCUMENT AND THE INFORMATION IN IT ARE PROVIDED IN CONFIDENCE, AND MAY NOT BE DISCLOSED TO ANY THIRD PART Y OR USED FOR ANY OTHER PURPOSE WITHOUT THE E XPRESS WRIT TEN PERMISSION OF HUDDLE. © Huddle Nov 20176
Huddle: Information Security Overview
3. Huddle in government
UK (G-Cloud)Huddle is widely used in UK Government and its wider
ecosystem. Huddle is available via the G-Cloud CloudStore and
offers a variety of services tailored to market requirements.
Huddle was one of the first Cloud Service Providers to be
awarded Pan Government Accreditation (PGA) by CESG (GCHQ)
under the old Impact Level classification and is certified with
Cyber Essentials Plus .
Huddle adheres to the 14 National Cyber Security Centre (NCSC)
Cloud Security Principles1, which detail how cloud providers
manage the services provided to G-Cloud. Several UK Public
Sector Senior Information Risk Owners (SIRO) have assessed and
entrusted the use of Huddle for Official (OFFICIAL-SENSITIVE)
content2.
1 https://www.ncsc.gov.uk/guidance/implementing-cloud-security-principles2 https://www.gov.uk/government/publications/defence-cyber-protection-partnership-cyber-risk-profiles/over-view-dcpp-and-cyber-security-controls
U.S. (FedRAMP)Huddle was one of the first SaaS providers to achieve
FedRAMP Authority To Operate (ATO) and was the first cloud
based collaboration company to achieve this status. With
a commitment to meet stringent U.S. Government security
requirements, Huddle has a separate instance of Huddle with
data centers located in the U.S. to meet the needs of U.S.
government departments.
7
Huddle: Information Security Overview
4. Huddle’s hosting partners and governanceAmazon Web Services (AWS) As one of the leading providers of computer services globally,
AWS’s services provide a fabric for Huddle to build massively
scalable and agile services to the benefit of Huddle customers.
Rackspace As a global leader in the provision of secure managed
infrastructure services, Rackspace has delivered enterprise-level
hosting services to businesses of all sizes around the world.
Data center access control All Huddle data centers are compliant and certified to the highest
standards and, therefore, the physical and logical access control
is an exceptionally important component of this. Ensuring that
the right people have the right clearance removes significant
risk from interruption of service, corruption of your content and
accidental or intended disclosure of your content/documents.
Huddle has exceptionally stringent Access Control policies based
on industry best practice.
Domicile Huddle has two territories where information can be domiciled;
the UK and the U.S.
There is a separate instance of Huddle in each geo-location.
Each territory has different local legal requirements and
interconnectivity agreements in place to ensure that your
content benefits from the country in which it’s hosted. Huddle’s
main data centres for each Huddle instance operate a primary
and disaster recovery site within the same country but not in
the same geographical area. This ensures continuity of services
through real-time replication.
THIS DOCUMENT AND THE INFORMATION IN IT ARE PROVIDED IN CONFIDENCE, AND MAY NOT BE DISCLOSED TO ANY THIRD PART Y OR USED FOR ANY OTHER PURPOSE WITHOUT THE E XPRESS WRIT TEN PERMISSION OF HUDDLE. © Huddle Nov 20178
Huddle: Information Security Overview
5. Certifications, standards and accreditationsISO 27001/ISO 27002: 2013: ISO 27001 is a specification for an
Information Security Management System (ISMS). An ISMS is
a framework of policies and procedures that includes all legal,
physical and technical controls involved in managing sensitive
and secure information through risk management based
policies and processes. The specification includes details for
documentation, management responsibility, internal audits,
continual improvement, and corrective and preventive action.
The standard requires cooperation among all sections of an
organization. Huddle is third party, independently audited
and certified by Bsi (British Standards Institution). Bsi is one
of the most trusted and recognized organizations in audit and
certification in the world.
