FAQs: Security

Genesys Cloud AI Ethics key principles

Genesys Cloud AI Ethics enables customer privacy through the following key principles:

1. Balance value creation with empathy: Genesys prioritizes understanding and addressing the needs of all stakeholders during the value-creation process, with privacy considerations integral to any decision.
2. Incorporate privacy design principles: Privacy is embedded by design at Genesys. The right to privacy is protected from the outset, governed by explicit customer consent through mechanisms like master service agreements (MSA). These principles include opt-in clauses and data-use consent, with a focus on anonymization and regulatory compliance.
3. Understand and reduce bias: Genesys actively works to mitigate bias in AI models to support ethical and fair decision-making, considering the broader context when handling data.
4. Value transparency: Genesys takes measures to make sure that stakeholders are informed and understand the decision-making processes behind AI models, promoting trust in how data is used and managed.

Which AI models are used on your platform?

Genesys has a three-fold artificial intelligence (AI) model strategy; a structured approach that applies different types of AI models, each serving a unique purpose in the Genesys Cloud AI-powered platform. This approach enables Genesys Cloud to address a wide range of use cases with precision, flexibility, and adaptability.

1. Proprietary machine learning (ML) models: Custom, enterprise-grade AI models developed in-house and tailored to meet your organizational requirements, with a focus on advanced features and performance.
2. Open-source models: Genesys Cloud integrates a diverse set of pre-trained, open-source AI models to help facilitate adoption and deliver cost-effective AI capabilities. These models are further fine-tuned with task-specific and industry-specific data to help ensure that they meet the specialized demands of our customers. This process allows Genesys Cloud to provide flexible AI solutions that extends across industries and adapt to unique business requirements.
3. Foundation models: Innovative, large language models (LLMs) delivered as a service within our data and security compliance envelope. Foundation models cater to advanced use cases that require high levels of comprehension. With this option, Genesys Cloud’s AI capabilities offer customers advanced AI for complex applications, such as retrieval-augmented generation.
4. Custom models: If you need a custom AI model, Genesys Cloud also supports Bring Your Own (BYO) custom model integrations, which provides a consistent experience for customers with highly specialized needs.
   • Transcription with options to connect Google or Microsoft Azure Transcription.
   • BYO Knowledge Connectors to content management systems.
   • Later, BYO LLM for services, such as summarization.

This three-fold approach allows Genesys Cloud to deploy versatile, powerful AI capabilities that give you the best of proprietary innovation, open-source adaptability, and foundation-level advancements.

In what cases is customer data used to train your AI models?

Customers can consent to participate in service improvements through a rigorously controlled process. Data is sampled and fully anonymized in the production environment before it can be used for AI model training purposes. By default, the Genesys Master Service Agreement (MSA) opts customers out of any data donation.

Genesys is dedicated to assisting with your automated testing needs through our Automated Testing Support program. This program, enhanced by our direct testing experience, customer tests, and regular reviews, provides valuable guidance on testing best practices. If you are considering automated testing, we encourage you to connect with your Genesys or partner team to learn more about the program and review process.

Genesys wants you to have confidence in the Genesys Cloud platform and all its associated features, such as data action integrations with your systems, call delivery through your network, and more. Therefore, as part of our standard process, Genesys conducts thorough load testing at twice the peak regional load. Our internal load testing involves automated (synthetic) transactions replicating the traffic characteristics and capabilities observed in the production environment. This traffic encompasses inbound calls, outbound calls, chats, and messaging.

Genesys also continually monitors Genesys Cloud and customer traffic to detect any irregularities in production environments. Specific limits are set for Genesys Cloud organizations to protect services from abusive and unexpected traffic, promote efficient use of billable resources, and safeguard against unexpected usage. For more information about these limits, see Limits.

Unusual traffic may be caused by automated testing, unauthorized load testing, abusive access, or misconfiguration. Such irregularities could be seen as a Denial of Service (DoS) attack on Genesys Cloud or its customers. This type of traffic can trigger alarms, which can lead to notifications to Genesys- and end-customer personnel and result in additional costs.

Genesys Cloud understands that your credentials and secrets are sensitive information, and we treat them with the utmost care. We encrypt your credentials and secrets and store them in a secured environment. Some of the strict security measures that we implement include:

• Store credentials in a highly encrypted manner with extra security and cryptographic protections
• Provide additional access controls to limit sharing to only those services that require your credentials
• Establish safeguards to ensure that credentials are inaccessible to the Genesys Cloud engineers in any format
• Ensure that credentials are not available through the public API
• Transmit credentials internally to the services that actually use them in an encrypted manner

For more information about Genesys Cloud security, see About security and compliance.

Genesys Cloud processes inbound email through AWS Simple Email Service (SES), which scans messages for malware (viruses and spam). If SES detects a virus in an email, or if the virus scan is incomplete or inconclusive, Genesys Cloud immediately disconnects the email and does not send it to a queue. However, no antivirus solution is 100% effective so Genesys recommends that you install antimalware software on every Genesys Cloud endpoint. For more information, see Malware and antispam protection best practices. 

This FAQ is closely related to How does Genesys Cloud handle email marked as spam? When SES (or another tool) identifies email as spam, that email has a higher likelihood of including malware links in attachments or phishing schemes with links in the content. 

The Genesys Cloud platform is built with a microservices architecture on top of Amazon Web Services (AWS). Genesys Cloud’s use of AWS is compliant with Section 889 and the implementing contract clause FAR 52.204-24. Specifically in accordance with FAR 52.204-24, AWS has conducted a reasonable inquiry and confirms that it does not use “covered telecommunications equipment or services” as a “substantial or essential component” or as a “critical technology” of any system, as those terms are defined in FAR 52.204-25, in any AWS infrastructure or services that AWS provides to Genesys Cloud.

The Genesys Cloud suite of products are built on Amazon Web Services (AWS). AWS provides an impressive security and compliance portfolio with their cloud services, but Genesys Cloud doesn’t stop with just those core services.

• Genesys Cloud uses Hypertext Transfer Protocol (HTTPS) and Transport Layer Security (TLS) to secure all connections to browsers, mobile apps, and other components bi-directionally with Advanced Encryption Standard (AES)-256 encryption.
• Genesys Cloud makes it easy to encrypt voice traffic with TLS Session Initiation Protocol ((SIP) signaling) and Secure Real-Time Transport Protocol (SRTP) (IP voice).
• Call recordings are encrypted at rest. For more information, see Recording encryption key overview.
• S3 buckets for content management and other sensitive data stores provide encryption at rest.
• Extensive use of ephemeral storage for databases removes the potential for compromised data from stolen or lost hard drives.
• Backups are encrypted in transit and at rest.

To learn more, see Genesys Cloud and CCPA compliance.

Yes. For more information, see PCI DSS compliance.

To learn more, see Genesys Cloud and GDPR compliance. 

Yes. Genesys Cloud has a proprietary border controller that supports (MTLS/SRTP) to allow encryption and authentication of signaling and media traffic. Features also include ACLs to limit IP endpoints, Rate Limiting for Denial of Service attacks, SIP digest authentication, and dialing rights validation to prevent outside toll fraud.