We take your privacy very seriously. As such, we adhere to the following basic principles to protect your privacy:
- We NEVER share your personal information with third parties
- SmartCloud Connect NEVER stores any of your Salesforce or Exchange data (contacts, emails, and so on). That data is only passed through the cloud app, temporarily kept in memory and NEVER written to any persistent storage.
- What is stored: Identifiers and last modified dates for the records synchronized. Also we temporarily keep names of records for which synchronization service experienced issues solely to display that to you as error messages.
- Any personally identifiable information which gets transferred through our servers is secured with industry standard protocols and technology, more on this below
The security of all your Exchange and CRM data, all communications between your systems and SmartCloud Connect, and all user interactions with our system is our top priority.
We are continuously focused on multi-level, layered approach to provide our customers with the highest level of security, from the physical security of certified data centers, to application group-up designed to be secure.
SmartCloud Connect is built as scalable and secure Windows Azure service which supports geo-distributed data centers and can guarantee highest levels of availability and resilience, matching industry standards for secure applications.
While SmartCloud Connect supports legacy solutions (e.g. Microsoft Exchange 2010), users are always advised to go with the most secure approach:
- Single Sign-On to Salesforce, use of OAUTH2 for user authorization
- Use of OAUTH2 for Office365, with fallback to login/password authentication on legacy Microsoft Exchange servers
- Use of impersonated Exchange setup, where IT team grants to SmartCloud Connect permissions to access specific users’ mailboxes
- Secure authentication for Outlook Add-In users
Granular Access Control
Access to user configuration and data is set up on granular level, and is built around concept of Permissions, Roles, Principals, Resources and Authorizations:
- Each possible access or action is controlled by specific Permission
- Combination of Permissions into Roles allows defining exact operations which can be done
- Assigning Principals specific Roles to specific Resources results in detailed, the least possible privilege-based configuration to do their job.
Access policy is configured for ALL SmartCloud Connect users, including internal InvisibleSolutions’ Administration and Customer Success Teams, to ensure customer data is available only to the right people with right level of access.
SmartCloud Connect implements multi-level protection of sensitive data from accidental or malicious loss whether in transit, at rest, or on the go. Among other techniques, this includes:
- Access to Salesforce and Office 365 data: Performed through registered applications on respective services
- In-transit encryption: All information exchange with Salesforce/Microsoft Exchange servers, and user interactions is encrypted with SSL
- At rest encryption: Configuration data is encrypted at rest on physical database level
- Secrets handling: Secrets (tokens, passwords) are additionally encrypted on application level using keys stored separately from DB. Further, APIs are built in a way where secrets never leave SmartCloud Connect perimeter
- Data backup and point-in-time restore: Configuration data is continuously backed-up; exists in multiple copies with ability to do point-in-time restore
- Data isolation: Synchronization data for different users is physically isolated, which guarantees information cannot leak between users of SmartCloud Connect in ways other than those defined by Salesforce or Microsoft Exchange
- Data centers: SmartCloud Connect is hosted in Microsoft Azure data centers which match the highest security requirements. For more information on Microsoft Azure Datacenter security, see here.
- Security Updates: SmartCloud Connect operates as managed cloud solution which includes automatic updates and security patches.
- Firewalls and network access: SmartCloud Connect leverages Microsoft Azure capabilities to run service in secure network with limited and audited external access.
- Networking: None of SmartCloud Connect servers are accessible from outside network. Publicly visible services operate behind the firewall and load balancer in virtual private network.