Huddle for Social
Services
G-Cloud Service Definition
This document intends to outline the capabilities and benefits of Huddle for Social Services and seeks
to summarise why we believe that we have the best ‘fit for purpose’ solution to meet the increasing
need for social services professionals within the public sector to collaborate and provide more
efficient, effective and joined up working.
Contents
1.
Executive Summary ..................................................................................................................... 3
About Huddle ...................................................................................................................................... 3
Huddle – Transforming the Way Social Services are Delivered .......................................................... 3
Huddle - Security First ......................................................................................................................... 4
Huddle – Service Driven User Adoption.............................................................................................. 4
Huddle – True Native Mobility ............................................................................................................ 5
Huddle – Seamless Desktop Integration ............................................................................................. 5
Huddle for Social Services - Benefits of the Solution .......................................................................... 6
Huddle – Award Winning Service........................................................................................................ 7
2.
Huddle Overview......................................................................................................................... 8
Create & Edit Content Together ......................................................................................................... 8
Manage, Store and Share Content...................................................................................................... 8
Access Anywhere ................................................................................................................................ 8
Manage E-mail and Calendar .............................................................................................................. 8
Communicate with Everyone .............................................................................................................. 8
Search across the Social Enterprise .................................................................................................... 8
People perform Workflow .................................................................................................................. 9
Government-level Security ................................................................................................................. 9
Access self-service and specialist applications ................................................................................... 9
3.
Reference Guide of Features .................................................................................................... 10
Comprehensive collaboration system .............................................................................................. 10
Client extranet: ................................................................................................................................. 10
Corporate intranet and internal file storage: ................................................................................... 10
Secure external collaboration: .......................................................................................................... 10
Project management: ....................................................................................................................... 10
Knowledge management .................................................................................................................. 11
Key features: ..................................................................................................................................... 11
Project management ........................................................................................................................ 11
File sharing ........................................................................................................................................ 11
Document management ................................................................................................................... 11
Collaboration tools............................................................................................................................ 11
Managing and connecting people..................................................................................................... 12
User controls ..................................................................................................................................... 12
1
Mobile and third party access........................................................................................................... 12
Microsoft Outlook Integration .......................................................................................................... 12
4.
Huddle for Social Services Feature List ..................................................................................... 13
5.
Security at Huddle ..................................................................................................................... 16
Hosting Environment ........................................................................................................................ 16
Huddle in UK Government ................................................................................................................ 16
Network Infrastructure ..................................................................................................................... 17
Multiple Levels of Security ................................................................................................................ 17
Physical Security................................................................................................................................ 17
System & Network Security .............................................................................................................. 18
Application Security .......................................................................................................................... 18
SAL & Resilience ................................................................................................................................ 19
Backup & Disaster Recovery ............................................................................................................. 19
Privacy ............................................................................................................................................... 19
Considerations of the Software Lifecycle ......................................................................................... 19
Security FAQ ...................................................................................................................................... 20
6.
Huddle API................................................................................................................................. 22
How does authentication work? ....................................................................................................... 22
What functionality does your API currently support? ...................................................................... 22
7.
Suggested Transition/Migration Approach............................................................................... 23
2
1. Executive Summary
This document intends to outline the capabilities and benefits of Huddle for Social Services
and seeks to summarise why we believe that we have the best ‘fit for purpose’ solution to
meet the increasing need for public sector Social Services departments to collaborate and
securely share sensitive information with multiple agencies in the delivery of duties.
About Huddle
Established in 2006, with offices in London and San Francisco, Huddle is the leader in cloud
collaboration and content management for the enterprise.
Huddle was founded with a single aspiration: to help people work better together.
At Huddle, we believe that true collaboration means more than just file sharing. It’s about
delivering the right information to the right people and giving them all the tools they need to
achieve their goals in one place.
We also believe that true collaboration is about actions not words. It’s about actually getting
stuff done, not just talking about getting it done. Fewer status updates, more completed
projects.
Trusted by 80% of UK central government departments and In-Q-Tel (IQT), our partner in
the U.S., Huddle is the most pervasive cloud-based content collaboration platform in the
government. It allows teams, departments, and agencies to share and work on documents
internally and across the firewall, securely and confidentially. Huddle is a popular alternative
choice to SharePoint in the cloud, offering unbelievably easy-to-use collaboration tools,
uptime and adoption guarantee.
Simply: if SharePoint was built today, they would’ve built Huddle.
Huddle – Transforming the Way Social Services are Delivered
Huddle has an in-depth understanding of the challenges faced by social services
professionals in the provision of their duties.
At the forefront of these caring professionals’ minds is the need to protect the vulnerable and
those in need, raise standards of practice, and strengthen the professionalism of those who
work within this area.
The delivery of modern day social services is increasingly reliant upon multi-agency
collaboration. Local authorities are often required to work with a complex network of internal
teams and various external stakeholders ranging from Central Government agencies,
healthcare professionals, employment services, criminal justice bodies such as the Police
and Courts, to community and voluntary action groups. Ensuring that these agencies are
able to securely share sensitive data and have access to up to date information relating to
3
cases, policies and legislation regardless of wherever they are or what device they are on, is
critical to the successful provision of social services.
In practice however, collaboration across such a wide array of stakeholders is a complex
challenge. Traditionally, many public sector professionals have used email and VPN to share
information with their external partners and relied on face-to-face meetings to make
collaborative decisions. Not only have these methods lead to significant time and cost
overheads but more critically, exposes information to a number of security risks.
With these challenges at the forefront of Huddle’s mind, it has designed Huddle for Social
Services specifically to meet the needs of those engaged in the delivery of social services:





