Application Security

Web and mobile applications built using Vox Mobile are protected by default from the top security threats identified by OWASP. Vox Mobile  low-code approach accelerates the development of secure applications in the following ways:

• Each platform upgrade automatically incorporates the latest security features into all of your applications.
• Pre-built components simplify security-related tasks such as encrypting data at rest or integrating with Identity Management systems.
• Role-based access ensures the right team members have access to change and deploy applications.
• With each release, generated code is assessed for vulnerabilities using static code analysis tools.

Infrastructure Security

When using the Vox Mobile to build and run your applications, you can rely on state-of-the-art security encompassing:

• Dedicated virtual private cloud (VPC) infrastructure for all customers, secure access to on-premises systems with VPN, and easy uploading of custom SSL/TLS certificates.
• Proactive updating of operating systems and application servers with updates and patches, including notification to customers for security-related issues.
• Penetration testing and vulnerability scanning support for customer applications.

Security Operations

Vox Mobile provides a dedicated computer security incident response team (CSIRT) for managing security threats 24/7 and proactively monitoring reputable industry sources for newly discovered security vulnerabilities.
Vox Mobile maintains a robust set of operating procedures including:

• Formal hiring procedures for employees and contractors including background checks.
• Security requirements built into our entire software lifecycle, from planning through deployment.
• Access management, patching management, change management, event management, and incident handling.
• A comprehensive business continuity strategy to protect the essential functions of the organization in the event of a disaster.

PCI Data Security Standard SAQ A

PCI DSS SAQ A was developed to address requirements applicable to merchants whose cardholder data functions are completely outsourced to validated third parties.Vox Mobile Sentry is compliant with PCI DSS v3.2, SAQ A for e-commerce applications that integrate with external payment processors.

Privacy and Data Protection

Vox Mobile applies industry-standard procedures to safeguard the confidentiality of the data stored by the applications hosted in the Vox Mobile Cloud.

• We carefully control employee access to your data and applications based on the task being performed.
• Customers can choose the region for their data to comply with data residency regulations.
• You can access your own customer data at any time with your own tools during your Vox Mobile Cloud subscription. If you end your Vox Mobile Cloud subscription, established standards and processes govern how we remove your customer data.