Riva Advantage: CRM integration security for companies of all sizes
Companies of all sizes choose Riva as their core CRM and email integration platform because Riva delivers end-to-end secure processes that enable much more than standard integration tools. We start this three-part Riva Advantage blog series by focusing on security. Scalability and flexibility will be covered in future articles.
Whether you’re just starting your search for a CRM and email integration solution or looking for a new solution, you’ll want to ensure the options that you evaluate offer the Key Security Principles identified in this article. You might be surprised to learn that other integration solutions, including CRM publisher solutions, might not offer all of the key security components that come standard in Riva!
Security and data loss prevention have been thrust into the spotlight with massive data breaches in the recent past. Complexity and costs to protect data continue to grow with the increased sophistication of phishing, ransomware, and other attacks.
The European Union recently implemented GDPR to make sure organizations be prescriptive and transparent about how they collect, store, share, and protect customer data. The cost for GDPR non-compliance is an astounding 20 million Euros or 4% of global revenue!
Add this all up and the demand for systems that consider and apply data privacy and security first is at an all-time high.
Since Riva Cloud was first launched in 2011, we have seen a tectonic shift in the types of questions customers ask before deploying a cloud solution. This shift demonstrates a better understanding of cloud technologies and an increased interest and concern for protecting customer data privacy.
When CRM and email integration tools have access to critical data systems, ensuring the application architecture and data stream are designed to keep data safe is key. Being transparent about how the solution achieves these objectives is critical – whether the solution is a plugin, cloud-based or on-premises.
Customers take great care to evaluate security when choosing their CRM and email platforms. That same standard of security must be considered when choosing a data integration solution. Gaps in application design and lack of advanced security and control are well-known risks when using Outlook plugins or publisher-provided server-side sync options.
In many cases, solutions and tools that require access to your CRM and email data systems lack the architecture required to ensure your data is safe and the synchronization process can be properly defined to respect employee, customer and corporate compliance and privacy requirements.
If your organization experiences a security breach, how can you ensure your customers’ valuable data is kept secure? Is your current data integration solution putting you at risk or helping to mitigate the security risk?
Can a highly-configurable, server-side solution like Riva Cloud and Riva Enterprise (Cloud or On-Premise) help your company ensure better end-to-end security than offered by the default server-side or desktop sync options? Yes it can, and that’s the Riva security advantage!
Key principles used by Riva for CRM and email integration security
Principle #1: Store only what is needed… What is metadata?
If you don’t store it, you don’t risk losing it!
As a founding principle, Riva only stores non-sensitive data in the “metadata” it creates and manages. How does Riva use metadata, you ask? Metadata is a set of data that describes and provides information about other data. Riva only persists key metadata, not users’ actual data.
An essential function of an application like Riva is to keep track of what was previously synchronized and what is currently in the process of being synchronized. The metadata does just that. But what’s critical to understand is that this metadata doesn’t store any “content”. Instead of storing user data, Riva stores unique record identifiers and modification time stamps. A few megabytes of metadata can store everything that’s required by Riva to synchronize 100 GB of data. In addition to providing data and identity security, using metadata provides improved scalability and performance.
This strategy has additional key benefits including: reduction of risk with regards to data loss and, due to these built-in controls, a reduced audit and compliance overhead thereby guaranteeing a more secure result. Many integration tools and plugins lack these controls of how data is retrieved, stored, persisted and communicated to various systems.
Riva Cloud processes and persists metadata on Amazon Web Services (AWS), a cutting-edge, highly secure cloud environment trusted and used by all customer types including enterprise customers and government entities around the world. Riva On-Premises customers benefit from the additional security of being able to run Riva inside their firewall and having complete control of their communication channels.
Principle #2: If you store it, encrypt it!
Customers using Riva Cloud don’t have to pay more for data encryption – a service which might not be available free-of-charge with other cloud sync providers. All data collected and transmitted by Riva Cloud are encrypted at multiple levels.
Riva uses encryption at the application-data level, and in-memory encryption. Additionally, when deployed using Riva Cloud, disk-based encryption infrastructure is used to ensure that backups and snapshots are encrypted, and the application-specific sensitive data that is persisted is also encrypted using different encryption keys.
With Riva, credentials used to authenticate to each customer’s CRM and email system are not only encrypted at rest on the disk, they are also stored in encrypted memory – preventing a server process dump from revealing confidential server credentials.
This multi-factor, layered encryption provides a safety net for persisting data.
Principle #3: If you must communicate, encrypt the communication! (Part 1)
All communication between our customers’ systems and Riva is entirely encrypted using industry standards. It’s not just about ensuring communication encryption, it is also about ensuring that the responding services are trusted. Riva communicates using HTTPS (Hypertext Transfer Protocol Secure), which is an extension of HTTP for secure and encrypted communication between browsers and websites.
All Riva websites are automatically scanned by third-party to test verify the version of TLS and the different Cipher Suites available to ensure that we continue to support only encryption algorithms that are considered secure.
Principle #3: If you must communicate, encrypt the communication! (Part 2)
When processing data, Riva must communicate with both the CRM and the email platforms. The best practice is to always ensure that this communication uses HTTPS.
