Engage your customers at scale without security concerns
You want to scale up and automate your customer engagements, but you’re worried. You wish you could answer all your customer questions 24/7, but you’re concerned about the safety of your data.
Governments, banks, and other organizations with extreme data security concerns use Engati to scale their customer engagements worldwide. Here are a few of the precautions that we take to protect their data and yours.
Our database servers are securely configured and not accessible outside the demilitarized zone.
Even though we use a multi-tenant system, your data is always logically separated from another customer’s data.
For website bots, the same connection where requests are received is the one over which responses are sent back. We have also implemented additional logic to protect you from data leaks and session hijacking. The server even drops off any and all spurious connections.
Our bot platform does not save any end-users personally identifiable or location information unless specifically enabled from the platform.
While building your bot, you are also encouraged to only ask your customers for details that you absolutely require. We also urge you to provide details about how the system consumes the data in a transparent manner.
We have set up strong firewalls to protect the network and infrastructure from unauthorized access and attacks.
We even ensured that no backend functional services are exposed to the internet, and all calls go through specific checks on limited ports.
Your backup files are also stored in a separate location with different layers of security.
We have restricted physical access to the data storage through multi-factor access control, using a combination of network, certificate access, and password protection.
All data transmission between the web browser client and the server is done only over SSL encrypted channels.
All sensitive data is stored only in encrypted files.
Application user credentials (for the portal) are all stored in salted hashed form.
We conduct a monthly security-focused code review on the entire platform.
All potential threat scenarios are modeled and outlined from a design perspective on a monthly basis.
Our team performs a black box security assessment on all applications before a release. In a worst-case scenario, we carry out these assessments quarterly.
We also conduct network security assessments at regular intervals on all our production servers.
The GDPR or General Data Protection Regulation is a regulation concerning data protection and privacy for the European Union.
Here are a few of the measures that we take in compliance with the GDPR:
1. We only store information that is necessary for business and delete the rest.
2. To figure out who can use customer data and negate all risks, we identify where all our data comes from.
3. We adopt effective security measures and lodge barriers against data breaches
4. We ensure that personal data is always anonymized and encrypted.
5. Engati’s data protection capabilities are integrated to mitigate risks across all channels.
ISO/IEC 27001 sets the international standard for creating, implementing, maintaining, and continuously improving an information security management system (ISMS).
As an ISO 27001 certified organization, we have sturdy security-focused controls in place under these areas:
1. Asset management — Including audits, access controls, removal or destruction of assets
2. Physical and environmental security — We have several policies and procedures to safeguard access to organization premises, hardware, software, data, etc.
3. Operation security — This includes backups/restore mechanisms, roles/responsibilities, logging and monitoring, vulnerability assessment, and management.
4. Incident Management — Engati has robust incident management guidelines in place with a severity-based chain of command, communication frequency, and associated details.
5. BCP and DR — Business Continuity guidelines in place along with detailed DR plans for various grades of impact
Conversation data from third-party sources is always validated for data integrity before being consumed.
Idle time validation is enforced for all bot user-workflow interactions.
Relevant security headers are set in place, and strong session management is enforced to prevent session hijacking.
Proper cookie-based authentication & authorization mechanisms have been implemented to protect user’s from insecure direct object reference.
Our backend framework protects the web application and its resources from cross-site scripting, cross-site request forgery and injections.
Individual portal users can only have one active session at a time. In addition to this, users are logged out of the portal after 30 minutes of inactivity, and password recovery links are only valid for 15 minutes after you request them.
Certain organizations with highly sensitive information (like government organizations and banks) cannot have their systems based entirely on the cloud. They can use our C2E (Cloud to Enterprise) Bridge for a hybrid solution in such situations.
It empowers organizations to work with a combination of on-premise environments along with Engati’s services. The C2E Bridge makes it possible for you to flow between these environments enabling greater flexibility and productivity in a secure manner.
Engati is also secure and protected against the Open Web Application Security Project (OWASP) Top 10 web application security risks.
In addition to this, all of Engati’s portal workflows are associated with user roles. Only authorized portal users are granted access to these workflows based on the configuration.
So, what are you waiting for? Start engaging your customers 24/7, without the slightest delay, in a safe manner.
This article about “Engage your customers at scale without security concerns” was originally published on Engati blogs.