Security Features

1. Data Encryption

Encryption at rest

CX Cloud

On our cloud deployment, we are using Azure Cosmos DB for hosting MongoDB database instances, the data hosted on Azure Cosmos DB is encrypted, for further details please visit https://learn.microsoft.com/en-us/azure/cosmos-db/database-encryption-at-rest

CX on-prem

Encryption of data at rest (on the database and storage level) would be the customer's responsibility for on-perm deployment. Customers can choose Percona or Mongo Enterprise from Atlas or any other provider.

Encryption in-transit

An SSL certificate implementation can be configured for data encryption in transit, and HTTPS URL force redirection can be enforced in CX user apps. Also, all the internal database connections are enforced with TLS (Transport Layer Security) connection.

2. Database Authentication

Every CX internal component’s MongoDB database connection is secured with password-based authentication.

3. Sensitive Data Masking

Secure Logging

At any log level, sensitive data such as customer or agent chat message body and customer PII such as customer’s first name, last name, username, phone number, and channel data are masked.

4. Password protection using Vault

To ensure the protection of any text-based secret (Passwords, API keys, App secrets, etc.) written in configuration files of the CX solution, we implement HashiCorp’s Vault. Vault enables us to encrypt all text-based secrets, which are usually present in config files and used for the component’s internal or external communication.

For deployment of Vault please visit this guide: Vault Implementation on Expertflow CX