Riva is built using the Microsoft .NET Framework and Microsoft technology stack. Riva implements security based on Microsoft security best practices.
Communication from Riva to and from your CRM and email systems is made via SSL encryption. Riva communicates with your Exchange Client Access Server (CAS) using SSL-encrypted access to Exchange Web Services and communicates with your CRM using encrypted web services. The HTTPS certificate used for rivasync.com is the highest available from Verisign using an RSA 2048-bit encryption.
Riva uses a data pass-through model and architecture. Unlike BlackBerry Enterprise Server, Good Technologies Sync Server or other data sync solutions, Riva does not retain a local copy of your Exchange message and data store. Nor does Riva retain a copy of your CRM data. Riva does not do a store and forward data transfer of email content. Riva does not store email content at any time.
Riva stores certain minimum types of information in memory for performance improvement. In order to keep communication with Exchange and your CRM as efficiently as possible, Riva caches a dynamic mapping of company email domains and related contact email addresses in the Riva server RAM so it doesn’t have to look up email addresses it has already stored in memory. This information is not written to local storage.
Riva keeps sync log files in order to carry out trouble shooting activities. These log files are retained for 14 days. In the logs, Riva retains the name of the users being synchronised, the subject of emails that are being archived or SmartConverted and the name of the folder in which the SmartConvert or email archive process is carried out. The content of the email is never read or stored by Riva and is therefore not kept in cache or in the log files. Companies interested in reviewing the specific information that is being cached for their accounts can receive a link to the meta directory information to see exactly what is being retained.
Customers have no access to the Riva file system where the log files are stored. Because there is no customer email or CRM data stored on the Riva Cloud servers, there is no possibility for a security breach by intent or by accident. There are only two Riva engineers who have access to the Riva file system: Our CTO and the Riva Architect.
Riva communicates with Exchange using the standard Exchange “Full Access Impersonation” method. By implementing user impersonation, Riva synchronises each individual user’s account as if the individual user were accessing the system. This ensures that CRM visibility and security and Exchange mailbox access are respected by Riva. Using impersonation, if a user modifies a contact in Outlook, the “modified by:” field is preserved in your CRM as the user who made the modification in Outlook.
From a physical security perspective, no Riva employees have access to the Riva servers. Riva Cloud is hosted in the Amazon EC2 Virginia data center. As such, Riva users benefits from the following Amazon security:
Amazon Web Services: Overview of Security Processes
Configure Exchange Full Access: http://kb.omni-ts.com/entry/467/#full-access-permissions