PHYSICAL SECURITY
In order to offer Secure Customer Service Software it starts with physical security first – The Facilities at which Faveo Helpdesk servers are located in EU, Tier III Data centers each one are powered by redundant power, with UPS and backup generators.
On-site Security Our data center facilities feature a secured perimeter with multi-level security zones, 24/7 manned security, CCTV video surveillance, multi-factor identification with bio-metric access control, physical locks, and security breach alarms.
Customers can choose to locate their data in the EU data center.
NETWORK SECURITY
In order to deliver Secure Customer Service Software over internet – The network security needs to be paid special attention. Faveo Helpdesk’s Security Policy handles network security with below listed methods.
Dedicated Security Team
Our Security Team is on call to respond to security alerts and events.
Network Protection
Our network is protected by redundant layer 7 firewalls, best-in-class router technology, secure HTTPS transport over public networks, regular audits, and network intrusion detection/prevention technologies (IDS/IPS) that monitor and block malicious traffic and network attacks.
Network Architecture
Our network security architecture consists of multiple security zones of trust. More sensitive systems, like our database servers, are protected in our most trusted zones. Other systems are housed in zones commensurate with their sensitivity, depending on function, information classification, and risk. Depending on the zone, additional security monitoring and access controls will apply.
DMZs are utilised between the Internet, and internally, between the different zones of trust.
Network Vulnerability Scanning
Network security scanning gives us deep insight for quick identification of out-of-compliance or potentially vulnerable systems.
Security Incident Event Management (SIEM)
A security incident event management (SIEM) system gathers extensive logs from important network devices and hosts systems. The SIEM creates triggers that notify the Security team based on correlated events. The Security team responds to these events.
Intrusion Detection and Prevention
Major application data flow ingress and egress points are monitored with Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS). The systems are configured to generate alerts when incidents and values exceed predetermined thresholds and uses regularly updated signatures based on new threats. This includes system monitoring.
Threat Intelligence Program
Faveo Helpdesk participates in several threat intelligence sharing programs. We monitor threats posted to these threat intelligence networks and take action based on our risk and exposure.
DDoS Mitigation In addition to our own capabilities and tools, we contract with on-demand DDoS scrubbing providers to mitigate
Distributed Denial of Service (DDoS) attacks.
Logical Access
Logical access to the Faveo Helpdesk Production Network is restricted by an explicit need-to-know basis, utilises least privilege, is frequently audited and monitored, and is controlled by our Operations Team. Employees accessing the Faveo Helpdesk Production Network are required to use multiple factors of authentication.
Security Incident Response
In case of a system alert, events are escalated to our 24/7 teams providing Operations, Network Engineering, and Security coverage. Employees are trained on security incident response processes, including communication channels and escalation paths.
ENCRYPTION
Encryption in Transit Communications between you and Faveo Helpdesk servers are encrypted via industry best-practices HTTPS and Transport Layer Security (TLS).
Encryption at Rest Faveo Helpdesk supports encryption of customer data at rest.
*Only available with Advanced Security Add-on
APPLICATION SECURITY
Achieving 100% Secure Customer Service Software is impossible without having the security measures applied at the application level. we take various steps to secure Faveo Helpdesk at application level.
SECURE DEVELOPMENT (SDLC)
Security Training At least annually, engineers participate in secure code training. This training covers OWASP Top 10 security flaws, common attack vectors, and Faveo Helpdesk security controls.
Faveo Helpdesk Framework Security Controls
We utilise PHP framework security controls to limit exposure to OWASP Top 10 security flaws. These include inherent controls that reduce our exposure to
Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and
SQL Injection (SQLi), among others.
QA Our QA department reviews and tests our code base. Several dedicated application security engineers on staff identify, test, and triage security vulnerabilities in code.
Separate Environments Testing and staging environments are separated physically and logically from the production environment. No actual customer data is used in the development or test environments.
APPLICATION VULNERABILITIES
Dynamic Vulnerability Scanning
We employ a number of third-party, qualified security tools to continuously scan our application. Faveo Helpdesk is scanned regularly against the OWASP Top 10 security flaws. We maintain a dedicated in-house product security team to test and work with engineering teams to re-mediate any discovered issues.
Static Code Analysis
Our source code repositories, for both our platform and mobile applications, are continuously scanned for security issues via our integrated static analysis tooling.
PRODUCT SECURITY FEATURES
SECURE DEVELOPMENT (SDLC)
- No plain text passwords – Password encryption in database storage
- Configurable Password Policy
- Two-factor authentication
ADDITIONAL PRODUCT SECURITY FEATURES
Access Privileges & Roles Access
Access Privileges & Roles Access to data within your Faveo Helpdesk is governed by access rights, and can be configured to define granular access privileges.
Faveo Helpdesk has various permission levels for users (owner, admin, agent, end-user, etc.) accessing your Faveo Helpdesk Instance.
IP Restrictions
Your Faveo Helpdesk can be configured to only allow access from specific IP address ranges you define. These restrictions can be applied to all users or only to your agents.
Transmission Security
All communications with Faveo Helpdesk servers are encrypted using industry standard
HTTPS. This ensures that all traffic between you and Faveo Helpdesk is secure during transit.
Additionally for email, our product supports Transport Layer Security (TLS), a protocol that encrypts and delivers email securely, mitigating eavesdropping and spoofing between mail servers.
Email Signing (DKIM/DMARC)
We support DKIM (Domain Keys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting & Conformance) for signing outbound emails from Faveo Helpdesk when you have setup an external email domain on your Faveo Helpdesk.
Using an email service that supports these features allows you to stop email spoofing.
Our Responsible Disclosure Policy