Secure Workspaces that bring together disparate teams of people, both internal and
external, enabling them to store, share and work on content in a private (invite only)
area.
Operate with the Confidence, using a Pan-Government Accredited service for
information up to IL2 and that is ISO27001 certified
Increased Control and Accountability of who accesses your information and when.
Not only is Huddle for Social Services based on a robust invitation only model, but
workspace managers are able to set access permissions and have full visibility of
user activity as all Huddle activity is fully audited.
Create, Manage and Approve Documents from a central location, therefore saving
time by removing the need to manually manage file versions and ensuring that users
always have access to the latest document version.
Access to Information from anywhere, at any time and on any device, thus
ensuring a rapid response in emergency situations
Huddle - Security First
Huddle is committed to keeping your data safe and secure. Some of the biggest businesses
in the world, and numerous government organisations, trust Huddle with their data.
Huddle has very rigorous security standards as detailed in our security whitepaper from
SSAE16 certified datacenters run by Rackspace to ISO27001 certification covering both our
corporate and datacentre environments.
The UK Government's CESG department has also certified Huddle for pan-government
accreditation (PGA), meaning any government department can use Huddle without having to
do their own risk analysis. Huddle is currently the only collaboration company to have
achieved this status.
Huddle – Service Driven User Adoption
User adoption is the most critical factor in the deployment of a collaboration and content
management application.
4
A high level of user adoption also means that you can significantly reduce training time and
costs, while minimizing management issues, typical of enterprise on-premise deployments.
Huddle’s user interface has been architected with the business user in mind to guarantee the
highest possible adoption rates and positive ROI. Huddle’s dedicated Customer Success
team assist our customers to get started through user provisioning, onsite training and
supporting your business users, so that IT can focus on driving innovation and empowering
the organisation with the most productive and cost efficient tools.
Several studies suggest that other popular collaboration solutions, due to their inherent
complexity and multi-purpose feature set, suffer from low adoption rates within
organisations. In fact, Huddle’s customer research shows a user adoption of 90+ per cent,
compared with the typical 32 per cent adoption of these other systems.
With the Huddle Adoption Guarantee, we are confident that, within 90 days, 100 per cent of
your initial user base will be actively using Huddle.
For the IT department, Huddle, with its adoption guarantee, is the best way to obtain high
levels of collaboration, adoption and ROI. For the university research professional and, it is
an intuitive collaboration and content management application that they will enjoy using.
Huddle – True Native Mobility
Accessing information wherever you are and on whatever device you choose is a core
design philosophy of Huddle. We provide industry-leading iOS (iPad and iPhone) and
Android applications, with Blackberry and Windows Phone 3rd party support.
Huddle – Seamless Desktop Integration
Huddle for Windows/ Mac
Huddle for Windows or Mac allows you to open and edit files directly from the cloud. You can
use your familiar desktop applications such as Microsoft Word, Excel and PowerPoint, or the
Adobe Creative Suite. While you’re editing files, they will be locked automatically, so that
others don’t overwrite your changes, saving you time. The app works online or offline and
ensures you are always working from the latest version: it cleans up old versions in the
background.
Requirements: Windows 7 or later, Mac OSX 10.7 or later.
Huddle for Office
Microsoft Office is the leading personal productivity suite, but with Huddle for Office we are
now extending that productivity to your entire team. With the free Huddle add-on for
Microsoft Office, users can lift content directly to the Huddle cloud, rather than save a file on
the hard drive and upload it manually. From there you can edit the file, save your work, and
notify a colleague without ever leaving Office.
Requirements: Huddle for Windows, Office 2010 or later.
5
Huddle for Outlook
Huddle for Outlook helps you keep collaboration in the cloud. When a colleague, supplier or
customer emails you an attachment, it’s only a couple of clicks to upload that to your Huddle
workspaces. The integration is right in the Outlook ribbon bar, so it’s really easy to find when
you need it. Huddle for Outlook also helps you continue the conversation. It automatically
adds each email as a separate comment on your uploaded attachment. Everyone’s input is
recorded and shared.
Requirements: Outlook 2010 or later.
Huddle for Social Services - Benefits of the Solution
Public sector organisations will realise the following benefits from the implementing Huddle
for Social Services:















