Security is one of the top concerns for grantmaking organizations, particularly when moving their grants management operations to a cloud-based solution. Protecting data and system security is a core Fluxx business practice. We offer best-in-class security features and run comprehensive audits of our applications, systems, and networks to ensure customer data is always protected. In addition, Grantmaker is hosted on Amazon Web Services (AWS), the award-winning secure cloud service provider, that handles all physical security of hardware and networking. That’s why our customers are confident that their information is safe and their Fluxx system is secure.
FLUXX AND AWS MEET STRINGENT SECURITY AND COMPLIANCE STANDARDS, INCLUDING:
ISO 27001 SOC 1 Type 2 SOC 2 CCPA GDPR
BENEFITS
Keep your data close to your chest with hosting options around the world
Defend your grantmaking data and system against unauthorized intrusions and improper use.
Secure the information you exchange with your grantees.
Protect your data history and system configurations from failure and disaster.
Leading grantmakers trust Fluxx with their data
"Fluxx takes security seriously. They have been a great partner over the past 4+ years, and share our values and priority around cybersecurity and building and running a secure platform. Fluxx is very responsive to dynamic cybersecurity needs.”
JOHN MOHR, MACARTHUR FOUNDATION
ENSURING SECURITY FROM CLOUD TO SCREEN
SECURE APPLICATION
Fluxx uses rigorous development processes with systematic code reviews and automated tests to build the most secure system. Fluxx also employs external experts to perform detailed penetration tests on Grantmaker annually. Fluxx Grantmaker offers AWS Web Application Firewall (WAF) to protect your system against malicious data and allow you to better control the traffic coming to your site by whitelisting & blacklisting IP addresses. It also prevents attempts at SQL injections, scripting attacks, and certain crawlers from scanning your site.
SECURE NETWORK
Fluxx instances are provisioned on Amazon Virtual Private Cloud (VPC), logically isolated from the rest of AWS to maximize reliability and security. Our K8 clusters also employ separated subnets and client specific namespaces. DDoS attacks are comprehensively protected against, using AWS Shield as part of the AWS-provided DNS and Network infrastructure. Fluxx offers an IDS (Intrusion Detection System) to accelerate network threat detection, incident response, and compliance management.
SECURE DATA
Encryption in transit: Communications between end-users and Fluxx servers are encrypted via HTTPS and Transport Layer Security (TLS) over public networks.
Encryption at rest: Customers of Fluxx benefit from the protection provided by encryption at rest in their MySQL and Elasticsearch databases.
SECURE REGIONAL HOSTING
Through AWS, Fluxx customer data can be hosted in every major region of the globe. By default Fluxx offers hosting in US, Europe, Oceania, Canada, and Hong Kong, with the full list of hosting locations available on the AWS website.
SECURE USERS
Fluxx offers Single Sign-On (SSO) SAML 2.0 compliant options and Multi-Factor Authentication (MFA) to protect Grantmaker user access. Password requirements are easy to configure to enforce stricter login security, and individual access to data and functionality is managed through role-based permissions. Our password storage also uses a salted cryptographic digest to make passwords almost impossible to deduce.
SECURE CODE
Github reviews are enforced even for system admins to ensure no 3rd party content is inserted into our code. Additionally, info leak vulnerability scans are performed continuously to ensure that api and other keys are not included in our code.
SECURE OPERATIONS
Policies, controls, and 24/7 monitoring tools support strict security oversight of all daily activities. Administrative access to Fluxx’s AWS resources is tightly controlled and reviewed every month. Access to the underlying infrastructure is restricted by a firewall, and 2-factor authentication is only permitted from limited and trusted staff locations. Annual cybersecurity tabletops, team simulations, and disaster recovery exercises are performed across the organization to pressure test our teams, systems, and processes throughout the year.
ALWAYS ON AND AVAILABLE
Fluxx guarantees 99.5% uptime for Grantmaker and can accommodate heavy grant submission periods without degradation in service. In addition, data is synchronously replicated between data centers, and backups of all data and copies of Fluxx server system images are stored in separate regions to allow for fast recovery in the case of system failure or disaster.
See a Fluxx Grantmaker Demo
Get a personalized demo with one of our grantmaking experts