Cyber Essentials Plus (Level 2): Created in 2014 as a primary
objective of the UK Government’s National Cyber Security
Strategy, Cyber Essentials Plus is a third party independently
audited annual certification completed by accredited
organizations managed by CREST1. The audit focuses on five
main control areas; secure configuration, boundary firewalls and
internet gateways, access controls and administrative privilege
management, patch management, and malware protection.
SureCloud completed Huddle’s assessment; the scope of which
includes Huddle’s company systems, policies, processes and any
third party services that store confidential content.
1 Huddle is listed on CREST’s certified company page: http://www.cyberessentials.org/list/
FedRAMP: FedRAMP is a U.S. government-wide program that
provides a standardized approach to security assessment,
authorization, and continuous monitoring for cloud products
and services.
Predicated on Huddle’s ISO 27001 certificate, Huddle has
demonstrated its commitment to the (NIST 800-53) System
Security Plan (SSP) and its 17 control families and 325 individual
controls. Huddle’s SSP is independently assessed by Coalfire
Controls LLC an approved FedRAMP 3PAO (Third Party
Assessment Organizations).
Huddle hosting provider accreditations: Huddle has chosen
its hosting providers with security in mind and all providers
adhere to unique certifications specific to data centers. Their
certifications are a combination of the following, depending on
the hosting provider:
• PCI DSS Level 1
• SOC 1/ISAE 3402
• SOC 2
• SOC 3
• ISO 27001
• G-Cloud
• FedRAMP (Moderate)
• Compliant with Information Technology Infrastructure
Library (ITIL) IT Service Management standards.
9
Huddle: Information Security Overview
Privacy: Huddle is a UK company (Ninian Solutions Ltd t/a
Huddle) and is legally required to be compliant with the UK Data
Protection Act 1998 (DPA). The objective of the Act was to adopt
the principles of the European Union Data Protection Directive,
which was created to ensure every European citizen’s right to
privacy. Huddle ensures that EU citizens’ personal information
(PII) is never shared with other entities or companies without
the prior permission of the individual. Huddle’s usage is outlined
in its Privacy Policy at www.huddle.com/privacy. Huddle has
been registered as a Data Controller with the Information
Commissioners Office since 2007 (Data Protection Register
Number: Z9592961)2.
In October 2015, the European Court of Justice (ECJ) ruled that
the Safe Harbor agreement was invalid. Huddle has always gone
beyond the original framework agreement and implemented
controls to ensure the privacy of customer’s content and data
regardless of the geographic location or service. Huddle has
included EU Model Clauses within data service providers’
contracts. The EU and U.S. governments are working towards
an agreement on Safe Harbor 2. Huddle will remain close
to announcements to ensure we meet new legislative or
directives regarding the management of Personally Identifiable
Information.
2 Huddle’s ICO (Information Commissioners Office) Data Protection Register document is available at: https://ico.org.uk/ESDWebPages/DoSearch
THIS DOCUMENT AND THE INFORMATION IN IT ARE PROVIDED IN CONFIDENCE, AND MAY NOT BE DISCLOSED TO ANY THIRD PART Y OR USED FOR ANY OTHER PURPOSE WITHOUT THE E XPRESS WRIT TEN PERMISSION OF HUDDLE. © Huddle Nov 201710
Huddle: Information Security Overview
6. Technical engineering
Secure development lifecycle All roles within Huddle are clearly defined. Access to resources
and environments is granted on requirements of a role only.
Segregation of environments is managed both by policy and
by technologies such as ACLs and firewalls. Restrictions and
safeguards are in place to ensure only those personnel and
systems that need access receive the appropriate level of
access to complete the task utilizing the principle of ‘Least
Privilege’ as per industry best practice. Policies and processes
ensure employees are capable of being effective and efficient
without increasing the risk of ‘inside threat’, configuration
drift, data leakage or the stability of Huddle’s services and
business operations. Test and development environments are
separated, and stored production content is never removed from
segregated and ring-fenced secured production systems. The
controls in place to secure customers’ content and meta-content
(username, personal details, profile information, usage audit)
always protect this data. These controls include environment,
change management, access control and redundancy.
