Exotel Security Practices, Infrastructure & Compliance
Exotel powers more than 10 million conversations every day for small, medium & large organizations across the globe. All these companies trust us for their data security. To fulfill this, we’ve made sure to put the right security policies and procedures in place.
Exotel’s platform provides multiple layers of security to protect your conversations. If you have an on-premise setup, there’s a high chance that our system provides better security. This page outlines some of the procedures we have in place to ensure your data is safe. To make it simple, we have divided it into 7 broad categories –
To increase awareness about security we ensure that all the new recruits attend a mandatory session on Information Security. The session covers the best security practices like good password habits, data security & physical security. Apart from this, there’s also a yearly training for all the employees.
It’s mandatory that all the candidates should go through a security check before being offered a senior position at Exotel.
Special care is taken to monitor any change to the hardware, applications or configurations to make sure to minimize the impact of change-related incidents upon service quality and day to day operations.
To prevent unauthorized access, Exotel supports 2FA Authentication. To access your Exotel account, apart from a user name and password, users also require a phone number verification.
All Exotel’s developers follow certain security guidelines to make sure the products we create are secure in design, during development and after deployment.
Exotel makes use of third-party services for Internal vulnerability scanning and external perimeter testing. Security patch updating is automated on all systems.
In order to protect the data in transit, we encrypt the network traffic by supporting TLS 1.2.
Asset Management encompasses planning, demand, acquisitions, usage, maintenance, and disposal of information assets in order to achieve efficient and effective service delivery.
Network Traffic is automatically re-routed to backup networks in case of any failure. This help in preventing any downtimes in cases of network failure or traffic surge.
Exotel employs robust access controls to limit access to infrastructure. Any access to our infrastructure is logged and we restrict any direct access to the production infrastructure. Access to infrastructure components go through a strong approval process and the access is routed via a bastion host to prevent any attack from the public internet.
Our data centers are spread across various locations. All the centers are connected through multiple leased lines. These leased lines are constantly monitored for speed, packet drops, and QoS so ensure that connections are automatically switched over to healthier leased lines.
All of our systems use firewalls to safeguard the control access between a trusted network and a less trusted network. It helps to avoid any internal or external risks.
Our employes string industry-standard authentication systems for secure user and code access. The secret tokens are stored using standard encryption methods.
All critical incidents are monitored and reported 24/7 on our website and through email. A dedicated team monitors and identifies the threat.
All computing resources not limited to server, desktops, laptops, network devices should be monitored to ensure conformity to logical access policies and procedures. This is essential to determine the effectiveness of the measures adopted.
Regular backups with high redundancy are performed for all Exotel’s customers. This includes customer information, call & SMS logs, recordings & more.
IT Disaster Recovery Planning involves planning for the recovery of critical IT systems and services in a fallback situation following a disaster that overwhelms the resilience arrangements.
We follow the guidelines and policies which are aligned with the ISO 27001:2013. It is one of the most widely recognized independent international security standards.
Exotel complies with all the legal and regulatory requirements of the geographies we’re operational. To comply with data protection laws that some of the sectors like BFSI mandates, we ensure that data in transit and at rest stay within the country.
Exotel utilizes AWS data centers for all the production data & customer information. AWS provides enterprise encryption and security. They also make sure to continuously monitor their cloud infrastructure for suspicious activity.
To know more you can visit – https://aws.amazon.com/security/
Exotel has security policies and protocols that manage the entry of employees and visitors to our office locations.
Employees, contractors and visitors are provided access badges that clearly distinguish the roles and provide access to physical locations based on their roles. CCTV cameras are used to monitor specific areas of the workspace.
ISO 27001:2013 certified information security management system
Gain competitive advantage from patented products
Best success rates, voice quality and reduced latency
Grow at will, expand without worrying about infrastructure
Best in class uptimes of 99.94% including operator uptimes
18×7 customer support via phone, email and Twitter