AVAYA CLOUD SECURITY
Data security and integrity
Avaya employs vault technology to maintain trust and to ensure security and integrity.
- Secrets management: tokens, passwords, certificates, and API keys
- Key management: controlling the encryption keys used to encrypt your data
- Certificate management: PKI certificates play a central role in securing deployments.
- Strong encryption is achieved by using 2048-bit public/private key pairs to create unreadable records that can be stored safely.
- Keys support the encryption of API transactions, passwords, certificates, or cryptographic exchanges.
- Highly secure vault ensures the secure storage of security assets, backed by security module technology (certified compliance FIPS 140-2).
Reliability and uptime
Reliability has measurable goals and deviations are promptly corrected. Everything is change-managed to ensure systems are updated smoothly. Incidents are interrogated and corrected. We have consistently had more than 99.99% uptime and reveal all incidents and downtime on our status page.
Business continuity and disaster recovery plans
It takes much more than a secure system and high-availability architecture to ensure we meet our obligations, both internally and externally, following a disruptive incident. As such, both our Business Continuity Plan and IT Disaster Recovery Plan outline how we respond and recover our system. Plans are reviewed and approved annually, or as significant organizational changes occur. We review the systems, facilities and third-party relationships that enable the recovery and restoration of Avaya OneCloud solutions. We review and set Recovery Point Objectives (RPOs) and Recovery Time Objectives (RTOs).
IT service management (ITSM) eBonding
The Avaya eBonding system is an integration solution that interfaces Avaya's managed services platform with our customers’ and partners’ ITSM solutions. Avaya REST API service offerings enhance platform capabilities and provide a seamless exchange of incident and change (service request) information. For more information about our ITSM eBonding or REST API Service offerings, contact your Avaya representative.
Incident management
Avaya’s incident management policy and procedures ensure our teams proactively study risk, respond quickly to mitigate potential risk, and promptly notify clients of any unauthorized access to personal data.
Quality controls
Avaya monitors our services for potential security and performance issues. Controls are implemented at every point of the development lifecycle using SOC2, ISO 27002 and ISO 22301 standards. We practice staging as part of our secure development process, ensuring the testing of new features and content doesn’t negatively impact the stability of production environments.
Security operations
Avaya uses top tools to prioritize and respond to vulnerabilities and security incidents faster. Avaya teams manage preparation, planning/prevention, monitoring, detection/response, and refinement and compliance management.
Asset inventory
An exhaustive inventory of the data center—applications, databases, servers, cloud services, endpoints—and the protection tools in use: firewalls, antivirus/anti-malware/anti-ransomware, monitoring.
Incident response planning
An organization's incident response plan—activities, roles, and responsibilities in the event of a threat or incident—and the metrics to measure success.
Regular testing
Vulnerability assessments that identify each resource's vulnerability to potential threats. Plus, penetration tests, followed by remediation.
Continuous monitoring
24/7/365 monitoring of cloud workloads and the network for known exploits and suspicious activity. SIEM monitors and aggregates alerts and telemetry in real time and analyzes the data to identify potential threats.
Log management
Collection and analysis of log data generated by the control plane and the data plane.
Threat detection
SIEM solution with AI that learns suspicious activity.
Refinement
Recurrence prevention measures to update processes and policies, choose new cybersecurity tools, or revise the incident response plan.
Compliance management
All applications, processes and devices comply with current certified regulations.