Testing & quality Huddle builds all software and services under an Agile
methodology based on SCRUM. The Software Development
Lifecycle (SDLC) includes OWASP Top Ten, which is a powerful
awareness document for web application security. The OWASP
Top Ten is industry recognized, and an industry led list that
represents the current most critical web application security
flaws known. This allows Huddle’s Quality Assurance team to
conduct extensive functionality testing prior to release.
Automated testing, incorporating unit, integration and end-to-
end tests, plus continuous integration and constantly releasing
new code for development and test environments, assists
in reducing the risk of the introduction of bugs to Huddle’s
services. These tests include (but are not limited to) malicious
user input, static and dynamic code scanning, confirming all
resources require authorization, XSS & XSRF/CSRF testing,
session management, secure/insecure direct object references
and functional access control.
Independent security consultancy & penetration testing SureCloud1 is Huddle’s partner for security consultancy
and frequent penetration testing. Their credentials range
from CREST membership; CESG CHECK approved and PCI
Approved Scanning Vendor (PCI ASV). SureCloud provides
independent testing and review of all Huddle infrastructure
and services. This ensures that we have an ‘alternative’ view of
how effectively implemented security policies and processes
are. SureCloud completes, at a minimum, an annual full global
holistic penetration test on all Huddle assets. This allows us
to gain insight into Huddle’s threat footprint. The scope of
this engagement includes all infrastructure hosting partners,
Huddle’s international offices and associated WAN and desktop
and mobile desktop software supplied by Huddle.
Vulnerability & patch management All business operations and Huddle service infrastructure are
scanned for vulnerabilities, security patch levels and potential
configuration issues via specialized proprietary solutions. This
incorporates daily changes to the database of new threats and
vulnerabilities and allows Huddle to mitigate quickly and reduce
the risk of exploitation by known methods.
1 http://www.surecloud.com/
11
Huddle: Information Security Overview
Huddle’s strategy and policy governing the management and
control of vulnerabilities adheres to industry standards and is
certified to ISO 27001.
MonitoringHuddle has exceptionally detailed auditing in both the Huddle
Service’s application and the underlying infrastructure
(hardware, Operating Systems, network devices). Escalation of
these threats is managed by Huddle’s 24/7 Technical Operations
team. Huddle’s Incident Response policy and process are
certified to ISO 27001 and FedRAMP standards which ensures a
fluid, efficient but forensic detail level investigation including a
triage of the priorities and threats and a process for remediation.
We utilize SaaS providers Pingdom and New Relic to ensure
integrity and uptime of the services independent of the services
internal monitoring.
Configuration managementInitial and continual hardening of all business operations and
Huddle’s service infrastructure is performed to ensure that
Huddle has a risk and threat adverse baseline configuration that
meets and exceeds the Center for Internet Security (CIS) and
other industry standards.
Service integrity & resilienceHuddle’s services are architected for multiple levels and points
of redundancy. The services can allow for multiple failures of
core components while still being able to provide a service to
customers. In the unlikely event that a data center were to fail,
Huddle’s Services have multi-geo located data centers to ensure
the continuity of service. Huddle’s Services SLA (Service Level
Agreement) guarantees 99.9% uptime for all functionality. In
the last quarter of 2015 Huddle’s service uptime was calculated
as 99.98%. That is just 17 minutes of downtime over a three
month period for a 24/7 service. All of Huddle’s services are
independently monitored by partners Pingdom2 and New Relic3.
Huddle can provide reports generated from their services on
request. We are exceptionally proud of Huddle’s services uptime
achievement.
2 https://www.pingdom.com/3 http://newrelic.com/
Transport securityHuddle has removed SSLv3 due to recent criticisms, and rejection
by the PCI Security Standards Council. Huddle meets industry
best practice through the use of strong transport protocols
exclusively on all Huddle services.
