Exotel powers more than 70 million conversations every day for small, medium & large organizations across the globe. All these companies trust us for their data security. To fulfill this, we’ve made sure to put the right security policies and procedures in place.
Exotel’s platform provides multiple layers of security to protect your conversations. If you have an on-premise setup, there’s a high chance that our system provides better security. This page outlines some of the procedures we have in place to ensure your data is safe. To make it simple, we have divided it into 7 broad categories –
Data security training
To increase awareness about security we ensure that all the new recruits attend a mandatory session on Information Security. The session covers the best security practices like good password habits, data security & physical security. Apart from this, there’s also a yearly training for all the employees.
Background checks
It’s mandatory that all the candidates should go through a security check before being offered a senior position at Exotel.
Change Management
Special care is taken to monitor any change to the hardware, applications or configurations to make sure to minimize the impact of change-related incidents upon service quality and day to day operations.
Account Security
To prevent unauthorized access, Exotel supports 2FA Authentication. To access your Exotel account, apart from a user name and password, users also require a phone number verification.
Development Lifecycle
All Exotel’s developers follow certain security guidelines to make sure the products we create are secure in design, during development and after deployment.
Vulnerability Management
Exotel makes use of third-party services for Internal vulnerability scanning and external perimeter testing. Security patch updating is automated on all systems.
Encryption
In order to protect the data in transit, we encrypt the network traffic by supporting TLS 1.2.
Asset Management
Asset Management encompasses planning, demand, acquisitions, usage, maintenance, and disposal of information assets in order to achieve efficient and effective service delivery.
Redundancy
Network Traffic is automatically re-routed to backup networks in case of any failure. This help in preventing any downtimes in cases of network failure or traffic surge.
Infrastructure Management
Exotel employs robust access controls to limit access to infrastructure. Any access to our infrastructure is logged and we restrict any direct access to the production infrastructure. Access to infrastructure components go through a strong approval process and the access is routed via a bastion host to prevent any attack from the public internet.
Network Monitoring
Our data centers are spread across various locations. All the centers are connected through multiple leased lines. These leased lines are constantly monitored for speed, packet drops, and QoS so ensure that connections are automatically switched over to healthier leased lines.
Firewalls
All of our systems use firewalls to safeguard the control access between a trusted network and a less trusted network. It helps to avoid any internal or external risks.
Auth & Token IDS
Our employes string industry-standard authentication systems for secure user and code access. The secret tokens are stored using standard encryption methods.
Incident Reporting
All critical incidents are monitored and reported 24/7 on our website and through email. A dedicated team monitors and identifies the threat.
Audit Logging and Monitoring
All computing resources not limited to server, desktops, laptops, network devices should be monitored to ensure conformity to logical access policies and procedures. This is essential to determine the effectiveness of the measures adopted.
Data Backup
Regular backups with high redundancy are performed for all of Exotel’s customers. This includes customer information, call & SMS logs, recordings & more.
Recovery Planning
IT Disaster Recovery Planning involves planning for the recovery of critical IT systems and services in a fallback situation following a disaster that overwhelms the resilience arrangements.
ISO 27001:2013
We follow the guidelines and policies which are aligned with ISO 27001:2013. It is one of the most widely recognized independent international security standards. You can go through our certificate here.
Regulatory Environment
Exotel complies with all the legal and regulatory requirements of the geographies we’re operational. To comply with data protection laws that some of the sectors like BFSI mandates, we ensure that data in transit and at rest stay within the country.
Data Center Security
Exotel utilizes AWS data centers for all the production data & customer information. AWS provides enterprise encryption and security. They also make sure to continuously monitor their cloud infrastructure for suspicious activity.
To know more you can visit – https://aws.amazon.com/security/
Office Security
Exotel has security policies and protocols that manage the entry of employees and visitors to our office locations.
Employees, contractors and visitors are provided access badges that clearly distinguish the roles and provide access to physical locations based on their roles. CCTV cameras are used to monitor specific areas of the workspace.
ISO 27001:2013 certified information security management system
Best success rates, voice quality and reduced latency
Best in class uptimes of 99.94% including operator uptimes
Gain competitive advantage from patented products
Grow at will, expand without worrying about infrastructure
24×7 customer support via phone, email and Twitter