Security Features

1. Data Encryption

Encryption at rest

The database should encrypt all the activities and sensitive customer information. Expertflow CX does not possess any encryption mechanism for data at rest (on the database and storage level). We are currently in the process of developing a mechanism to encrypt and decrypt the data at rest for CX Cloud.

Encryption of data at rest (on the database and storage level) would be customer's responsibility for on-perm deployment. Customers can choose Percona or Mongo Enterprise from Atlas or any other provider.

Encryption in-transit

An SSL certificate implementation can be configured for data encryption in transit, and HTTPS URL force redirection can be enforced in CX user apps. Also, all the internal database connections are enforced with TLS (Transport Layer Security) connection.

2. Database Authentication

Every CX internal component’s MongoDB database connection is secured with password-based authentication.

3. Sensitive Data Masking

Secure Logging

At any log level, sensitive data such as customer or agent chat message body and customer PII such as customer’s first name, last name, username, phone number, and channel data are masked.

4. Password protection using Vault

To ensure the protection of any text-based secret (Passwords, API keys, App secrets, etc.) written in configuration files of the CX solution, we implement HashiCorp’s Vault. Vault enables us to encrypt all text-based secrets, which are usually present in config files and used for the component’s internal or external communication.

For deployment of Vault please visit this guide: Vault Implementation on Expertflow CX