All public internet accessible certificates are signed by Huddle’s
certificate partner ‘Go Daddy’ (18 years’ experience in the
industry) and signed with RSA 2048 bit keys. The signature
algorithm used is SHA 256 (with RSA) and Huddle utilizes
both Online Certificate Status Protocol (OCSP) and Certificate
Revocation List (CRL) to ensure the certificates utilized by
customers are meeting accepted industry standards. Secondly,
a chain of trust for the encryption of the transport of content
from Huddle’s services to all customers is maintained. The
entire certificate chain from Go Daddy’s Certificate Authority
and intermediate certificate to Huddle’s issued certificate is
maintained and monitored to the same standards.
Encryption within the environmentData at Rest Encryption is available for customers should they
require additional security on their content stored within our
services. Content storage is protected by 256-Bit AES (the
accepted industry standard for content encryption).
Huddle’s services never store passwords in a clear text. hash
of the password is ‘salted’ when setting or resetting to ensure
additional protection. Devices and integrations utilize authorized
OAuth 2.0 tokens in order to gain access to content.
Key management strictly adheres to established and mature
internal policies, which are certified to ISO 27001 standard.
Data loss preventionHuddle’s services are open standards-based and built on
industry-standard protocols and connectivity. APIs (Application
Program Interface) allow deep integration with already
established internal, external and cloud-based DLP solutions.
The rich functionality that the APIs provide ensures that Huddle’s
Services are capable of meeting current and future requirements
to protect the distribution and access to your content within
Huddle’s services.
THIS DOCUMENT AND THE INFORMATION IN IT ARE PROVIDED IN CONFIDENCE, AND MAY NOT BE DISCLOSED TO ANY THIRD PART Y OR USED FOR ANY OTHER PURPOSE WITHOUT THE E XPRESS WRIT TEN PERMISSION OF HUDDLE. © Huddle Nov 201712
Huddle: Information Security Overview
7. Platform security
Administration access All of Huddle’s services share the same rich functional, tiered
access and control methodology. This ensures, regardless of
the endpoint (web, mobile, integration), consistent principles
of access and user interaction with a set standard and easy to
understand management workflow. Huddle’s administrative
access is purposefully built to provide an exceptionally quick
ability to grant or remove users access, lower or increase
privileges, customize access and sharing policies to adhere
to your corporate policies. The administrative access further
provides an audit of changes made to the account.
Authentication & accessHuddle’s Services have an industry accepted native password
policy:
• At least six characters long
• Mix of upper and lowercase
• Includes at least one number
• Includes at least one special character e.g.!@#?%
If a user does try to login unsuccessfully ten consecutive times,
a CAPTCHA will request some additional information. The
CAPTCHA is to mitigate against automated brute force attacks on
accounts.
If a user does not perform an action within a (configurable) set
period of time, Huddle will automatically log out that user from
the service to ensure confidentialility of the content.
Customers of Huddle’s services with a requirement for more
restrictive authentication and access policies can utilize Huddle’s
SAML functionality.
This allows for Single Sign-on (SSO) abilities across all of
Huddle’s services as well as the adoption of already established
client password complexity policies, including multi-factor
authentication solutions. Huddle has partnered with some of the
leading Authentication as a Service (AaaS) providers to ensure
secure and functional integration.
To limit the risk of data leakage, Huddle can limit collaboration
on file and content within the service to specific email domains.
With this functionality, company managers can restrict access to
individual email addresses or entire domains e.g. all users with a
@huddle.com, or just [email protected]
Organizations can finely tune access control within Huddle to
harmonize with already established internal policies.
Granting and managing user access to your contentInitial and continual hardening of all business operations and
Huddle’s services are based on a Workspace methodology.
Individual users are members of an Account. Additionally, users
can be placed in Teams that allow for additional access and
permission controls. Workspaces are logical groupings of content
run by a Workspace Manager, who invites and deletes users and
permission rights.
13
Huddle: Information Security Overview
There are several ways to get users collaborating in Huddle.
These include:
• On-demand user creation through SAML functionality
provided by your Identity Provider (IdP) or Active Directory
Federations Services (ADFS).
• Email invitation to those you want to collaborate with. The
process includes a unique single-use link that is sent directly
to the user. If they are already in Huddle they will be granted
access instantly, it not they will have to complete a light and
short ‘account creation’ procedure.
