Security is one of the most critical aspects of any enterprise cloud contact center. Talkdesk understands that the confidentiality, integrity and availability of our customers’ data is vital to your business operations and our own success.
This post is the second in a four-part series outlining Talkdesk’s security policies. In this post, we cover the topic of infrastructure security, which covers nine areas: cloud security, encryption, password requirements, authentication requirements, network security, endpoint security, access control, customer data and audit.
Talkdesk monitors AWS accounts for cloud infrastructure security risks, such as S3 buckets, IAM keys, network access control lists and security groups. The Engineering Security teams work closely with Site Reliability Engineering teams to remediate or mitigate any cloud infrastructure configuration risks that are found in our AWS environments.
Encryption is an important part of Talkdesk’s security strategy, and it’s used as best practices for data in transit and at rest. For data in transit, we use TLS 1.2 with an industry standard ECDHE-RSA-AES128-SHA256 cipher. Data encryption at rest is implemented using the AWS EBS disk encryption feature.
Talkdesk security policy establishes requirements for password changes, reuse and complexity. Talkdesk requires the use of screensavers that reactivate after a period of inactivity through the use of a password or whenever a user leaves a computer unattended. As a matter of policy, employees are not permitted to share credentials with anyone.
Employees sign on to Talkdesk cloud-based components using a user ID, a password and a token (two-
factor authentication). This can greatly reduce the risk of unauthorized access if a user’s password is compromised. VPN and 2FA is required to access production infrastructure systems (where information resides).
All Talkdesk wireless networks are secured with WPA2. Talkdesk infrastructure is hosted in AWS and uses AWS controls such as:
- Network Access Control Lists (ACLs)
- Security Groups
- Subnet segregation
We also have web application firewalls (WAFs), Host Intrusion Detection Systems (HIDS), DDoS protections and firewalls in place to protect our production network.
All Talkdesk-issued laptops have full-drive encryption enabled on them, which are continuously monitored and enforced to ensure full compliance.
Get an in-depth look at Talkdesk's security policies.
Access to Talkdesk information and systems is granted only to the extent necessary to perform assigned job responsibilities. Talkdesk uses role-based security architecture and the principle of least privilege. Resources are protected through the use of native system security and add-on software products that identify and authenticate users and validate access requests against the users’ authorized roles in access control lists.
For all terminations, access is removed on the employee’s last day. Access reviews are performed periodically.
When customers use Talkdesk, we have an obligation to protect their data. We give them control of the data by letting them decide who in their organization has access to what and allowing them to assign specific permissions to specific roles.
Talkdesk does not access customer data or customer environments as part of day-to-day operations. When a customer requests support, authorized Talkdesk employees are able to view customer data only when specifically requested or required, such as when a customer asks their Talkdesk representative to make recommendations on how to improve the user’s experience of Talkdesk.
All Talkdesk employees are trained and understand how to securely handle customer data to protect their privacy and confidentiality. We also embrace all GDPR principles and assume our processor duties. For our GDPR customers, we provide a Data Processing Agreement.
Talkdesk has the responsibility to safeguard customer data, which requires full knowledge of the operations executed on it, when they were done and by whom. Talkdesk has integrated audit functionality that includes content access, update, creation/deletion and permissions in order to comply with customer and prospect requirements as well as compliance and regulatory concerns.
At Talkdesk, we take security seriously and work every day to improve and keep your information protected. The protection of user data is a primary design consideration for all of Talkdesk infrastructure, applications and personnel operations. Protection of user data is far from being an afterthought or the focus of occasional initiatives – it’s an integral part of what we do. That’s why we have talented security professionals, industry-best technology to address risks and processes to make sure everything functions optimally.
Watch for our third blog in the series, Talkdesk Physical Security and Security Operations.