Security

Exotel powers more than 70 million conversations every day for small, medium & large organizations across the globe. All these companies trust us for their data security. To fulfill this, we’ve made sure to put the right security policies and procedures in place. 

Exotel’s platform provides multiple layers of security to protect your conversations. If you have an on-premise setup, there’s a high chance that our system provides better security. This page outlines some of the procedures we have in place to ensure your data is safe. To make it simple, we have divided it into 7 broad categories – 

People Security

Data security training

To increase awareness about security we ensure that all the new recruits attend a mandatory session on Information Security. The session covers the best security practices like good password habits, data security & physical security. Apart from this, there’s also a yearly training for all the employees.

Background checks

It’s mandatory that all the candidates should go through a security check before being offered a senior position at Exotel.

Product Security

Change Management

Special care is taken to monitor any change to the hardware, applications or configurations to make sure to minimize the impact of change-related incidents upon service quality and day to day operations.

Account Security

To prevent unauthorized access, Exotel supports 2FA Authentication. To access your Exotel account, apart from a user name and password, users also require a phone number verification.

Development Lifecycle

All Exotel’s developers follow certain security guidelines to make sure the products we create are secure in design, during development and after deployment.

Vulnerability Management

Exotel makes use of third-party services for Internal vulnerability scanning and external perimeter testing. Security patch updating is automated on all systems.

Encryption

In order to protect the data in transit, we encrypt the network traffic by supporting TLS 1.2.

Cloud & Network Infrastructure Security

Asset Management

Asset Management encompasses planning, demand, acquisitions, usage, maintenance, and disposal of information assets in order to achieve efficient and effective service delivery.

Redundancy

Network Traffic is automatically re-routed to backup networks in case of any failure. This help in preventing any downtimes in cases of network failure or traffic surge.

Infrastructure Management

Exotel employs robust access controls to limit access to infrastructure. Any access to our infrastructure is logged and we restrict any direct access to the production infrastructure. Access to infrastructure components go through a strong approval process and the access is routed via a bastion host to prevent any attack from the public internet.

Network Monitoring

Our data centers are spread across various locations. All the centers are connected through multiple leased lines. These leased lines are constantly monitored for speed, packet drops, and QoS so ensure that connections are automatically switched over to healthier leased lines.

Firewalls

All of our systems use firewalls to safeguard the control access between a trusted network and a less trusted network. It helps to avoid any internal or external risks.

Auth & Token IDS

Our employes string industry-standard authentication systems for secure user and code access. The secret tokens are stored using standard encryption methods.

Monitoring & Vulnerability

Incident Reporting

All critical incidents are monitored and reported 24/7 on our website and through email. A dedicated team monitors and identifies the threat.

Audit Logging and Monitoring

All computing resources not limited to server, desktops, laptops, network devices should be monitored to ensure conformity to logical access policies and procedures. This is essential to determine the effectiveness of the measures adopted.

Disaster Recovery

Data Backup

Regular backups with high redundancy are performed for all of Exotel’s customers. This includes customer information, call & SMS logs, recordings & more.

Recovery Planning

IT Disaster Recovery Planning involves planning for the recovery of critical IT systems and services in a fallback situation following a disaster that overwhelms the resilience arrangements.

Security Compliance

ISO 27001:2013

We follow the guidelines and policies which are aligned with ISO 27001:2013. It is one of the most widely recognized independent international security standards. You can go through our certificate here.

Regulatory Environment

Exotel complies with all the legal and regulatory requirements of the geographies we’re operational. To comply with data protection laws that some of the sectors like BFSI mandates, we ensure that data in transit and at rest stay within the country.

Physical Security

Data Center Security

Exotel utilizes AWS data centers for all the production data & customer information. AWS provides enterprise encryption and security. They also make sure to continuously monitor their cloud infrastructure for suspicious activity.

To know more you can visit – https://aws.amazon.com/security/

Office Security

Exotel has security policies and protocols that manage the entry of employees and visitors to our office locations.

Employees, contractors and visitors are provided access badges that clearly distinguish the roles and provide access to physical locations based on their roles. CCTV cameras are used to monitor specific areas of the workspace.

 

The Exotel Advantage

Highly Secure

ISO 27001:2013 certified information security management system

Superior Quality

Best success rates, voice quality and reduced latency

Superior Reliability

Best in class uptimes of 99.94% including operator uptimes

Patented Solutions

Gain competitive advantage from patented products

Scale at Ease

Grow at will, expand without worrying about infrastructure

Best Support

24×7 customer support via phone, email and Twitter

This site is registered on wpml.org as a development site.