Security of our systems, and your data, is one of Coherence Design's prime responsibilities and is of the utmost importance. As such, we seek to design-in security for our software applications and the configuration of our operational infrastructure, including the partners we choose to help us to implement a secure environment.
Whilst we only hold very limited amount of your data, we do ensure that there are no opportunities to compromise either the operational robustness of our services or your data confidentiality due to security breaches.
At all times, other than when migrating data, your operational user, ticketing, and self-service data remains secure within the confines of Zendesk's own comprehensive security protection.
All CloudSET account information is access controlled. Authentication methods are used to access CloudSET web services and applications. We need you to register your Zendesk API access with us to operate, but both the username and token are database encrypted, meaning that we don't have application UI access to your Zendesk.
Employees, using temporary provided or ongoing support access accounts, have their access securely controlled by OneLogin, a leading SaaS identity management platform. This provides centralized access control, that abstracts the actual account access details and provides a central mechanism to grant and revoke access. Audit records of who actually accessed are maintained to provide full traceability of access.
All traffic transmissions between CloudSET and Zendesk are encrypted using industry standard SSL techniques.
Leading Intrusion Prevention Systems (IPS) / Firewall services are used to to identify malicious activity, log information about this activity, attempt to block/stop it, and report it.
The underlying physical infrastructure is provided by Amazon Web Services (AWS) in world-class, highly-secure data centers utilizing state-of-the art electronic surveillance and multi-factor access control systems. Data centers are staffed 24x7 by trained security guards, and access is authorized strictly on a least privileged basis.