• Huddle’s Customer Success team can create accounts and
associated workspaces as part of the on-boarding process
for new customers.
Content stored in Huddle can have Read-Only, Read & Write or
No Access permissions set for individual users or teams. Users
denied access cannot even see folders or content they do not
have access to ensuring the confidentiality of that data. This
permissions based methodology is very easy to understand and
can be adopted quickly across all Huddle services.
Mobile access and managementHuddle’s services have several iOS and Android based
applications to help end-users collaborate on their content
stored in Huddle. Access to Huddle’s services is granted via the
industry standard OAUTH 2.0 protocol. Deployment of mobile
endpoints and applications can be managed via Mobile Device
Management (MDM) and Enterprise Mobility Management (EMM)
providers such as AirWatch, MobileIron, MaaS360.
These services allow for the granular management of end-user
devices and applications to ensure that access to restricted
and management controls adhere to your companies already
established policies.
Audit & usageHuddle’s services have integrated audit functionality that
includes content access, update, creation/deletion and
permissions. Additional, and more granular, reporting can
be published on request via the Huddle Customer Success
Team. The level of reporting available ensures quick and easy
adherence to your already established audit policies.
THIS DOCUMENT AND THE INFORMATION IN IT ARE PROVIDED IN CONFIDENCE, AND MAY NOT BE DISCLOSED TO ANY THIRD PART Y OR USED FOR ANY OTHER PURPOSE WITHOUT THE E XPRESS WRIT TEN PERMISSION OF HUDDLE. © Huddle Nov 201714
Huddle: Information Security Overview
About HuddleHuddle is the cloud collaboration solution that makes it easy
for teams to stay productive and to work securely beyond the
firewall with colleagues, partners and clients.
Better ResultsFrom client engagements to internal collaboration across teams,
Huddle means you spend less time organizing documents,
managing feedback and searching through email, and more time
delivering exceptional results.
One PlaceCreate secure Huddle workspaces for your teams and clients
in minutes. Huddle pulls together files, tasks and team
communication into one place that’s accessible wherever you
are.
Always SynchronizedIn the office, travelling, or at a client’s site, our mobile and
desktop apps keep you connected to team and client activity and
synchronized to the latest documents and tasks.
• A single interface to manage the collaborative nature of today’s work.
• Sophisticated permissions. Lock workspaces across geographical teams or lines of business.
• Greater visibility for managers who need to oversee activity and track deliverables.
• Robust security assures the integrity of client data.
• All document and user activity is auditable and trackable.
• Check clients have viewed key documents and tasks.
• Infinite roll-back to past document versions.
• Built-in approval workflow.
• Securely upload and download files without email.
• Cloud-based, allows easy access for audit staff in the field.
• Ability to meet NDA requirements for control and removal of sensitive reference materials.
• Centralized calendar to schedule project activity and manage tasks.
• Fully integrated with Microsoft Office tools (Excel, Word, Outlook, and PowerPoint). Save and open Huddle documents within Microsoft tools, add and review document comments.
For more information, or to request a demo, please visit huddle.com
15
Huddle: Information Security OverviewHuddle: Information Security Overview
Locations
London2nd Floor, Aldgate Tower2 Leman StreetLondon, E1 8FA
Washington DC 7910 Woodmont Avenue #1250 Bethesda, MD 20814
San Francisco535 Mission St, 17th FloorSan Francisco, CA 94105
THIS DOCUMENT AND THE INFORMATION IN IT ARE PROVIDED IN CONFIDENCE, AND MAY NOT BE DISCLOSED TO ANY THIRD PART Y OR USED FOR ANY OTHER PURPOSE WITHOUT THE EXPRESS WRITTEN PERMISSION OF HUDDLE.
© Huddle 2017
Ninian Solutions Ltd (trading as Huddle) is registered in England & Wales at Aldgate Tower, 2 Leman Street, London, UK (company number 057 7 7111) and its U.S subsidiary Huddle Inc, a Delaware Corporation, at 535 Mission Street, San Francisco, CA, U.S.