Increased Efficiency & Reduced Costs – virtual workspaces allow sharing of
information with other public services providers and external agencies, therefore
reducing the need for face-to-face meetings, freeing up valuable time and reducing
travel costs
Case Files at Your Fingertips - enables social services professionals to securely
access important information from wherever they are and on whatever type of device
they have access to, thus enabling more rapid responses to emergency situations
Reduced Risk – by avoiding sensitive information being stored on consumer cloud
storage tools, USB drives or CDs and potentially leading to embarrassing or
damaging data breaches
Increased Organisational Efficiency – through significantly improved access to upto-date data and case information, guidance and policy
Confidentiality – keeping information private and shared with specified audience.
Full access control – ensures that users only have access to relevant documents
and that all activity is audited for compliance and governance
Increased Levels of Security - to enable a highly secure way of sharing confidential
personal information Huddle provides full Encryption at Rest
Enhanced Back Up Capability - Huddle can provide a data export tool which allows
all information stored within Huddle to be exported to a local system of your choosing
to ensure additional back up of confidential data on local systems
Protect your confidential information - Restrict access to your custom domain or
individual workspaces to a range of IP addresses
Guaranteed User Adoption – driven by an industry leading intuitive user interface
Unsurpassed Service – with a dedicated and named Huddle Customer Success
representative that makes sure all of our customers know how to use Huddle to its
full potential. Webinars and onsite lunch & learn sessions included
Industry Leading Support – including Quarterly Business Reviews with a dedicated
account team (including your Public Sector Account Director, Customer Success
representative and Sales Engineer), online knowledgebase, video tutorials, support
case logging and ticketing system
No Cost of Management –negligible management overhead costs, particularly when
compared to either on-premise or hosted SharePoint implementations
Anywhere, Anytime, Any Device User Access – not limited by web browser
provider and enhanced capabilities via iPhone, iPad, Android and BlabckBerry apps
Security First – Huddle has been ISO270001, and IL2 Pan Government
Accreditation security certified
6

Remote Device Wiping – Huddle's iOS applications have full and granular remote
wipe capabilities. If a user is removed from a workspace or from an account, the
application will remove any pertinent cached content. If a device is lost, the
application's OAuth token can be revoked, removing content from the device but
retaining a user's privileges.
Huddle – Award Winning Service










