Discover the comprehensive security measures Flipsnack implements, including multi-factor authentication, role-based access control, encryption, physical security, and more.
Multi-Factor Authentication (2FA):
Flipsnack enhances account security by implementing two-factor authentication (2FA), a security measure that requires users to provide two forms of authentication—beyond just a username and password. This additional layer of protection makes it significantly more difficult for attackers to access sensitive data and resources, even if they obtain a user's password.
Role-Based Access Control (RBAC):
Flipsnack uses a Role-Based Access Control (RBAC) model to limit resource access based on users' specific roles within the organization. This model ensures that each user has the appropriate level of access according to their responsibilities:
- Owner: The account creator with ultimate control.
- Administrator: Holds the same access as the owner, with multiple administrators possible.
- Editor: Can fully edit flipbooks but cannot access Billing and Settings.
- Agent: Has access only to their own flipbooks and no access to Billing and Settings.
- Contributor: Can create, edit, and view their flipbooks, but publishing is restricted to Owners, Administrators, or Editors.
RBAC enhances security and operational efficiency by ensuring the right distribution of access rights.
Encryption at rest:
Flipsnack uses AWS Key Management Service (AWS KMS) to store and manage encryption keys, and employs the Advanced Encryption Standard algorithm with 256-bit keys (AES-256) for encrypting data at rest.
Encryption in transit:
For data in transit, Flipsnack uses SSL for every request between customers and our platform. This includes a 2,048-bit key size and SHA-256 with RSA encryption.
Physical security:
Flipsnack’s infrastructure is hosted on AWS, relying on their robust physical security controls. Further, Flipsnack offices adhere to an internal Physical Security Policy and Procedures, with more details available here.
Data access:
Flipsnack treats all customer data as confidential, regardless of its classification. Only employees with job-specific needs can access this data, and only the minimum amount necessary to perform their duties. Access is revoked within 24 hours upon termination of employment.
Business continuity and Disaster Recovery Program:
Flipsnack has a Disaster Recovery Policy and Business Continuity Plan in place, reviewed annually by the Information Security Unit. These plans ensure rapid response to emergencies and keep customers informed if their services are impacted.
Incident response:
In the event of an information system breach, Flipsnack has incident response plans with established Recovery Point Objective (RPO) and Recovery Time Objective (RTO) capabilities. Our RTO is 60 minutes, and our RPO is 30 minutes, with separate environments for testing to avoid customer impact.
Employee training:
Flipsnack is committed to ongoing information security training for all employees, led by our Security Unit Team and Compliance Department, ensuring that we meet the highest security standards.
Security unit team:
Flipsnack’s Internal Security Unit comprises DevOps professionals, developers, and compliance officers who enforce secure practices and respond to security incidents efficiently. They also coordinate the development and implementation of secure foundations across the company.
Policies:
Flipsnack has established comprehensive policies and procedures to set a common baseline for information security standards. These are reviewed and updated as necessary, but at least annually.
Our security standards:
Flipsnack follows the OWASP (Open Web Application Security Project) Top 10 list as a key component of our security framework, ensuring protection against the most critical web-based threats.