Security

Genesys Cloud uses industry-standard encryption to protect the confidentiality, integrity and availability of customer data — ensuring it’s encrypted both in transit and at rest. We use TLS 1.2 or higher to protect data in transit and AES-256 encryption for data at rest. Both meet FIPS 197 and FIPS 140-2 standards. For added protection, organizations can encrypt sensitive recordings, including transcripts, using their own Amazon Key Management Service (KMS) keys or local key manager (LCM) keys.

Security is embedded in every stage of the software development lifecycle (SDLC) at Genesys. In the design stage, we apply practices like threat modeling and security-focused design reviews. In development, our teams use secure coding techniques and undergo mandatory peer code reviews. Before release, code undergoes testing against security standards such as the OWASP Top 10 and SANS Top 25. Post deployment, ongoing application scanning checks for new vulnerabilities, misconfigurations or exposure to known threats.

Genesys Cloud identity and access management (IAM) security measures work together to strengthen protection, minimize risk and prevent unauthorized access. Customers are responsible for managing user access controls within Genesys Cloud. Administrators can enforce multifactor authentication (MFA), define password complexity, enable single sign-on (SSO) and configure IP whitelisting for enhanced security.

To ensure proper access control, Genesys Cloud utilizes both role-based access control (RBAC) and attribute-based access control (ABAC). RBAC enforces the principle of least privilege by granting users only the permissions necessary for their job function. Access is granularly managed through roles, permissions and divisions to maintain segregation. ABAC evaluates subject, object or environment attributes to determine access. It works alongside RBAC and divisions to provide more granularity and flexibility in access control. System audit logs track critical changes, providing visibility into user actions and supporting compliance efforts.

Genesys Cloud leverages the AWS secure infrastructure, strengthening it with industry standard network security controls designed to protect customer data. We follow AWS best practices for security groups, load balancers and routing configurations to ensure secure, efficient and reliable network services.

Each production environment is logically isolated within a virtual private cloud (VPC) for enhanced security. All connections between the Genesys Cloud VPC, browsers, mobile apps and other components are encrypted via HTTPS/TLS with AES-256 encryption, ensuring secure data transmission over the public internet. Additionally, authorized customer data connections between Genesys Cloud and third parties are conducted using secure methods and protocols (e.g., HTTPS, TLS, SFTP).

Genesys continuously scans for security threats using penetration testing, pre-deployment testing and industry-leading tools. Our host and network based intrusion detection systems provide real-time alerts on suspicious activity. We also employ file integrity monitoring (FIM), anti-malware solutions and access monitoring to proactively detect and mitigate potential threats.

AWS provides physical data center security. Controls include perimeter security such as fencing, walls, security staff, video surveillance and intrusion detection systems. Authorized staff must pass two-factor authentication to access data center floors. Full compliance documentation is publicly available on the AWS Cloud Compliance site.

Genesys employs a dedicated Information Security and Compliance team focused on security, auditing, compliance and risk management. This team collaborates with the Security Steering Committee for oversight and governance and works cross-functionally to enforce the Cloud Security Policy.

Furthermore, all employees and contractors must complete training, with annual recertification, to review key principles and tenets involving cybersecurity, privacy and compliance.