Playvox delivers and supports its services through cloud service provider, Amazon Web Services, that use widely accepted practices and infrastructure to secure customer data. Network services include a combination of dedicated servers and distributed resources.
We apply secure design patterns and best programming and OWASP practices at every stage of application development using a SecDevOps approach. All code is developed in-house.
Separate environments are maintained for production, staging and development. Customer data is only available within Playvox’s production environment and is never used on a different environment or employee machines. Only authorized system administrators have access to the production environment. Test environments emulate the production environment as closely as possible.
Application servers can be accessed only via HTTPS over TLSv1.2. Logins are protected from brute force attacks. Passwords must be longer than 10 alphanumeric characters, containing both upper and lowercase letters and at least 1 number. Passwords are stored as salted one-way hashes.
Logs from systems and applications are collected, analyzed and audited. Monitoring services proactively check systems, computer and network components to ensure service availability and performance. Both logging and monitoring are used to identify security incidents and to prevent abuse.
Security testing is integrated in image creation and code deployment, continuous vulnerability assessments are performed against the web stack and the software libraries we use. A third-party penetration test is performed annually to identify and remediate detected vulnerabilities.