Skip to main content

Software Development & Operational Security

Files.com follows structured, secure, and well-documented software development and operational practices. This article covers our Software Development Life Cycle (SDLC), deployment methodology, change management, access controls, logging systems, and more.

These practices are reviewed annually as part of our SOC 2 Type II audit and align with industry best practices.

Software Development Life Cycle (SDLC)

Files.com follows a structured Software Development Life Cycle (SDLC) to ensure security and reliability across all services. Development takes place in isolated environments—development, staging, testing, and production—with strict separation between test and production data.

Code is developed using multiple programming languages, including Ruby, Java, Go, JavaScript, and Python.

All updates are deployed via a Continuous Integration / Continuous Deployment (CI/CD) pipeline that supports multiple production deployments per day.

Change Management

All infrastructure and application changes follow a formal change management process. This includes:

  • Peer review and pre-production testing
  • Role-based access control for production deployment
  • Change logging and quarterly audit reviews

All new systems and software undergo an internal approval process before use. Once approved, they follow the same change management procedures described above.

Patch Management

Files.com applies critical security updates automatically. Configuration changes are integrated into company-wide baselines and pushed via automation. For AWS-managed infrastructure components like S3 and Aurora, AWS handles patching directly.

Due to the continuous nature of these updates, Files.com does not publish a list of internal software versions.

Secure Coding Practices

Files.com trains engineers on secure coding principles and uses automated tools to enforce them. These include:

  • Static code analysis
  • Dependency scanning (e.g., Dependabot, Sonatype Lift)
  • CI-integrated security gates

All code changes must pass both automated checks and human review before deployment.

Configuration Management

Files.com uses Center for Internet Security (CIS) benchmarks to harden system configurations. Systems are deployed from secure baselines that:

  • Disable unused services
  • Enforce strong credential and identity policies
  • Control service accounts

All changes are versioned and integrated into the change management workflow.

Role-Based Access Control (RBAC)

Access to internal systems is tightly limited. Most employees do not have access to production systems. All access follows least privilege and need-to-know principles, enforced through Role-Based Access Control (RBAC).

Logging & Monitoring

Files.com maintains detailed logs across infrastructure, applications, and access points.

Internal logs are retained in hot storage for a defined period, then archived to cold storage. Application logs include file operations, settings changes, and administrative actions.

Logs are retained for at least 7 years by default. Customers can request shorter retention.

All logs are tamper-protected using a write-once/read-many (WORM) format.

Anomaly Detection

Automated tools such as Wazuh, along with custom-developed systems, continuously scan logs for suspicious activity. Alerts are generated for potential anomalies. While logs are not manually reviewed daily, the alerting system enables real-time investigation when needed.

End User Logging

Customers are responsible for logging activity within their own accounts. For more details, please reference the Files.com Shared Responsibility Model.

Use of Open Source Software

Files.com leverages open source software (OSS) in a secure and controlled way. All OSS components are scanned for vulnerabilities and reviewed for licensing compliance.

Roadmap and Planned Updates

Files.com does not publicly publish its product roadmap. However, customers who join our Customer Advisory Board (under NDA) receive access to future planning updates.

To inquire about joining the Customer Advisory Board, please contact your Account Executive.

Get Instant Access to Files.com

The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.

Start My Free Trial