Computer Weekly – Best Supplier for Enterprise Software
Gartner – Cool Vendor 2009
Gartner – consistently recognised as a ‘Visionary’ in the Social Software in the
Workplace Magic Quadrant
The Daily Telegraph - Winner Best European Enterprise B2B Product
(Collaboration, Storage, Security) 2011
TechCrunch Europe - Best Enterprise / B2B Startup (EMEA) 2009
UK IT Industry Awards - Internet Product of the Year 2009
Tech Media Invest – Tech Media Invest 100 (ranked 4th) 2010
Tech Start-up 100 Awards – Winner of Best Enterprise Tech Start Up in Europe
2011
KMWorld – Top 100 Companies that Matter in Knowledge Management 2013
Red Herring - 100 Europe Winner 2009
7
2. Huddle Overview
Huddle is a true cloud solution and would provide both the consuming organisation’s
employees and external parties the ability to securely access their information from wherever
they are and whatever device they’re on. While the emphasis is on ease-of-use, Huddle
would also provide the control and auditing required for an enterprise solution.
Create & Edit Content Together
Creating and editing content in a collaborative environment is at the heart of what Huddle
does. Content is available to users from wherever they are in the world on whatever device
they want to use.
Manage, Store and Share Content
Management of content is Huddle’s core competency. Content can be shared and accessed
from anywhere in the world with anyone in the world (with an e-mail address). Content is
held in the datacentres that adhere to industry-leading, accredited practices.
The ease of use of Huddle is another core tenet – allowing for seamless versioning,
permissioning and publishing workflows. True collaboration will only occur if the tool is
simple and useful.
Access Anywhere
Accessing information wherever you are and on whatever device you choose is a core
design philosophy of Huddle. We provide industry-leading iOS (iPad and iPhone) and
Android applications, with Blackberry and Windows Phone 3rd party support.
Manage E-mail and Calendar
While Huddle is not an e-mail or calendaring service, it does adhere to standards such as
iCal, allowing for tasks scheduled in Huddle to show in calendaring applications provided by
Microsoft, Google and others.
Communicate with Everyone
Huddle provides the ability to communicate via whiteboards and discussion forums, as well
as comments and the ability to reply via e-mail, extending the conversation to members of
your team who are on the go.
As Huddle is a cloud service, everyone can access the information required for a meeting
wherever they are in the world, with all communications verified and audited to ensure
government-level security.
Search across the Social Enterprise
Huddle provides a search engine that fully indexes content and will surface information
relevant to your workspaces.
8
People perform Workflow
Huddle provides powerful workflow and task creation/assignment. Workflow tasks are
available in the native mobile apps and deep-linked e-mail notifications are sent out for
desktop/non-supported mobile devices.
Government-level Security
Security is at the heard of everything we do. Collaboration and sharing content must be done
in a way that is transparent, audited and secure. Huddle's pan-government accreditation to
IL2 is testament to this. Please see the Security section for more information.
Access self-service and specialist applications
Huddle provides an extensive API that would allow for application integration.
9
3. Reference Guide of Features
Comprehensive collaboration system
Huddle is the most comprehensive cloud-based application for increasing efficiencies when
managing projects and files securely in the enterprise. It combines the functionality of
extranets, intranets, knowledgebase and project management software, and FTP and VPN
systems, with integrated phone and web conferencing.
Client extranet:






Huddle serves as a secure online environment where information can be shared
externally with your customers, partners and suppliers
Transparency for the client, with permissions and audit trails
Ability to separate, or identify in progress and completed work
Deliverables need approvals and sign off
Ability to manage all clients projects from a single portal
Customisation of the workspace in line with the client’s branding
Corporate intranet and internal file storage:




Huddle provides a secure online environment where information can be shared with
colleagues, teams and departments within your organisation
Ability to access content from anywhere and at any time, no VPN required
Set granular permissions to restrict access to sensitive documents
Track content versions and feedback from colleagues
Secure external collaboration:






Huddle works across firewalls
Relevant people, inside and outside of an organisation, can access content in a
secure online environment
Emails can be intercepted and accidentally sent to the wrong people. Huddle enables
access control
Track feedback and comments
Keep a record of all versions of a document as it evolves
Store all discussions relating to a project
Project management:







Huddle enables you to manage projects, simply and efficiently
Assign tasks to people
Track progress and project milestones
Keep all documents and content relating to a project in a central/secure environment
Huddle sends auto-reminders on upcoming tasks
Contact details of all people on a project are easily accessible
Deliverables can be approved and signed off
10
Knowledge management






Keep all content in a secure online space and create a central knowledgebase
Sort files and folders by title, size, date modified or approval status
Search for required information using Huddle’s search engine
Ability to access content when members of a team are on holiday/off sick
Share information with relevant people by uploading into Huddle and notifying them
Keep track of a document’s history
Key features:
Project management





