Security Overview CCSX CLOUD, LLC (“CSX CLOUD”) recognizes that secure and reliable phone service is critical to business operations. As a cloud service provider, CSX CLOUD offers robust multi-tenant cloud communications service with several layers of security built in. This paper explains the security model for CSX CLOUD services. Overview The security of CSX CLOUD services encompasses multiple layers and many components, from policies and methodologies to service architecture; capability to detect potential toll fraud and service abuse, and user controlled service administration. Security capabilities and settings reside in the application and infrastructure layers, within the service delivery and operations processes, and the company’s security policies and governance practices. The security of customer PBX services is shared among customers, who manage their PBX policies, user permissions, and login information, and CSX CLOUD who manages service delivery, architects and designs security into the product, and ensures physical and environmental security of the service. We employ a multi-layered security model, with security at the perimeter, at the service delivery layer, SSL on our web applications, tier 1 data centers, and settings in the interface that a customer controls. User Service Administration CSX CLOUD services include front-end settings that customers control to manage their PBX policies and their users. These settings include: Adding/removing extensions, setting user permission levels, managing extension PINs, enabling international calling, allowing specific international call destinations, and blocking inbound caller IDs. In addition, customer admins and individual users can review call history and upload and delete messages. Application Security Secure hash of customer PINs. Customer data is logically segmented in application databases. Transmission Security CSX CLOUDutilizes SSLv3/TLSv1 to encrypt web session traffic. Network and Infrastructure Security CSX CLOUD network and application perimeter is protected with firewalls and session border controllers. Administrative access requires authenticating through a production VPN gateway, then authenticating to local infrastructure systems. Only authorized personnel are given access to the production environment. Technology layers include intrusion-detection systems, system logs, and fraud analytics. Operational processes include system and service-level monitoring, system hardening, change management, and regular vulnerability scans. Physical and Environmental Security We host our services in data centers that undergo SSAE-16 and/or ISO 27001 audits. Our data centers share hosted facilities space with some of the world’s largest Internet companies and financial institutions. The geographic diversity of our locations acts as an additional safeguard, minimizing our risk of loss and service interruption due to natural disasters and other catastrophic situations. Fraud Mitigation The CSX CLOUDservice includes multiple layers to prevent and detect toll fraud, including access control, detection controls, usage throttling, and customer-controlled settings to enable/disable international calling to approved destinations. Disaster Recovery The CSX CLOUD service is architected to support failover conditions in case of emergency. Our service is built with geographically distributed redundancy. Primary and backup locations remain online simultaneously, with a primary pod in active mode, and the secondary pod in standby mode. Database replication between locations is in real time, with failover being built into the service. If a primary location is unavailable, the backup location will continue service. In addition to infrastructure and application redundancy, we also have geographically distributed operations such that service operations can also continue if one location is not available. Checklist for Protecting Your CSX CLOUD Service • Strong PIN • Disable calling card feature if not needed. • Disable international calling if not needed. • If you use international calling, restrict call destinations to those needed for your company business. • Restrict long-distance calling if not needed. • Restrict call forward — don’t allow call forwarding to international or long-distance numbers. • Restrict admin-level permissions. Limit the users to whom you give this level of permission. • Block any numbers that you do not want to receive calls from. • Only use email message forwarding for non-sensitive messages. Retrieve sensitive messages via an encrypted web session. • Securely dispose of any physical copies of your call records and invoices. • Change PIN codes often.
