Privacy and Security¶
We take our customers’ data privacy and security very seriously. For this reason, we adhere to the following basic principles to protect customer data:
- We never share the customers’ personal or business data with third parties
- SmartCloud Connect never stores any of your Salesforce or MS Exchange/Office 365/Gmail data, such as contacts, emails, calendar items, etc. The relevant data is only discreetly transferred through the cloud app, temporarily cached in secure MS Azure servers’ memory and is never written to any persistent storage nor transferred outside of the established secured infrastructure.
- Any personally identifiable information which gets transferred through our servers is secured with industry standard protocols and encryption technologies; more on this below.
Privacy shield certified
ISO-27001 (information security management set) certified
With over 13 years of experience of building and implementing successful enterprise solutions, we know very well that email correspondence and CRM data stand among the key assets of any modern business. For this reason handling all communications between your email and CRM systems and SmartCloud Connect with maximum security is our topmost priority.
We follow a multi-level layered approach, which is continuously updated with the latest technologies to ensure the highest level of security for our customers’ data, from complete physical security of Microsoft certified data centers we use to secured access authorization procedures for the end users (see below) and the latest encrypted data transfer protocols.
SmartCloud Connect Sync component is built as a scalable customized Microsoft Azure service which supports geo-distributed data centers and provides the highest levels of availability and resilience; it matches Microsoft’s standards for secure applications.
The Add-In component of SmartCloud Connect is a MS Outlook add-in verified by Microsoft that works directly with users’ email and CRM data, also displaying relevant information for the end users and conveying their inputs and actions to SCC Sync or directly to Salesforce. The Chrome Extension option for SCC integration into Gmail works in the same manner as the Add-In and is verified by Google.
While SmartCloud Connect also supports legacy authentication solutions, for example to work with MS Exchange 2010, by default all SCC end users follow the most secure access authentication procedures:
Using OAuth 2.0 to grant MS Exchange data access, with optional fallback to login/password authentication for legacy MS Exchange servers
Possibility of mass mailboxes provisioning via Impersonated Exchange access, where the local Exchange Admin grants SmartCloud Connect permissions to work with specified users’ mailboxes and calendar data
Possibility of mass Salesforce provisioning via impersonating account or API-only user, where the local Salesforce Admin grants SmartCloud Connect permissions to work with specified users’ Salesforce data
Granular Access Control¶
Our app’s access to user configurations and data is built on granular level, it is based on the concepts of Permissions, Roles, Principals, Resources and Authorizations:
- All data views, transfers, or other related actions are controlled by structured permission rules
- Combination of Permission sets into Roles allows to define allowed operations scopes very specifically
- In SCC data access architecture, assigning of Principals, Roles for specific Resources access, results in granting of the minimum required permissions level for performing of very specific tasks
This access control policy covers all SmartCloud Connect users, including Invisible.io Admins: Sales, Support and Customer Success teams, to ensure that the customers’ data is accessible only by the entitled end users.
SmartCloud Connect ensures multi-level protection of sensitive data from accidental or malicious loss, whether in transit, at rest, or on the go. Among standard techniques, that includes:
- Access to Salesforce, Office 365, and Gmail data is performed through certified apps on respective services
- In-transit encryption: all data transfers between Salesforce/Microsoft Exchange or Google servers as well as user interactions with them via SCC are encrypted with TLS protocol
- At rest encryption: all relevant configuration data is encrypted in rest state on physical storage database level
- Secrets handling: all used access secrets (tokens, passwords) are additionally encrypted on application level using keys transferred separately from the data. Furthermore, SCC API connections are designed in such a way so access secrets never leave SmartCloud Connect perimeter
- Data backup and point-in-time restore: users’ and orgs’ configuration data is continuously backed-up automatically; it is kept as multiple copies, ensuring the possibility to do a point-in-time restore
- Data isolation: server-side synchronization of data of different SCC users is logically and physically isolated, which guarantees that no data can be transferred or leak between the users, in any other ways but ones defined by Salesforce or Microsoft Exchange / Office 365 / Gmail
- Data centers: SmartCloud Connect is hosted on Microsoft Azure data centers which ensure the highest security levels
- Security Updates: SmartCloud Connect is a managed cloud solution; that, regular besides updates of SCC features, implies automatic front-end and back-end data security infrastructure updates
- Firewalls and network access: SmartCloud Connect uses Microsoft Azure’s capabilities to run its services in a secure virtual network with limited and strictly audited external access
- Networking: no server used by SmartCloud Connect for user data transfers or config keeping is accessible from outside the network. Any externally visible services operate behind a firewall and a load balancer within this virtual private network