Skip to main content

Internal Company Network & Information Technology (IT)

Our goal is to provide transparency around our internal infrastructure practices and to demonstrate the company-wide investment we make in security and compliance.

Employee and Contractor Identity Management

Files.com uses a custom-built internal Identity and Access Management system to secure access to most internal systems. This system:

  • Provides Single Sign-On (SSO) across internal applications
  • Is developed and maintained entirely in-house
  • Is hosted within the Files.com private infrastructure
  • Enforces unique user identifiers
  • Requires passwords that meet complexity standards defined in our Information Security Policy
  • Enforces mandatory Two-Factor Authentication (2FA) using physical hardware-based tokens for all employees

We do not rely on third-party identity SaaS providers (e.g., Okta) for internal identity management.

Files.com applies Role-Based Access Control (RBAC) across internal systems, based on the principles of least privilege and need-to-know access. Roles and permissions are reviewed regularly and adjusted as needed to minimize risk.

All employee and contractor identities, along with their role assignments, are subject to a formal quarterly audit conducted by the Information Security team.

Access to internal systems is primarily gated through our multi-layer VPN infrastructure. VPN access is disabled immediately upon termination of employment or contract.

Files.com’s Identity and Access Management policies and controls are reviewed as part of our annual SOC 2 Type II audit.

Please note that our internal InfoSec Program documentation includes proprietary and sensitive information and is not shared externally. For additional assurance regarding these practices, we encourage you to review our most recent SOC 2 report, which is available upon request under NDA.

Internal VPN, Device Management, and Remote Access Policy

This section outlines the security posture and internal technology policies governing access to the Files.com network, with a particular focus on remote work, mobile device management (MDM), and internal infrastructure controls.

All infrastructure, network, and access control measures are reviewed as part of Files.com’s annual SOC 2 Type II audit. Documentation for our full InfoSec Program includes sensitive and proprietary content and is not shared externally. However, customers and prospects may request our most recent SOC 2 report under NDA.

Company-Owned Devices Only

By policy and through technical enforcement, Files.com employees may only access our internal network using company-owned hardware. No personally owned (BYOD) devices are permitted to access internal systems.

All company-owned devices:

  • Are exclusively Apple hardware (no Windows systems are permitted)
  • Are enrolled in and managed via Mobile Device Management (MDM)
  • Receive centrally managed software updates
  • Support remote wipe capability
  • Have host-based firewalls enabled
  • Use CrowdStrike Falcon for anti-virus/anti-malware protection
  • Have full disk encryption enabled by default
  • Disable Airdrop and removable media access (e.g., USB storage)
  • Deny local administrative access to all users

Applications are deployed via the MDM system and governed by our internal Change Management process.

VPN Architecture and Network Access

All access to internal Files.com systems—regardless of location—requires use of a multi-layer VPN architecture.

Each company-owned laptop:

  • Routes all outbound traffic through a base layer VPN, providing protection even on unsecured or compromised networks
  • Requires additional VPN layers for access to internal applications
  • Must authenticate with multi-factor authentication (MFA) and certificate-based trust
  • Is technically restricted to prevent VPN access from any non-company-owned device

Our VPN infrastructure is fully scaled to support 100% remote operations for all employees, including extended periods of remote-only work.

Remote Access Protocols

Files.com does not use Remote Desktop, VNC, or Citrix services.

A limited number of engineers may access production and staging environments via SSH, which requires:

  • An additional layer of VPN access
  • Authentication via SSH bastion hosts
  • Enforcement of public/private key authentication
  • Policy-driven session timeouts and session logging

Access to any production system is restricted to senior employees located in the United States who are bound by strict confidentiality agreements. Contractors are not granted access to customer data or core infrastructure.

All access to internal and customer-facing systems is fully logged and auditable.

Passwords and Secrets Management

  • Employees are required to use a company-enforced password manager to store all credentials
  • System secrets are managed in HashiCorp Vault, which is used across our infrastructure for secure, policy-based access control

Mobile Device Policy and Personal Devices

Files.com maintains a formal Mobile Device Policy, which is part of our broader Information Security Policy.

Personal devices may only be used to access third-party SaaS communication tools such as:

  • Slack
  • Gmail
  • PagerDuty
  • Zoom

No personal device may access Files.com’s internal network or systems. VPN authentication requires a company-managed device.

Wireless Networks

Files.com operates two physical office locations, each with:

  • A company-managed wireless network restricted to company-owned devices
  • A separate guest network with WPA encryption, a captive portal, and bandwidth restrictions

Office networks are treated the same as external environments:

  • No direct trust or access is granted to the Files.com internal network
  • Office computers must use the same VPN stack as remote workstations
  • Wireless network configuration is enforced via MDM and cannot be altered by employees

Media Management

As a cloud-native company, Files.com relies on AWS for all physical storage. We do not manage or destroy physical media directly.

Local devices are prevented from writing to or reading from external storage media (e.g., flash drives, external hard drives). This restriction is enforced via MDM policy and governed by our Acceptable Use Policy.

Permitted Activities

We do not block outgoing emails, attachments, access to non-company E-Mail accounts, social media, instant messaging, or remote printing. These channels are intentionally left open because they are essential to our day-to-day business operations. Employees use email, messaging, and social media tools as part of collaboration, communication, and support activities.

Get Instant Access to Files.com

The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.