A personalised dashboard provides an overview of project activity and enables quick
access to information
Invite colleagues, customer, partners or suppliers into a workspace to collaborate on
projects
Assign tasks to people and immediately track deadlines and milestones for the
projects
Receive auto reminders about tasks that are nearing their deadlines
Using iCal, link Huddle tasks and meetings to Outlook and/or Google calendars
File sharing





Upload multiple files into a workspace and add new files at any time
View your files (Office documents, PDF, images) directly from the browser without
downloading them. Copy and search for text, even print, without the need to open
Office.
Store and share any size and type of file (Office docs, PDF, images, video and more)
Create your own folder and sub-folder structure
Online software allows you to view, create and edit files directly in the browser
without needing to download them or install software
Document management





Sort files and folders by title, size, date modified or approval status
Huddle’s search engine looks within the text of files to find exactly what is required
Manage versions. Lock files for editing and check them out of Huddle so that
conflicting changes can’t be made
Request and view approvals of files
Audit trails are added each time an action takes place against each file
Collaboration tools

Start discussions with team members and keep conversations in a secure, central
space
11


Brainstorm with team members, create lists and share images
Edit whiteboards directly, save changes and add comments
Managing and connecting people



Each user in a Huddle workspace has a profile page where contact information can
be shared, and pictures and biographies can be uploaded
Group people into teams and assign different access rights and permissions
See who has been active in the workspace and when they last logged in
User controls






Set granular permissions against each workspace or folder, controlling who can view
specific items
Amend permissions or remove users from workspaces
Switch features on and off within a workspace for more focused use. Turn it into a
sharing portal or a discussion forum
Control who can invite users into workspaces
Restrict access to your custom domain or individual workspaces to a range of IP
addresses
Single sign on via SAML2 for increased security and a better user experience
Mobile and third party access

Work on the move with fully-featured apps for iPhone, iPad and Android phones, with
third-party Blackberry and Windows Phone apps available
Microsoft Outlook Integration



