At Fireblocks, we’ve developed and built an enterprise-ready platform for institutions that trade, store and issue digital assets. With 20+ years of experience securing Fortune 500 companies, we understand the importance of routine, third-party evaluations of our ecosystem.
Delivering an enterprise-grade infrastructure consists of three pillars: security, compliance, and insurance. This means regularly testing our technology with rigorous security scenarios, inviting auditors to review our strict data standards (and measure our ability to meet those standards), and creating a one-of-a-kind insurance policy that covers digital assets both in storage and in transit.
Regular Security Reviews & Pen Testing (NCC Group & ComSec)
We evaluate and improve our security architecture at Fireblocks through a process called penetration testing, or “pen testing.” A pen test is a simulated cyberattack against a software, platform, or company that’s intended to find any (potentially exploitable) weaknesses in that entity’s security architecture.
Two third-party firms—ComSec and NCC Group—perform regular pen tests of our ecosystem to ensure we’re always keeping up with the latest developments in cybersecurity. These two firms focus on different aspects of our system, giving us a broad view of possible threats to our security architecture.
For over 32 years, ComSec has advised organizations in a wide variety of industries on cybersecurity, information storage, compliance, and related subjects. They have 160+ employees worldwide, and all their department heads who focus on niche industry knowledge have been with the company for 10+ years.
ComSec has leveraged “blackbox”-style pen tests (or pen tests in which the auditing firm is shown the product as it would be shown to any user, rather than introduced to the internal software architecture) against our security infrastructure. Through tests like these, we’re able to continually strengthen our ecosystem.
NCC Group, a cybersecurity audit firm founded in 1999, has over 35 offices and over 2,000 employees across the world. As we are the only firm combining MPC and SGX, the group performs white-box secure code reviews around all of our cryptography. This helps us ensure that any vulnerabilities in our technology are regularly accounted for and eliminated.
SOC 2 Type II Certification Granted by E&Y
Alongside our security evaluations and improvements, we also work to comply with rigorous international standards. Recently, we completed a Service Organization Control (SOC) 2 Type II examination. This exam tested our ecosystem’s compliance with strict data privacy and protection laws globally.
The SOC 2 Type II examination, performed by internationally renowned audit firm Ernst & Young, consisted of a six-month-long inspection of Fireblocks’ processes, evaluation of our pen test results, and customer data testing.
In terms of our processes, Ernst & Young looked for proper utilization of encryption technology, strict access controls to development/production environments, disaster recovery SLA, and more.
As for customer data, their tests focused on 5 trust service principles:
- Availability (see below)
- Processing integrity
At the end of the examination, Ernst & Young gave us a Service Auditor’s Report confirming that Fireblocks meets or exceeds SOC 2 Type II requirements. This review is being conducted annually and will require us to continually meet the high standards we’ve set for ourselves.
Availability and Data Recovery Policies
Fireblocks is committed to delivering and maintaining 99.9% uptime. We’ve designed institutional-grade policies that cover availability, data recovery, and system reliability.
To ensure business continuity in case of an unforeseen incident, our disaster recovery plan consists of hourly backups across multiple availability regions. We provide customers with a full recovery option to unlock their funds at will.
Market Leading Insurance for Digital Assets in Motion
At Fireblocks, we secure our customers’ digital assets not only when these assets are in storage, but also when they’re in motion. Applying this philosophy, we created and secured a unique insurance policy that insures users’ assets, whether they are in storage or in motion, against the risk of theft resulting from cyberattacks and internal fraud. Given our commitment to developing a truly Secure Transfer Environment, obtaining a policy of this sort was a natural next step for Fireblocks.
Fireblocks insurance coverage is provided by leading insurance companies that are A.M. Bests rated “A” (excellent).”
Need help securely scaling digital asset trading operations?
Some of the largest active hedge funds, OTCs, exchanges, and liquidity providers who frequently move large amounts of digital assets have switched to Fireblocks because we’ve securely streamlined operations while eliminating deposit addresses from the settlement process.
If you need to expand, secure and streamline your trading operations, request access here to see Fireblocks in action.
Fireblocks is an enterprise-grade platform delivering a secure infrastructure for moving, storing and issuing digital assets. We enable exchanges, custodians, banks, trading desks, and hedge funds to securely scale digital asset operations through our patent-pending SGX & MPC technology. We’ve secured the transfer of over $9 billion in digital assets and have a unique insurance policy that covers assets in storage & in transit.