Service security
This section describes the security measures for Sinch Contact Pro, including the architecture, encryption, and operational procedures.
Data centers
Sinch Contact Pro resides on redundant server infrastructure on a redundant multi-tier network in Amazon Web Services (AWS) cloud. Sinch provides the service within a single AWS availability zone.
Sinch Contact Pro data centers are:
- US West (Oregon)
- EU (Frankfurt)
- AU (Sydney)
- AF (Cape Town)
Network architecture
Sinch Contact Pro tenants are segregated from the internet with standard and web application firewalls as well as Session Border Controllers (SBC). The network is divided into separate zones based on security and trust levels.
Connections and encryption
Users connect to Sinch Contact Pro through the internet. Connections to Sinch Contact Pro are secured with HTTPS (User Interfaces), TLS (SIP), and SRTP (Voice). Data at rest is encrypted.
Tenants and segregation
Sinch Contact Pro has customer-specific tenants in a dedicated subnet to ensure proper segregation between customers. By default, the tenant is provisioned in the data center closest to the customer’s end-users. European customers are provisioned in the EU data center.
There are two types of tenants: production and test. A production tenant is provisioned for each customer by default. A test tenant is an optional service that can be utilized in system upgrades to verify functionality before production tenant upgrade. A test tenant is recommended especially if the customer has critical integrations between its business systems and Sinch Contact Pro.
Hardening and patching
Operating systems are hardened. Critical security patches for platform and network devices are deployed immediately without further notice in weekly maintenance windows. Other security patches for platform and network devices are deployed during quarterly maintenance windows.
The Sinch Contact Pro application is updated in quarterly maintenance windows when new versions are released. In case there is a need for urgent corrections between quarterly releases, Sinch will issue an additional patch version that will be installed in weekly maintenance windows.
Endpoint security
Endpoint security is implemented with Crowdstrike Falcon. The Sinch cybersecurity team monitors the environment 24/7, investigates potential information security incidents, and ensures that all necessary remediation actions are taken in the event of a confirmed incident. In addition, vulnerability scans are done weekly.
Monitoring
Sinch Contact Pro infrastructure (CPU, memory, storage, API status, and queries) is monitored 24/7 to ensure operational stability. If needed, capacity is increased.
Disaster Recovery and Backups
Sinch Contact Pro has a disaster recovery plan. Restoration of the service is reviewed annually. Recovery Time Objective (RTO) is 4 hours and Recovery Point Objective (RPO) is 24 hours. Database backups are created daily and are kept for 14 days.