Figment

The most secure and reliable staking infrastructure built from the ground up to maximize rewards and minimize risk:

Validator nodes hosted in a Tier IV IDC with 2N power and cooling, advanced climate control, redundant fibre, A+B power/network paths and biometric access control.
Sentry nodes hosted in North America, Europe and Asia across 5 public cloud providers, connected to IDC via redundant direct connections and VPN links.
Private peering interconnection with other trusted validators.
Hardware Security Modules (HSM) to secure private keys and prevent double sign faults.
Multi on-premise and off-premise secure server backup and redundancy
24/7 on call dev-ops team with internal and external monitoring & alerting.
We operate validator and private key management infrastructure on owned hardware located in Tier 3 redundant IDC . Physical infrastructure is combined with a network of public and private sentry nodes on AWS, GCP, OVH, Digital Ocean, and other public cloud platforms. We limit public internet connectivity to our physical validator nodes/. Our co-location facility is connected to AWS & GCP using direct connections with VPN backup and to other cloud platforms using VPNs.

Private keys are stored in HSMs. For each blockchain network we run a primary and a backup validator node, and a primary and a backup key management node. We intentionally do not automate fail over between primary and secondary validator nodes. Each staking protocol has different token incentives and penalties. However, all apply dramatically harsher penalties (using slashing) for double signing as compared with liveness (downtime). Therefore, we apply a security over liveness philosophy and trade downtime potential in favor of avoiding risk of double signing and thus slashing. In the event of a failure of the primary validating node or KMS node, manual intervention is required by a system administrator to ensure that the failed node is offline and bring the backup into service.

Our network of direct connections and VPN links to cloud platforms provides a high degree of security & fault tolerance. The unlikely failure of several cloud platforms or several internet or fibre cuts to our IDC facility would have minimal impact to our validating activities.

We separately maintain disaster recovery facilities that would allow us to restore our validating nodes in the event that our primary IDC suffered a physical disaster leading to extended downtime.