Security

Data Center and Network Security

PHYSICAL SECURITY
Facilities at which Vision Helpdesk servers are located in USA and UK, Tier III Data centers each one are powered by redundant power, with UPS and backup generators.

On-site Security Our data center facilities feature a secured perimeter with multi-level security zones, 24/7 manned security, CCTV video surveillance, multi-factor identification with bio-metric access control, physical locks, and security breach alarms.

Customers can choose to locate their data in the USA or UK data center.

NETWORK SECURITY
Dedicated Security Team Our Security Team is on call 24/7 to respond to security alerts and events.
Protection Our network is protected by redundant layer 7 firewalls, best-in-class router technology, secure HTTPS transport over public networks, regular audits, and network intrusion detection/prevention technologies (IDS/IPS) that monitor and block malicious traffic and network attacks.

Architecture Our network security architecture consists of multiple security zones of trust. More sensitive systems, like our database servers, are protected in our most trusted zones. Other systems are housed in zones commensurate with their sensitivity, depending on function, information classification, and risk. Depending on the zone, additional security monitoring and access controls will apply. DMZs are utilized between the Internet, and internally, between the different zones of trust.
Network Vulnerability Scanning Network security scanning gives us deep insight for quick identification of out-of-compliance or potentially vulnerable systems.

Security Incident Event Management (SIEM) A security incident event management (SIEM) system gathers extensive logs from important network devices and hosts systems. Thel SIEM creates triggers that notify the Security team based on correlated events. The Security team responds to these events.

Intrusion Detection and Prevention Major application data flow ingress and egress points are monitored with Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS). The systems are configured to generate alerts when incidents and values exceed predetermined thresholds and uses regularly updated signatures based on new threats. This includes 24/7 system monitoring.

Threat Intelligence Program Vision Helpdesk participates in several threat intelligence sharing programs. We monitor threats posted to these threat intelligence networks and take action based on our risk and exposure.
DDoS Mitigation In addition to our own capabilities and tools, we contract with on-demand DDoS scrubbing providers to mitigate Distributed Denial of Service (DDoS) attacks.

Logical Access Access to the Vision Helpdesk Production Network is restricted by an explicit need-to-know basis, utilizes least privilege, is frequently audited and monitored, and is controlled by our Operations Team. Employees accessing the Vision Helpdesk Production Network are required to use multiple factors of authentication.

Security Incident Response In case of a system alert, events are escalated to our 24/7 teams providing Operations, Network Engineering, and Security coverage. Employees are trained on security incident response processes, including communication channels and escalation paths.

ENCRYPTION
Encryption in Transit Communications between you and Vision Helpdesk servers are encrypted via industry best-practices HTTPS and Transport Layer Security (TLS).

Encryption at Rest Vision Helpdesk supports encryption of customer data at rest.
*Only available with Advanced Security Add-on

Application Security

SECURE DEVELOPMENT (SDLC)
Security Training At least annually, engineers participate in secure code training. This training covers OWASP Top 10 security flaws, common attack vectors, and Vision Helpdesk security controls.

Vision Helpdesk Framework Security Controls We utilize PHP framework security controls to limit exposure to OWASP Top 10 security flaws. These include inherent controls that reduce our exposure to Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and SQL Injection (SQLi), among others.

QA Our QA department reviews and tests our code base. Several dedicated application security engineers on staff identify, test, and triage security vulnerabilities in code.

Separate Environments Testing and staging environments are separated physically and logically from the production environment. No actual customer data is used in the development or test environments.

APPLICATION VULNERABILITIES
Dynamic Vulnerability Scanning We employ a number of third-party, qualified security tools to continuously scan our application. Vision Helpdesk is scanned regularly against the OWASP Top 10 security flaws. We maintain a dedicated in-house product security team to test and work with engineering teams to re-mediate any discovered issues.

Static Code Analysis Our source code repositories, for both our platform and mobile applications, are continuously scanned for security issues via our integrated static analysis tooling.

Product Security Features

SECURE DEVELOPMENT (SDLC)

  • No plain text passwords – Password encryption in database storage
  • Configurable Password Policy
  • Two-factor authentication

ADDITIONAL PRODUCT SECURITY FEATURES
Access Privileges & Roles Access to data within your Vision Helpdesk is governed by access rights, and can be configured to define granular access privileges. Vision Helpdesk has various permission levels for users (owner, admin, agent, end-user, etc.) accessing your Vision Helpdesk.

IP Restrictions Your Vision Helpdesk can be configured to only allow access from specific IP address ranges you define. These restrictions can be applied to all users or only to your agents.

Transmission Security All communications with Vision Helpdesk servers are encrypted using industry standard HTTPS. This ensures that all traffic between you and Vision Helpdesk is secure during transit. Additionally for email, our product supports Transport Layer Security (TLS), a protocol that encrypts and delivers email securely, mitigating eavesdropping and spoofing between mail servers.

Email Signing (DKIM/DMARC) We support DKIM (Domain Keys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting & Conformance) for signing outbound emails from Vision Helpdesk when you have setup an external email domain on your Vision Helpdesk. Using an email service that supports these features allows you to stop email spoofing.

Vision HelpdeskSecurity