FAQs: Security

Genesys is dedicated to assisting with your automated testing needs through our Automated Testing Support program. This program, enhanced by our direct testing experience, customer tests, and regular reviews, provides valuable guidance on testing best practices. If you are considering automated testing, we encourage you to connect with your Genesys or partner team to learn more about the program and review process.

Genesys wants you to have confidence in the Genesys Cloud platform and all its associated features, such as data action integrations with your systems, call delivery through your network, and more. Therefore, as part of our standard process, Genesys conducts thorough load testing at twice the peak regional load. Our internal load testing involves automated (synthetic) transactions replicating the traffic characteristics and capabilities observed in the production environment. This traffic encompasses inbound calls, outbound calls, chats, and messaging.

Genesys also continually monitors Genesys Cloud and customer traffic to detect any irregularities in production environments. Specific limits are set for Genesys Cloud organizations to protect services from abusive and unexpected traffic, promote efficient use of billable resources, and safeguard against unexpected usage. For more information about these limits, see Limits.

Unusual traffic may be caused by automated testing, unauthorized load testing, abusive access, or misconfiguration. Such irregularities could be seen as a Denial of Service (DoS) attack on Genesys Cloud or its customers. This type of traffic can trigger alarms, which can lead to notifications to Genesys- and end-customer personnel and result in additional costs.

Genesys Cloud understands that your credentials and secrets are sensitive information, and we treat them with the utmost care. We encrypt your credentials and secrets and store them in a secured environment. Some of the strict security measures that we implement include:

• Store credentials in a highly encrypted manner with extra security and cryptographic protections
• Provide additional access controls to limit sharing to only those services that require your credentials
• Establish safeguards to ensure that credentials are inaccessible to the Genesys Cloud engineers in any format
• Ensure that credentials are not available through the public API
• Transmit credentials internally to the services that actually use them in an encrypted manner

For more information about Genesys Cloud security, see About security and compliance.

Genesys Cloud processes inbound email through AWS Simple Email Service (SES), which scans messages for malware (viruses and spam). If SES detects a virus in an email, or if the virus scan is incomplete or inconclusive, Genesys Cloud immediately disconnects the email and does not send it to a queue. However, no antivirus solution is 100% effective so Genesys recommends that you install antimalware software on every Genesys Cloud endpoint. For more information, see Malware and antispam protection best practices. 

This FAQ is closely related to How does Genesys Cloud handle email marked as spam? When SES (or another tool) identifies email as spam, that email has a higher likelihood of including malware links in attachments or phishing schemes with links in the content. 

The Genesys Cloud platform is built with a microservices architecture on top of Amazon Web Services (AWS). Genesys Cloud’s use of AWS is compliant with Section 889 and the implementing contract clause FAR 52.204-24. Specifically in accordance with FAR 52.204-24, AWS has conducted a reasonable inquiry and confirms that it does not use “covered telecommunications equipment or services” as a “substantial or essential component” or as a “critical technology” of any system, as those terms are defined in FAR 52.204-25, in any AWS infrastructure or services that AWS provides to Genesys Cloud.

The Genesys Cloud suite of products are built on Amazon Web Services (AWS). AWS provides an impressive security and compliance portfolio with their cloud services, but Genesys Cloud doesn’t stop with just those core services.

• Genesys Cloud uses Hypertext Transfer Protocol (HTTPS) and Transport Layer Security (TLS) to secure all connections to browsers, mobile apps, and other components bi-directionally with Advanced Encryption Standard (AES)-256 encryption.
• Genesys Cloud makes it easy to encrypt voice traffic with TLS Session Initiation Protocol ((SIP) signaling) and Secure Real-Time Transport Protocol (SRTP) (IP voice).
• Call recordings are encrypted at rest. For more information, see Recording encryption key overview.
• S3 buckets for content management and other sensitive data stores provide encryption at rest.
• Extensive use of ephemeral storage for databases removes the potential for compromised data from stolen or lost hard drives.
• Backups are encrypted in transit and at rest.

Yes. Genesys Cloud has a proprietary border controller that supports (MTLS/SRTP) to allow encryption and authentication of signaling and media traffic. Features also include ACLs to limit IP endpoints, Rate Limiting for Denial of Service attacks, SIP digest authentication, and dialing rights validation to prevent outside toll fraud.