Boost Trust & Security with Contact Center Automation
Jacada takes security very seriously—just ask the number of Fortune 100 and Fortune 500 companies that trust us with their data. We use a combination of enterprise-class security features and comprehensive audits of our applications, systems, and networks to ensure that your data is always protected, which means every customer can rest easy—our own included.
Compliance Certifications and Memberships
We use best practices and industry standards to achieve compliance with industry-accepted general security and privacy frameworks, which in turn helps our customers meet their own compliance standards.
PCI DSS – Jacada is PCI DSS compliance. The certificate is available for download here.
Jacada hosts Service Data primarily in AWS data centers that have been certified as ISO 27001, PCI DSS Service Provider Level 1, and/or SOC 2 compliant. Learn more about Compliance at AWS.
AWS infrastructure services include backup power, HVAC systems, and fire suppression equipment to help protect servers and ultimately your data. Learn more about Data Center Controls at AWS.
AWS on-site security includes a number of features such as security guards, fencing, security feeds, intrusion detection technology, and other security measures. Learn more about AWS physical security.
Data Hosting Location
Jacada leverages AWS data centers in the United States and Europe. Learn more about Data Hosting Locations for your Jacada Service Data.
Customers can choose to locate their Service Data in the US-only or EEA
Dedicated Security Team
Our globally distributed Security Team is on call 24/7 to respond to security alerts and events.
Our network is protected through the use of key AWS security services, integration with our Cloudflare edge protection networks, regular audits, and network intelligence technologies, which monitor and/or block known malicious traffic and network attacks.
Our network security architecture consists of multiple security zones. More sensitive systems, like database servers, are protected in our most trusted zones. Other systems are housed in zones commensurate with their sensitivity, depending on function, information classification, and risk. Depending on the zone, additional security monitoring and access controls will apply. DMZs are utilized between the Internet, and internally between the different zones of trust.
Network Vulnerability Scanning
Network security scanning gives us deep insight for quick identification of out-of-compliance or potentially vulnerable systems.
Third-Party Penetration Tests
In addition to our extensive internal scanning and testing program, each year, Jacada employs third-party security experts to perform a broad penetration test across the Jacada Production and Corporate Networks.
Security Incident Event Management
Our Security Incident Event Management (SIEM) system gathers extensive logs from important network devices and host systems. The SIEM alerts on triggers that notify the Security team based on correlated events for investigation and response.
Intrusion Detection and Prevention
Service ingress and egress points are instrumented and monitored to detect anomalous behavior. These systems are configured to generate alerts when incidents and values exceed predetermined thresholds and use regularly updated signatures based on new threats. This includes 24/7 system monitoring.
Jacada has architected a multi-layer approach to DDoS mitigation. A core technology AWS shield provides network edge defenses, while the use of AWS scaling and protection tools provide deeper protection along with our use of AWS DDoS specific services.
Access to the Jacada Production Network is restricted by an explicit need-to-know basis, utilizes least privilege, is frequently audited and monitored, and is controlled by our Operations Team. Employees accessing the Jacada Production Network are required to use multiple factors of authentication.
Security Incident Response
In case of a system alert, events are escalated to our 24/7 teams providing Operations, Network Engineering, and Security coverage. Employees are trained on security incident response processes, including communication channels and escalation paths.
Encryption in Transit
All communications with Jacada UI and APIs are encrypted via industry standard HTTPS/TLS (TLS 1.2 or higher) over public networks. This ensures that all traffic between you and Jacada is secure during transit.
Encryption at Rest
Service Data is encrypted at rest in AWS using AES-256 key encryption.
Jacada maintains a publicly available system-status webpage : http://status.gointeract.io/
which includes system availability details, scheduled maintenance and service incident history.
Jacada employs service clustering and network redundancies to eliminate single points of failure. Our strict backup regime and/or our Enhanced Disaster Recovery service offering allows us to deliver a high level of service availability, as Service Data is replicated across availability zones.
Our Disaster Recovery (DR) program ensures that our services remain available and are easily recoverable in the case of a disaster. This is accomplished through building a robust technical environment, creating Disaster Recovery plans, and testing activities.
Secure Code Training
At least annually, engineers participate in secure code training covering OWASP Top 10 security risks, common attack vectors, and Jacada controls.
Framework Security Controls
Jacada leverages modern and secure open-source frameworks with security controls to limit exposure to OWASP Top 10 security risks. These inherent controls reduce our exposure to SQL Injection (SQLi), Cross Site Scripting (XSS), and Cross Site
Request Forgery (CSRF), among others.
Our Quality Assurance (QA) department reviews and tests our code base. Dedicated application security engineers on staff identify, test, and triage security vulnerabilities in code.
Testing and staging environments are logically separated from the Production environment. No Service Data is used in our development or test environments.
Dynamic Vulnerability Scanning
We employ third-party security tooling to continuously and dynamically scan our core applications against the OWASP Top 10 security risks. We maintain a dedicated in-house product security team to test and work with engineering teams to remediate any discovered issues.
Static Code Analysis
The source code repositories for both our platform and mobile applications are scanned for security issues via our integrated static analysis tooling.
Third-Party Penetration Testing
In addition to our extensive internal scanning and testing program, Jacada employs third-party security experts to perform detailed penetration tests on different applications within our products.
Jacada Interact provides user authentication capabilities at both account and application levels.
- You set the default authentication method globally for your account from the Admin Console Settings menu.
- You set the authentication method for an application from the Authentication panel of the selected application.
The Interact Server supports:
- Internal Authentication.Authentication is based on the unique username and password provided to each Interact user and managed in a secure internal database.
- Custom Authentication.Authentication is based on an external Authlink authorization server that operates in accordance with Jacada Interact security requirements. For more details, click here.
- LDAP Authentication.Authentication is based on connection to an LDAP server. For more details about configuring LDAP, click here.
- SAML Authentication.Authentication is based on use of the SAML protocol. For more details about configuring SAML, click here.
- Oauth2 Authentication(Mobile/Web Clients). Authentication is based on an external authorization server that operates according to the Oauth2 specification. This type of authentication provides an extra security layer for access to protected resources. For more details on Oauth2 workflow, click here.
Note: Interact provides an out-of-the-box Oauth2 simulator, allowing you to test a secured Flow without configuring Oauth2 production server settings. Accounts may then configure this type of authentication against their own Oauth2 servers.
All users need to be assigned a Role when they are added to an account. The Role defines the permissions that are allotted to each user in Interact and the activities that the user is authorized to perform.
Jacada follows secure credential storage best practices by never storing passwords in human readable format, and only as the result of a secure, salted, one-way hash.
Human Resources Security
Jacada has developed a comprehensive set of security policies covering a range of topics. These policies are shared with and made available to all employees and contractors with access to Jacada information assets.
All employees attend a Security Awareness Training, which is given upon hire and annually thereafter. All engineers receive annual Secure Code Training. The Security team provides additional security awareness updates via email, blog posts, and in presentations during internal events.
Jacada performs background checks on all new employees in accordance with local laws. These checks are also required to be completed for contractors. The background check includes criminal, education, and employment verification. Cleaning crews are included.
All new hires are required to sign Non-Disclosure and Confidentiality agreements.