Upload documents from an e-mail trial directly into Huddle
Move the content of the e-mail into the comment thread of a document
Automatically invites members of an e-mail thread to the workspace
12
4. Huddle for Social Services Feature List
Huddle for Social Services
ESSENTIALS
Number of User Licenses within Package
40
Storage Included
80Gb
Maximum File Upload
2Gb
CLOUD STORAGE
Personal business file storage
X
All file types supported
X
File sync with mobile devices
X
Single and multi-file loading
X
Online (in-browser) document preview
X
TEAM COLLABORATION
Team workspaces
X
Project workspaces
X
Secure document sharing
X
Secure cross-firewall collaboration
X
Full collaboration suite (Huddle Note, tasks, comments, etc.)
X
Mobile & desktop apps
X
CONTENT COLLABORATION
One-click editing of files
X
Audit & activity trail on documents
X
Version history on documents (with rollback)
X
Comments tracked against document versions
X
Text search within documents across Huddle
X
File approval workflow
X
WORKLOAD PRIORITISATION
Intelligent content recommendations
X
View and access all workspaces from central dashboard
X
Single view of what’s new across all workspaces
X
Single view of calendar across all workspaces
X
Single view of notifications across all workspaces
X
Single view of approvals across all workspaces
X
BUSINESS PROCESS OPTIMIZATION
Robust task management
X
Attach files to tasks
X
Post comments against tasks
X
Assign and notify about tasks
X
Sort, group, and filter tasks
X
Completion auto reminders
X
Custom task fields
X
Custom task filtering
X
13
MOBILE COLLABORATION
Intelligent sync for mobile devices
X
Edit documents on the move
X
Continue conversations while on the move (online & offline)
X
Manage tasks while on the move (online & offline)
X
Approval workflow on the move (online & offline)
X
Upload photos & videos on the move
X
Preview photos & videos on the move
X
Favourites & recommended files
X
Auto-sync from offline on re-connect
X
Huddle for iPhone
X
Huddle for iPad
X
Huddle for BlackBerry
X
Huddle for Android
X
SOCIAL COLLABORATION
Activity streams on any device
X
View users’ profiles and contact details
X
Social commenting on files
X
Social @[name] mentioning within conversations
X
In-app notifications
X
Discussion forums
Full email integration: move attachments & conversations into
Huddle
Email conversations around a file stored automatically in
Huddle
Auto-respond from email to manage approval workflows
X
X
X
X
SECURITY & CONTROL
Closed-security model
X
Team-based security model
Granular access control: by person, team, workspace,
administrator
Data centres in UK and US
X
Failover DR (Disaster Recovery)
X
X
X
True Uptime Guarantee (99.9%)
ISO 27001 accreditation
X
UK Government IL2
X
Secure file transfer (256-bit SSL)
X
Document printing from within Huddle
X
Control what content users can see or edit
X
Control who can invite users
X
Folder levels
X
Control who can create folders
X
HELP AND SUPPORT
24/7 access to Huddle Help portal, knowledgebase & guides
X
Help desk ticket submission for all users
X
Support SLA for response to help tickets
X
14
Remote administration support
X
Twitter help and support
X
Telephone help desk
X
SUCCESS SERVICES
Allocated Customer Success manager
X
Customized rollout & training program
X
Best practice workshops
X
Membership to Huddle’s Public Sector User Group
X
ADMINISTRATION, BRANDING & REPORTING
Custom account branding
X
Admin and reporting suite
Bulk content upload
X
Data export utility
Access to beta products
INTEGRATION SERVICES
Salesforce.com integration
X
Single Sign-On
X
Custom application development
X
API access
X
API development package
X
ADVANCED SECURITY
Remote wipe of mobile devices
X
Encryption at rest
X
15
5. Security at Huddle
Huddle is committed to keeping your data safe and secure. Some of the biggest businesses
in the world, and numerous government organizations trust Huddle with their data. This
section will give you an overview of Huddle’s secure infrastructure and policies, including
FAQs at the end of the document.
Should you have any further questions regarding our security policies and measures, please
don’t hesitate to get in touch with us.
Hosting Environment
Huddle’s production systems are hosted by Rackspace in the UK in some of the most highly
specified data centres available today. They are built to exacting, rigorous standards and
deliver unparalleled security, power, connectivity and environmental control. Our hoster
provides world-class infrastructure necessary to keep Huddle’s servers up and running
uninterrupted around the clock. Huddle has several highly secure data centres in London. All
data centres are engineered with fully redundant connectivity, power and HVAC to avoid any
single point of failure. Each data centre is staffed 24/7 by highly trained technical support
staff. Huddle has chosen to host its data in the UK to ensure that it is protected by EU data
laws for our customers outside of the US.
Huddle in UK Government
Huddle has always been focused on providing the best possible solution for our UK
government clients and, as such, was the first collaboration company to receive PanGovernment Accreditation (PGA) for our public instance of Huddle (up to IL2). This ensures
that any organization within HMG can use Huddle immediately to store and collaborate on
IL2 information safely, knowing that it has been extensively vetted by the G-Cloud team
through our technology, operational practices, and data management.
If there is a requirement for IL3 information, Huddle IL3 is available through our partner, FCO
Services. Huddle IL3 is only available to customers who have access to the secure
government infrastructure (GSI, etc.) and has been configured to ensure it meets the
stringent requirements for hosting IL3 data.
16
Network Infrastructure
The below diagram illustrates Huddle’s primary and disaster recovery infrastructure.
Multiple Levels of Security
Huddle offers the maximum level of protection for our customers’ data. The following
paragraphs describe each level in more detail.
Physical Security
Public access to our data centres is strictly forbidden. The centres only host equipment they
own and manage, obviating the need for anyone, but their highly trained engineers, to be
allowed into the data centre.
In addition, our hoster employs a series of physical security measures, including:
 Live video surveillance of each data centre facility, monitored 24 hours a day
 Onsite security personnel monitor each site 24 hours a day
 Biometric hand scanners restrict access to each data centre
 A pass card system restricts movement from room to room within each data centre
Data centres are unmarked to help maintain a low profile and these physical security
measures are audited by an independent company.
17
System & Network Security
Our servers run a hardened OS, with security patches applied to provide on-going protection
from exploits. Network level security is provided by dedicated firewalls—complete with DDoS
mitigation.
Operational policies and procedures are regularly reviewed as part of our hoster's SAS 70
Type II (or SSAE 16) audits. Where applicable, both Huddle's corporate environment and
our data centres are also ISO 27001 certified. All system access is fully logged and tracked
for auditing purposes and all staff with access undergo a thorough background check.
Servers are hosted behind sophisticated firewalls, with a protected perimeter. We carry out
penetration testing on an on-going basis (at least twice a year) and have had formal
penetration testing commissioned on a number of occasions by third parties.
Application Security
All access to Huddle is protected by Secure Socket Layer (SSL) providing both server
authentication and 256-bit AES data encryption. This ensures that your data is safe, secure
