The Safety Over Liveness approach
The Safety over Liveness approach is unique and an effective way to gain trust from token holders. Figment adopts this approach to prevent slashing risks and potential losses for token holders by optimizing uptime instead of maximizing it. Being offline is better than having a double signing incident, as safety is preferred to liveness during turbulent events.
Stakers may think the higher the uptime, the higher the chances of generating rewards. However, given the different characteristics of each PoS network, the rewards performance strategy is nuanced and unique for each one. Learn more about our Safety Over Liveness approach here.
Stakers may think the higher the uptime, the higher the chances of generating rewards. However, given the different characteristics of each PoS network, the rewards performance strategy is nuanced and unique for each one. Learn more about our Safety Over Liveness approach here.
The most secure and reliable blockchain infrastructure
Infrastructure
Figment's enterprise-grade node and staking infrastructure prioritizes the security and resiliency of staked assets while minimizing risk.
Figment's enterprise-grade node and staking infrastructure prioritizes the security and resiliency of staked assets while minimizing risk.
- Physical Access Control - Data Center: Figment's private physical infrastructure is hosted in SOC 2 compliant third-party facilities. Physical and environmental controls include physical barriers, 2N power and cooling, redundant fiber, card access, fire suppression systems, control systems, security guards, biometrics, cameras, key locks, monitoring and logging, and 24/7 access.
- Zero-Trust Architecture: Restricted environments utilizes a zero-trust architecture with microsegmentation and tools for policy enforcement and continuous validation and monitoring.
- Systems Security: System security is built into Figment's server platforms using automation wherever possible. Hardening measures and controls are incorporated into server builds.
- Network Security: Figment-managed networks are designed using a multi-cloud, multi-tiered segmented approach. Connectivity is restricted by VPNs, private links and advanced identity management solutions. Restricted networks are blocked from the public internet. Security standards are followed based on vendor hardening benchmarks and security best practices.
Availability & Reliability
Figment's staking infrastructure is divided across multiple cloud and physical data center providers that are geographically dispersed and designed for maximum security and redundancy.
Figment's staking infrastructure is divided across multiple cloud and physical data center providers that are geographically dispersed and designed for maximum security and redundancy.
- Slashing Protections: Figment has a robust infrastructure strategy in place to reduce the likelihood and severity of a slashing event. Figment has insurance policies in place that help cover slashing, downtime and/or missed rewards that may occur across its supported networks.
- Denial of Service (DoS) Protection: Figment uses a DNS provider and failover design that monitors for DDoS attacks and can mitigate on the global network level.
- Infrastructure Redundancy: Figment's network infrastructure includes diverse paths across various cloud and data center providers supporting blockchain participation.
- Service Monitoring: Figment utilizes performance and security monitoring tools. A 24/7 on-call operations and security response team is available for response and issue resolution.
- Key Management: Validator key management is critical to Figment’s blockchain participation and staking lifecycle. Limited privileged key custodians with a business need have access to appropriate security tiers, encrypted hardware devices and encrypted vaults to manage keys.
Staking Coverage & Insurance
In the event of a slashing incident, Figment offers peace of mind to its customers by operating a robust infrastructure strategy and the most holistic coverage in the space so that risks and impact of slashing events are drastically reduced. We quantify risk exposure per network and protect client delegations through multiple layers of coverage, mitigating the three kinds of loss: downtime, double signing and missed rewards. To learn more about common slashing risks and correlated penalties read here.
External Audits
At Figment we have achieved a SOC 2 Type I attestation final report as well as an ISO 27001:2013 certification. Figment's multi-layered security approach encompasses continuous proactive measures and purpose built controls to maximize the resiliency and security of its staking services. Security is integrated throughout all aspects of Figment to reduce risk and enable the assurance, integrity and confidentiality customers expect.
Figment's commitment to security assurance is a top priority. Our SOC 2 Type 1 Audit Report and ISO Certificate can be requested here: https://trustpage.figment.io/.
Figment's commitment to security assurance is a top priority. Our SOC 2 Type 1 Audit Report and ISO Certificate can be requested here: https://trustpage.figment.io/.
SOC 2 Type I
A SOC 2 examination is a report on controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy. Figment's commitment to security assurance is top a priority. Figment has been examined to attest that its system and the suitability of the design of controls meets the AICPA's SOC 2 Type 1 requirements. For more information, visit www.aicpa.org/soc4so.
A SOC 2 examination is a report on controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy. Figment's commitment to security assurance is top a priority. Figment has been examined to attest that its system and the suitability of the design of controls meets the AICPA's SOC 2 Type 1 requirements. For more information, visit www.aicpa.org/soc4so.
ISO 27001:2013
Figment has received certification from an independent auditor for compliance with ISO/IEC 27001:2013, a security management standard for information security management systems (ISMS) and their requirements.
Figment has received certification from an independent auditor for compliance with ISO/IEC 27001:2013, a security management standard for information security management systems (ISMS) and their requirements.
Visit Security at Figment to learn more about our proactive measures and purpose built controls to maximize the resiliency and security of our staking services.