If your systems are too sensitive to be published to the internet, then Riva Enterprise (Cloud or On-Premise) is a great option, allowing for a dedicated Virtual Private Network (VPN) tunnel between the specific environments to provide an even tighter communication security profile. Don’t want to publish your Exchange servers to the internet? No problem – another Riva security advantage!
Whether using additional Encryption or Enterprise Gateway devices like CipherCloud, Sky High, IBM DataPower, Oracle Service Bus or Salesforce Platform Encryption, Riva has you covered.
In addition to ensuring that the communication is encrypted, safeguards to prevent MITM-style attacks can be configured by using a “Certificate Verification” (also known as “Certificate Pinning”) feature. This feature has two options. The first requires a trusted certificate, the second option can require that a specific destination “edge service” always provide the expected certificate thumbprint — thereby preventing connections to unauthorized end-points. “Certificate Verification” provides additional safeguards for reducing MITM attacks where DNS hijacking, DNS spoofing (DNS poisoning), or other TCP redirection methods are used.
Principle #4: Trust in a Shared Responsibility Model
Whether you run Riva Cloud or Riva Enterprise (Cloud or On-Premise), security and compliance are a shared responsibility between your systems, Riva, and you. Riva leverages best-of-breed cloud infrastructure providers to ensure security.
For Riva Cloud, Amazon takes on the responsibility of protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services. Amazon works with multiple auditors in each data center ensuring they comply with and can attest to compliance with industry standard security best practices like SOC 1/SSAE 16/ISAE 3402, SOC 2, and provides ISO 27001-certified environments. These are business-level certifications for infrastructure compliance.
Riva Cloud leverages the AWS infrastructure which includes a highly-optimized data transfer mechanism, with bandwidth and load balancing management, automated network resilience, and efficient data transfer.
Need to implement Riva on your preferred private cloud platform? Riva has full support for Microsoft Azure, IBM Softlayer, and other cloud providers.
Principle #5: Know who has access and when.
Riva Cloud’s built-in role-based access controls provide full control of who can login to Riva Cloud and once logged in, what actions can be performed.
Additional support for external identity providers through SAML or Google authentication reduces the need for managing complex passwords and enables support for multi-factor authentication or location-based restrictions. Whether using Azure AD, AD FS, OneLogin, Ping Identity, or Okta, your SAML identify provider (IdP) needs are met.
Optional dynamic user provisioning empowers automated provisioning of which mailboxes should be synchronized by leveraging existing CRM User / Profile / Role, or based on email security groups – it’s as easy as it gets!Network-based security controls allow each customer to define a set of Trusted Networks, so that only customers connecting from trusted locations are permitted to access Riva Cloud. This is sometimes referred to as geo-fencing.
And when it’s all said and done… a full audit trail keeps track of security and configuration changes made in the Riva Cloud management portal providing transparency and visibility for auditors.
Principle #6: The proof of the pudding is in the tasting.
As part of a comprehensive security program, Riva partners with leading technology and security providers to double-check and triple-check our environments.
Riva Cloud infrastructure:
- Monitored by industry leading vulnerability management, scanning, intrusion detection and prevention software.
- All sync servers, web servers and management servers have a centrally defined firewall, real-time malware detection, intrusion detection and prevention software as well as file integrity monitoring.
- All web properties are protected by a web application firewall, as well as regular web application scanning.
- The entire Amazon environment is monitored using Intelligent Thread Detection and Continuous Monitoring.
Riva engages in a minimum of four penetration tests per year provided by two different cybersecurity specialist firms.
Principle #7: Know where your data is… and who has access.
As part of our continued commitment to our customers, many customers prefer that their data process occurs within a country of residence of their choosing.
Riva provides its Riva Cloud multi-tenant and Enterprise single-tenant solutions in regional data centers of your choosing. These regions include: Europe, Australia, the United States, and, our most recently launched location, Canada. With the arrival of new regional customer privacy compliance legislation (including GDPR and others), customers can choose to deploy their workloads in a European data center, providing additional flexibility and control over data communication and residency. If one of the above regions doesn’t meet your data residency preference/requirements, other Amazon regions are available for Riva Cloud Enterprise customers.
Whether subscribed to standard or premium support or working with a Technical Account Manager, all of our team members are trained to support you and your needs.
Riva’s development, support, and client success teams are headquartered in Edmonton, Alberta, Canada.
All product development, support, and client work is carried out by Riva employees – not outsourced to offshore developers or support teams in countries where your company would not choose to do business directly – and probably countries to which you don’t want your company’s critical CRM and email data to be transported. All staff undergo comprehensive security background checks and developers undergo additional secure software development technology training.
Security is a business risk
As a recent Forbes article notes, security is a business risk, not just an IT problem. Being able to mitigate these threats requires everyone to not only think of security as a business risk and accept it, but also to act on it for all of their initiatives – including CRM integration. Successful security and compliance enforcement requires organizations to think about what these security risks mean for the business holistically and for its customers.
Are you concerned about:
- Security requirements not being met by your current sync solution?
- Data breaches that put your brand’s reputation and companies success at risk?
- How software publishers’ and third parties propose to connect to your systems using insecure processes and technologies to sync email and CRM data?
If so, we’d be pleased to help you better understand how Riva can help you meet all of your CRM and email integration security and compliance requirements, ensuring your data is safe, secure, and in your control.
Stay tuned for our next blog in this series where we’ll cover Riva’s scalability advantage.