and available only to registered users in your organization, with relevant permissions.
Furthermore, any information stored within Huddle is encrypted at rest within our data
centres.
Huddle provides each user with a unique username and password that must be entered
each time a user logs on. Huddle issues a session cookie only to record encrypted
authentication information for the duration of a specific session. The session cookie does not
include the username, password, or any user data. Huddle’s password control includes a
strength indicator and protection against brute-force attempts to discover passwords.
Huddle’s application security ensures that only those invited into a workspace can access its
contents. Access controls are baked into the Huddle data model and user permissions are
verified on every request by the core Huddle application framework. These access controls
apply not only at the workspace level, but can also be applied to specific file folders to
restrict access to certain workspace members. Access can be administered as either “read
only”, “edit”, or “no access”.
Huddle is able to offer single sign-on capabilities, utilizing the SAML2 web standard, allowing
you to further verify your users, using multi-factor authentication and enforcing password
policies.
The Huddle application has been rigorously tested against common website vulnerabilities
such as cross-site scripting (XSS), cross-site request forgery (XSRF), and SQL injection.
18
SAL & Resilience
At Huddle, we recognize that uptime is of the upmost importance for a business-critical web
application. We employ two separate external monitoring systems to track and record
availability and response time from various locations around the globe. We have a 24/7 team
available to respond immediately in the unlikely event of a serious application issue.
Huddle’s Service Level Agreement (SLA) guarantees 99.9% uptime over any three month
period. Our record shows we are always performing well above this SLA. For example, in the
first six months of 2011, Huddle’s application was available 99.99% of the time. Our
performance against our SLA is publicly available in real-time.
Huddle’s outstanding uptime is achieved by planning redundancy in every part of the
system, coupled with careful quality assurance and change management. This redundancy
applies to everything from power to network connections in our data centres, firewalls, load
balancers, switches, web servers, and database servers.
Backup & Disaster Recovery
To minimize service interruption due to hardware failure, natural disaster, or other
catastrophes, Huddle implements a disaster recovery program. All of Huddle’s servers are
backed up nightly and backups are retained for two weeks. In addition, all data (database
and file system) is mirrored almost immediately to standby servers in a second data centre.
The secondary data centre is always in the same country as your primary data centre, so
you can be confident your data is still protected under local laws.
In the event of the most serious of catastrophes, resulting in the complete loss of one of our
primary data centre, your workspaces will be available within a matter of minutes via our
Disaster Recovery site. Data is replicated to this site in near real-time, so business can
proceed as usual.
Privacy
Huddle maintains a strong privacy policy to protect customer data. Huddle does not own
customer data or share it with third parties. Huddle also allows customers to take their data
with them, should they decide to stop using Huddle’s services. The full privacy policy is
available on our website.
Considerations of the Software Lifecycle
Huddle employs an Agile development methodology, using Scrum alongside selected
Extreme Programming (XP) practices. This iterative approach to development ensures that
Huddle can release incremental product enhancements on a very frequent basis, and modify
the product plan quickly and easily in response to changing priorities.
19
Each development iteration lasts two weeks. This includes all the planning, design,
development and exhaustive quality assurance activities to ensure that the output is
production ready, following a short but rigorous, regression testing process—the majority of
which is automated.
Once the Quality Assurance team has approved the product increment for deployment to the
live environment, the Systems Engineering team performs the release. Releases typically
take place every four weeks and the dates are published in advance. Standard releases do
not involve any application downtime.
Security FAQ
Where is my organization’s data stored?
All customer data is either stored in Rackspace data centres in the UK. More information on
these data centres is available upon request.
How do you protect your infrastructure against hackers and other threats?
Servers are hosted behind sophisticated firewalls, with a protected perimeter. We carry out
penetration testing on a regular basis and have formal penetration testing commissioned on
a number of occasions by third parties. Our customers are welcome to carry out their own
penetration testing by prior arrangement with Huddle.
How do you protect from machine downtime?
Huddle has a complete disaster recovery plan which makes use of failover to our second
data centre. This is kept up to date in real-time. The worst case scenario for physical
disaster at our primary data centre has a 15-minute failover time to the secondary data
centre.
This redundancy is built into each application layer of the Huddle platform. Huddle, as a
business, runs entirely on cloud-based services and our business continuity plan reflects
this. Our service is designed to continue running, even in the event of a major incident at one
of our business premises. All Huddle staff are provisioned with the tools required to work
remotely in the event of a major disaster.
Does Huddle offer SSL connectivity?
All data on Huddle is fully encrypted with 256-bit SSL encryption.
Who owns the data that my organization stores on Huddle’s servers?
All of the data on Huddle’s server belongs to the customer, and it can be extracted upon
request, should it be necessary.
20
Does Huddle give third party access to my data?
Huddle does NOT give third parties access to its customers’ data, and it enforces a strict
privacy policy.
Does Huddle have a Safe Harbor certification?
Safe Harbor is a framework developed by the US Department of Commerce in consultation
with the European Commission to bridge the differences between the EU and US privacy
policy. It allows US companies to comply with the EU’s more rigorous data protection law.
Since Huddle is a UK company, with any European customer data residing in the UK, it is
protected by the EU Data Protection Directive, which is regarded as one of the most rigorous
privacy legislations in the world, and does not need Safe Harbor certification.
Contact us for more information on Huddle’s privacy policy.
Is my data subject to the Patriot act?
The Patriot Act, passed in 2001 by the US states, that any US company or wholly-owned
subsidiary of a US company must hand over data that they are hosting on behalf of their
customers if they are requested to do so by the US authorities. What this means in reality is
that, if you are buying a cloud-based service from a US company, your data can be made
available to US authorities upon request without your permission. Huddle is a UK company
and uses UK-based hosting providers for our European customers. This enables us to
protect your data to the fullest extent of the law.
Can I extract my data should we wish to archive?
Huddle can provide a data export tool which allows all information stored within Huddle to be
exported to a local system of your choosing (e.g. network drive/personal hard drive etc.) This
includes:



