At Fireblocks, we’ve developed and built an enterprise-ready platform for institutions that trade, store and issue digital assets. With 20+ years of experience securing Fortune 500 companies, we understand the importance of routine, third-party evaluations of our ecosystem.
Delivering an enterprise-grade infrastructure consists of three pillars: security, compliance, and insurance. This means regularly testing our technology with rigorous security scenarios, inviting auditors to review our strict data standards (and measure our ability to meet those standards), and creating a one-of-a-kind insurance policy that covers digital assets both in storage and in transit.
Regular Security Reviews & Pen Testing (NCC Group & ComSec)
We evaluate and improve our security architecture at Fireblocks through a process called penetration testing, or “pen testing.” A pen test is a simulated cyberattack against a software, platform, or company that’s intended to find any (potentially exploitable) weaknesses in that entity’s security architecture.
Two third-party firms—ComSec and NCC Group—perform regular pen tests of our ecosystem to ensure we’re always keeping up with the latest developments in cybersecurity. These two firms focus on different aspects of our system, giving us a broad view of possible threats to our security architecture.
For over 32 years, ComSec has advised organizations in a wide variety of industries on cybersecurity, information storage, compliance, and related subjects. They have 160+ employees worldwide, and all their department heads who focus on niche industry knowledge have been with the company for 10+ years.
ComSec has leveraged “blackbox”-style pen tests (or pen tests in which the auditing firm is shown the product as it would be shown to any user, rather than introduced to the internal software architecture) against our security infrastructure. Through tests like these, we’re able to continually strengthen our ecosystem.
NCC Group, a cybersecurity audit firm founded in 1999, has over 35 offices and over 2,000 employees across the world. As we are the only firm combining MPC and SGX, the group performs white-box secure code reviews around all of our cryptography. This helps us ensure that any vulnerabilities in our technology are regularly accounted for and eliminated.
SOC 2 Type II Certification Granted by E&Y
Alongside our security evaluations and improvements, we also work to comply with rigorous international standards. Recently, we completed a Service Organization Control (SOC) 2 Type II examination. This exam tested our ecosystem’s compliance with strict data privacy and protection laws globally.
The SOC 2 Type II examination, performed by internationally renowned audit firm Ernst & Young, consisted of a six-month-long inspection of Fireblocks’ processes, evaluation of our pen test results, and customer data testing.
In terms of our processes, Ernst & Young looked for proper utilization of encryption technology, strict access controls to development/production environments, disaster recovery SLA, and more.
As for customer data, their tests focused on 5 trust service principles:
- Availability (see below)
- Processing integrity
At the end of the examination, Ernst & Young gave us a Service Auditor’s Report confirming that Fireblocks meets or exceeds SOC 2 Type II requirements. This review is being conducted annually and will require us to continually meet the high standards we’ve set for ourselves.
Availability and Data Recovery Policies
Fireblocks is committed to delivering and maintaining 99.9% uptime. We've designed institutional-grade policies that cover availability, data recovery, and system reliability.
To ensure business continuity in case of an unforeseen incident, our disaster recovery plan consists of hourly backups across multiple availability regions. We provide customers with a full recovery option to unlock their funds at will.
The First & Only Insurance for Digital Assets in Transit
At Fireblocks, we secure our customers’ digital assets not only when these assets are in storage, but also when they’re in motion. Applying this philosophy, we created and secured a unique insurance policy that’s unprecedented within our industry.
While several companies in the digital asset space have announced insurance policies covering stored digital assets, Fireblocks is the first and only company to also secure insurance for digital assets in transit. Given our commitment to developing a truly Secure Transfer Environment, obtaining a policy of this sort was a natural next step for Fireblocks.
Our policy not only insures users’ assets against cyberattacks and internal fraud but also covers important possibilities that many others neglect—like software bugs and internal process errors. When you’re insuring the dynamic handling of a digital asset (such as a transfer), it is critical to insure against possibilities like these, as a software bug in the crypto space could accidentally burn the asset.
A.M. Best, an insurance rating company founded in 1899, rated our insurance plan “A” (“strong”)—verifying the strength of the policy.
Need help securely scaling digital asset trading operations?
Some of the largest active hedge funds, OTCs, exchanges, and liquidity providers who frequently move large amounts of digital assets have switched to Fireblocks because we’ve securely streamlined operations while eliminating deposit addresses from the settlement process.
If you need to expand, secure and streamline your trading operations, request access here to see Fireblocks in action.
Fireblocks is an enterprise-grade platform delivering a secure infrastructure for moving, storing and issuing digital assets. We enable exchanges, custodians, banks, trading desks, and hedge funds to securely scale digital asset operations through our patent-pending SGX & MPC technology. We’ve secured the transfer of over $9 billion in digital assets and have a unique insurance policy that covers assets in storage & in transit.