Here at Benbria®, we take data protection and privacy very seriously. We want our customers to feel at ease using the Loop platform – therefore security and security training are always a top priority.
In this tips and tools post, we break down the security processes for team members and customers when it comes to accessing the Loop Platform:
Policies and Management
Before we begin it’s important to note that the information security policies at Benbria® are issued, approved, supported, and regularly reviewed by senior DevOps and Engineers.
These teams ensure that all policies are up to date and maintained to suit present-day standards. On that same note, the employees at Benbria are kept actively informed of the best practices and security policies during regular security review meetings.
In addition, the Loop® platform has an authorization and permissions infrastructure that allows granular access and privilege control for each user on the platform, including guests, team members and Benbria employees.
Security is multi-faceted; here are some highlights:
- Physical security: Benbria® leverages Amazon’s AWS hosting facilities – a world-class provider with comprehensive security access controls. Benbria’s offices are secured with key-card access restrictions and 24 hour security and surveillance.
- Digital security: All Loop® platform devices and users are required to use HTTPS connections with industry-leading SSL encryption, mitigating ‘man in the middle’ or ‘packet sniffing’ risks.
- Data security: All passwords are encrypted during transmission and are stored in an unreadable and unrecoverable hashed format: user passwords are safe! Account data is secured on redundant physical servers, hidden behind intelligent firewall and private cloud layers.
- Social security: In addition to clean-desk policies, strong-password policies and good judgement in general, Benbria enforces data access restrictions based on employee role as described below.
Access Control: Benbria® Employees
In the context of Benbria® employees, the Loop® platform’s authorization infrastructure controls the number of team members that have access to the platform and its account data.
Most Benbria personnel have access to no more than the aggregate data by industry vertical. Only those authorized members of Benbria’s Engineering team whose roles require administering production software deployments have access the to the hosted resources, the corresponding SSH private keys, and any account-specific data. This ensures all account information is kept secure and only visible to those who are working on the specific program.
Benbria team member roles and and access rights are summarized in the table below:
Access Control: Team Members
In order to use the Loop® platform, team members are required to login. Loop requires both a username and password for access.
Usernames must be unique within each account and passwords are mandatory. When the team member is authenticating it or enduring password procedures the presentation of the password is masked. Passwords are stored in the Loop platform in an encrypted format and are never retrievable in plain text.
Example permissions for regular team member access are provided below. Permissions can be defined per user:
Access Control: Admins or Owners
The role of an “Admin” or “Super Admin” can be applied to an individual user account to give them elevated privileges, such as: creating, modifying and assigning users to locations, set escalations, and export invitations and conversations. Giving a user administration rights will enable the following:
All of the authenticated users have access to modify their own personal information, which includes: username, password, name, organization, contact information, and contact preferences.
Access Control: Contacts
A Contact is the individual customer (or guest) of the business. Depending on how the Contact engages with the Loop® platform, they can be classified as one of the following:
Anonymous: The Contact is using a public channel without leaving identifying or contact information. Anonymous users can access the Loop platforms customer interface, provide requested information and receive replies while using the interface, but after ending their session are unreachable.
Contactable: The contact is using a channel where contact information is explicitly or implicity available to Loop, and Loop can reach this individual with future messages. As an example, the customer can enter their email address or phone number so they can receive a message pushed by the Loop platform.
Registered: The contact is either known to Loop in advance (in which case they might receive a personalized link to access Loop) or fully registers during their first interaction, including providing their personal contact information. As an example, the Hotel sends a private link to an arriving guest as part of a check-in welcome package.
As a standard, the Loop® platform does not require Contacts to authenticate. If they are a customer not wanting to provide any information and simply make a comment, they are able to do so! Loop treats all Customer Users as external, and segregates Customer Users from team member users and team member data. You can provide information into the Loop platform, but the only data they have access to is automated and manually-entered team member comments.
As part of our ongoing process, training is a regular part of the Benbria® work day. It is important to note that the development team process includes security requirement gathering, implementation, and verification steps before acceptance into production. This means that each development feature includes a security evaluation component. Where the feature can possibly impact security, then feature specific security documentation and testing is implemented. This occurs in addition to regular release level security testing.
Do you want to drive efficiency with your Loop conversations? Read our blog post: Tips and Tools : Loop Inbox™ Conversations