Skip to main content

Internal Device & Network Access Controls

Files.com enforces strict internal controls around device usage, VPN access, and remote connectivity to safeguard our infrastructure and ensure regulatory compliance. These controls are reviewed as part of our annual SOC 2 Type II audit.

Company-Owned Devices Only

Files.com employees may only access internal systems using company-owned hardware. Personally owned (BYOD) devices are strictly prohibited from connecting to internal systems, both by policy and through technical enforcement.

All company-owned devices are Apple hardware and are enrolled in a centralized Mobile Device Management (MDM) system. This system enforces full disk encryption, host-based firewalls, remote wipe capability, and software update compliance. Administrative access is restricted, removable media is disabled, and all devices use CrowdStrike Falcon for anti-malware protection. Applications are deployed and managed through MDM in accordance with our internal Change Management process.

VPN Architecture & Access Controls

All access to internal systems—regardless of physical location—requires use of a multi-layer VPN architecture. Each company-managed device routes all outbound traffic through a base-layer VPN, even on unsecured or public networks. Additional VPN layers are required to access internal applications.

Authentication is enforced using a combination of multi-factor authentication (MFA) and certificate-based trust. VPN access is technically restricted to company-owned devices only.

Remote Access Protocols

Files.com does not use Remote Desktop, VNC, or Citrix services.

A limited number of engineers may access production and staging environments via SSH. These connections require an additional layer of VPN access, authentication through SSH bastion hosts, public/private key credentials, and are subject to policy-based session timeouts and logging.

Access to production systems is restricted to senior employees located in the United States who are bound by strict confidentiality agreements. Contractors are not granted access to customer data or core infrastructure.

Password & Secrets Management

Files.com enforces centralized credential and secrets management to reduce risk and ensure consistency across the organization.

All employees are required to use a company-enforced password manager to store and manage their credentials securely. This ensures passwords meet internal complexity standards and are not reused or stored outside of approved systems.

For infrastructure-level secrets, Files.com uses HashiCorp Vault. Vault enables secure, policy-based access control across systems and provides centralized, auditable secret management.

Mobile Device Policy & Personal Devices

Files.com maintains a formal Mobile Device Policy as part of its broader Information Security Program.

Personal devices may not be used to access the Files.com internal network, systems, or VPN. However, employees may use personal devices to access third-party communication platforms such as Slack, Gmail, PagerDuty, and Zoom. These tools are used to support business operations and communication, but they do not interface directly with core infrastructure.

Wireless Network Security

Each physical Files.com office location operates a company-managed wireless network restricted to company-owned devices, along with a separate guest network that uses WPA encryption, captive portal access, and bandwidth restrictions.

All office networks are treated as untrusted. Devices must use the same VPN stack as remote workstations, and wireless configurations are enforced via MDM. Employees cannot alter these configurations.

Media Management

Files.com does not manage or destroy physical storage media, as all production infrastructure is cloud-based and hosted in AWS.

Local devices are prohibited from reading or writing to external storage media such as flash drives or external hard drives. This restriction is enforced via MDM and governed by our Acceptable Use Policy.

Permitted Activities

Files.com does not block outgoing email, email attachments, access to personal email accounts, social media, instant messaging, or remote printing. These channels are permitted as part of standard business operations and employee collaboration.

Get Instant Access to Files.com

The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.

Start My Free Trial