Security
The security of your information is an obsession of ours. Fiabee takes every precaution at multiple levels to ensure your information remains confidential.
Server Location
Fiabee may be deployed using any of the following three hosting models:
Public Cloud from the US Amazon Web Services (AWS) infrastructure (EC2/S3), with data being replicated across different data centers. AWS is certified in ISO 27001, SAS70 Type II, PCI DSS Level 1 certifications. You can find detailed info here: http://aws.amazon.com/security.
Private Cloud: Fiabee can be licensed and deployed in separated instances in different international or in-country cloud providers: Amazon, HP Cloud, Windows Azure, Rackspace, etc.
On Premises: in the case that a large corporation, government, healthcare or financial institution requests a deployment in its own cloud or physical infrastructure for regulatory requirements.
Encryption
TLS 1.2 is used to encrypt files during transmission from/to the servers, including mobile devices, desktop and web apps.
The files are encrypted at rest in Amazon S3 with Server Side Encryption (AES-256).
The user password is encrypted using a hash.
Activity Reports
For security, control or auditing purposes all user and administrator activities are logged. Activity reports may be generated by administrators, including user, administrator and domain activities over specified timeframe. Reports may be viewed online or downloaded in .CSV file format.
Remote Wipe
Mobile devices such as smartphones, tablets, or laptops, are easily lost or stolen. In such events, Fiabee’s Remote Wipe functionality may be used to delete all user associated content stored on the mobile device. Remote Wipe may be activated by the user from his Fiabee Web Interface or by the administrator from the Fiabee Management Console.
Owner Control
When sharing a folder, the folder’s "owner" always retains control over the folder he shares. He can see who is accessing his files and revoke permissions at any time.
When sharing individual files, the owner can set an individual password and an expiration time for the generated sharing links.
Data Anonymization
Fiabee generated file and folder sharing links are "Data Anonymized".
When sharing a folder, a link is generated with the format https://fiabee.com/user/folder/share/accept/W, where "W" is a 60 character long random value. Similarly, the URL of a published file has the format: https://fiabee.com/shared-links/X, where "X" is a 24 character long random value. Neither format includes identifiable data such as usernames, file names or any other sensitive information.
Devices
A Fiabee user is required to provide his username and password every time he installs the app on a device. A list of all devices currently linked to the user’s account is provided via the web interface. Using the web interface, the user can unlink devices or initiate a remote wipe of all the files and information contained on the Fiabee app on one or more devices.
Automatic Updates
Fiabee frequently and automatically updates the client software on devices in the background without distracting the user. This prevents outdated software clients from being installed.
Registration and login
The registration and login processes continuously use secure communication channels (SSL/TLS). Password rules demand a minimum set of characters.
The administrator can generate a random single-use password. The password is encrypted using a hash. Only the user knows his password.
Fiabee deployed on Amazon Web Services EC2/S3, comprises a set of recognized security features and certifications. You can find detailed info here: http://aws.amazon.com/security.