Privacy Policy Security Policy Support Company
Contact Us
Security Policy CSX Store
Security Overview CCSX CLOUD, LLC (“CSX CLOUD”) recognizes that secure and reliable phone service is critical to business operations. As a cloud service provider, CSX CLOUD offers robust multi-tenant cloud communications service with several layers of security built in. This paper explains the security model for CSX CLOUD services. Overview The security of CSX CLOUD services encompasses multiple layers and many components, from policies and methodologies to service architecture; capability to detect potential toll fraud and service abuse, and user controlled service administration. Security capabilities and settings reside in the application and infrastructure layers, within the service delivery and operations processes, and the company’s security policies and governance practices. The security of customer PBX services is shared among customers, who manage their PBX policies, user permissions, and login information, and CSX CLOUD who manages service delivery, architects and designs security into the product, and ensures physical and environmental security of the service. We employ a multi-layered security model, with security at the perimeter, at the service delivery layer, SSL on our web applications, tier 1 data centers, and settings in the interface that a customer controls. User Service Administration CSX CLOUD services include front-end settings that customers control to manage their PBX policies and their users. These settings include: Adding/removing extensions, setting user permission levels, managing extension PINs, enabling international calling, allowing specific international call destinations, and blocking inbound caller IDs. In addition, customer admins and individual users can review call history and upload and delete messages. Application Security Secure hash of customer PINs. Customer data is logically segmented in application databases. Transmission Security CSX CLOUDutilizes SSLv3/TLSv1 to encrypt web session traffic. Network and Infrastructure Security CSX CLOUD network and application perimeter is protected with firewalls and session border controllers. Administrative access requires authenticating through a production VPN gateway, then authenticating to local infrastructure systems. Only authorized personnel are given access to the production environment. Technology layers include intrusion-detection systems, system logs, and fraud analytics. Operational processes include system and service-level monitoring, system hardening, change management, and regular vulnerability scans. Physical and Environmental Security We host our services in data centers that undergo SSAE-16 and/or ISO 27001 audits. Our data centers share hosted facilities space with some of the world’s largest Internet companies and financial institutions. The geographic diversity of our locations acts as an additional safeguard, minimizing our risk of loss and service interruption due to natural disasters and other catastrophic situations. Fraud Mitigation The CSX CLOUDservice includes multiple layers to prevent and detect toll fraud, including access control, detection controls, usage throttling, and customer-controlled settings to enable/disable international calling to approved destinations. Disaster Recovery The CSX CLOUD service is architected to support failover conditions in case of emergency. Our service is built with geographically distributed redundancy. Primary and backup locations remain online simultaneously, with a primary pod in active mode, and the secondary pod in standby mode. Database replication between locations is in real time, with failover being built into the service. If a primary location is unavailable, the backup location will continue service. In addition to infrastructure and application redundancy, we also have geographically distributed operations such that service operations can also continue if one location is not available. Checklist for Protecting Your CSX CLOUD Service • Strong PIN • Disable calling card feature if not needed. • Disable international calling if not needed. • If you use international calling, restrict call destinations to those needed for your company business. • Restrict long-distance calling if not needed. • Restrict call forward — don’t allow call forwarding to international or long-distance numbers. • Restrict admin-level permissions. Limit the users to whom you give this level of permission. • Block any numbers that you do not want to receive calls from. • Only use email message forwarding for non-sensitive messages. Retrieve sensitive messages via an encrypted web session. • Securely dispose of any physical copies of your call records and invoices. • Change PIN codes often.
Security Policy
Security Overview CCSX CLOUD, LLC (“CSX CLOUD”) recognizes that secure and reliable phone service is critical to business operations. As a cloud service provider, CSX CLOUD offers robust multi-tenant cloud communications service with several layers of security built in. This paper explains the security model for CSX CLOUD services. Overview The security of CSX CLOUD services encompasses multiple layers and many components, from policies and methodologies to service architecture; capability to detect potential toll fraud and service abuse, and user controlled service administration. Security capabilities and settings reside in the application and infrastructure layers, within the service delivery and operations processes, and the company’s security policies and governance practices. The security of customer PBX services is shared among customers, who manage their PBX policies, user permissions, and login information, and CSX CLOUD who manages service delivery, architects and designs security into the product, and ensures physical and environmental security of the service. We employ a multi-layered security model, with security at the perimeter, at the service delivery layer, SSL on our web applications, tier 1 data centers, and settings in the interface that a customer controls. User Service Administration CSX CLOUD services include front-end settings that customers control to manage their PBX policies and their users. These settings include: Adding/removing extensions, setting user permission levels, managing extension PINs, enabling international calling, allowing specific international call destinations, and blocking inbound caller IDs. In addition, customer admins and individual users can review call history and upload and delete messages. Application Security Secure hash of customer PINs. Customer data is logically segmented in application databases. Transmission Security CSX CLOUDutilizes SSLv3/TLSv1 to encrypt web session traffic. Network and Infrastructure Security CSX CLOUD network and application perimeter is protected with firewalls and session border controllers. Administrative access requires authenticating through a production VPN gateway, then authenticating to local infrastructure systems. Only authorized personnel are given access to the production environment. Technology layers include intrusion-detection systems, system logs, and fraud analytics. Operational processes include system and service-level monitoring, system hardening, change management, and regular vulnerability scans. Physical and Environmental Security We host our services in data centers that undergo SSAE-16 and/or ISO 27001 audits. Our data centers share hosted facilities space with some of the world’s largest Internet companies and financial institutions. The geographic diversity of our locations acts as an additional safeguard, minimizing our risk of loss and service interruption due to natural disasters and other catastrophic situations. Fraud Mitigation The CSX CLOUDservice includes multiple layers to prevent and detect toll fraud, including access control, detection controls, usage throttling, and customer-controlled settings to enable/disable international calling to approved destinations. Disaster Recovery The CSX CLOUD service is architected to support failover conditions in case of emergency. Our service is built with geographically distributed redundancy. Primary and backup locations remain online simultaneously, with a primary pod in active mode, and the secondary pod in standby mode. Database replication between locations is in real time, with failover being built into the service. If a primary location is unavailable, the backup location will continue service. In addition to infrastructure and application redundancy, we also have geographically distributed operations such that service operations can also continue if one location is not available. Checklist for Protecting Your CSX CLOUD Service • Strong PIN • Disable calling card feature if not needed. • Disable international calling if not needed. • If you use international calling, restrict call destinations to those needed for your company business. • Restrict long-distance calling if not needed. • Restrict call forward — don’t allow call forwarding to international or long-distance numbers. • Restrict admin-level permissions. Limit the users to whom you give this level of permission. • Block any numbers that you do not want to receive calls from. • Only use email message forwarding for non-sensitive messages. Retrieve sensitive messages via an encrypted web session. • Securely dispose of any physical copies of your call records and invoices. • Change PIN codes often.