All documents extracted to a standard file and folder format
All web-based information in offline HTML format
Tasks by workspace export
It is also possible to run this on a scheduled basis, so that the risk of loss of information is
mitigated—bearing in mind that Huddle already runs industry leading data centre mirroring
and disaster recovery on your behalf.
21
6. Huddle API
The Huddle API is a simple HTTP service secured via SSL. XML and JSON are supported
as request and response formats. The format used is specified in the path of the API
endpoint; to use JSON the path should start with /v1/json/; to use XML the path should start
with /v1/xml/.
How does authentication work?
All API requests require authentication. We use standard HTTP Basic Authentication where
email address (or Huddle username) and password are sent as base 64 encoded clear text.
All API calls are protected by SSL so that your details remain secure.
HTTP header example:
GET /v1/json/files/12345 HTTP/1.1
Host: api.huddle.dev
Authorization: Basic dXNlcjpwYXNz
What functionality does your API currently support?
The API currently provides methods to work with files and tasks, as well as workspaces and
newsfeeds. See the API documentation for the full list
22
7. Suggested Transition/Migration Approach
Collaboration platforms are often deployed in co-existence with existing systems to ensure
that users do not lose data or functionality. With Huddle being a cloud service, it is easy to
“turn on” and allow users to access without necessarily having to port data, allowing users to
naturally migrate organically to Huddle over time as projects and teams are created and
adoption grows. This approach also has a commercial benefit, as you pay only for what
you’re using and can decommission existing on-premise solutions as their utilization dips.
That said, Huddle does recognize the diverse requirements of many enterprises to import
data into a new system. Huddle does have the tools and processes in place to allow for a
bulk import of data. Another area of consideration would be any complicated document
approval workflows that would need migrating to Huddle may require more work to ensure a
seamless transition of the consuming organisation’s
23