Security Policy Privacy Policy
Support Company
Contact Us
Security Overview CCSX CLOUD, LLC (“CSX CLOUD”) recognizes that secure and reliable phone service is critical to business operations. As a cloud service provider, CSX CLOUD offers robust multi-tenant cloud communications service with several layers of security built in. This paper explains the security model for CSX CLOUD services. Overview The security of CSX CLOUD services encompasses multiple layers and many components, from policies and methodologies to service architecture; capability to detect potential toll fraud and service abuse, and user controlled service administration. Security capabilities and settings reside in the application and infrastructure layers, within the service delivery and operations processes, and the company’s security policies and governance practices. The security of customer PBX services is shared among customers, who manage their PBX policies, user permissions, and login information, and CSX CLOUD who manages service delivery, architects and designs security into the product, and ensures physical and environmental security of the service. We employ a multi-layered security model, with security at the perimeter, at the service delivery layer, SSL on our web applications, tier 1 data centers, and settings in the interface that a customer controls. User Service Administration CSX CLOUD services include front-end settings that customers control to manage their PBX policies and their users. These settings include: Adding/removing extensions, setting user permission levels, managing extension PINs, enabling international calling, allowing specific international call destinations, and blocking inbound caller IDs. In addition, customer admins and individual users can review call history and upload and delete messages. Application Security Secure hash of customer PINs. Customer data is logically segmented in application databases. Transmission Security CSX CLOUDutilizes SSLv3/TLSv1 to encrypt web session traffic. Network and Infrastructure Security CSX CLOUD network and application perimeter is protected with firewalls and session border controllers. Administrative access requires authenticating through a production VPN gateway, then authenticating to local infrastructure systems. Only authorized personnel are given access to the production environment. Technology layers include intrusion-detection systems, system logs, and fraud analytics. Operational processes include system and service-level monitoring, system hardening, change management, and regular vulnerability scans. Physical and Environmental Security We host our services in data centers that undergo SSAE-16 and/or ISO 27001 audits. Our data centers share hosted facilities space with some of the world’s largest Internet companies and financial institutions. The geographic diversity of our locations acts as an additional safeguard, minimizing our risk of loss and service interruption due to natural disasters and other catastrophic situations. Fraud Mitigation The CSX CLOUDservice includes multiple layers to prevent and detect toll fraud, including access control, detection controls, usage throttling, and customer-controlled settings to enable/disable international calling to approved destinations. Disaster Recovery The CSX CLOUD service is architected to support failover conditions in case of emergency. Our service is built with geographically distributed redundancy. Primary and backup locations remain online simultaneously, with a primary pod in active mode, and the secondary pod in standby mode. Database replication between locations is in real time, with failover being built into the service. If a primary location is unavailable, the backup location will continue service. In addition to infrastructure and application redundancy, we also have geographically distributed operations such that service operations can also continue if one location is not available. Checklist for Protecting Your CSX CLOUD Service • Strong PIN • Disable calling card feature if not needed. • Disable international calling if not needed. • If you use international calling, restrict call destinations to those needed for your company business. • Restrict long-distance calling if not needed. • Restrict call forward — don’t allow call forwarding to international or long-distance numbers. • Restrict admin-level permissions. Limit the users to whom you give this level of permission. • Block any numbers that you do not want to receive calls from. • Only use email message forwarding for non-sensitive messages. Retrieve sensitive messages via an encrypted web session. • Securely dispose of any physical copies of your call records and invoices. • Change PIN codes often.