Security practices
At Dialog
Data security
-
Monitoring: Dialog has enabled logging on all critical systems. Logs are aggregated by our incident management solutions for automated alerting capabilities.
-
Backups enabled: Dialog is hosted by AWS and stores customer data using a combination of databases. By default, AWS provides durable infrastructure to store important data and is designed for durability of 99.9% of objects. Automated backups of all customer and system data is enabled, and data is backed up daily and redundantly. The backups are encrypted in the same way as live production data.
-
Data erasure: Dialog customers are owners of their data. Each customer is responsible for the information they create, use, store, process and destroy. Dialog customers have the ability to request data deletion or self-serve their own deletion, when data is not subject to regulatory or legal retention periodicity requirements. Please refer to our Privacy Policy and Data Processing Addendum for more information.
-
Encryption at rest: Customer data is encrypted at rest using AES-256.
-
Encryption in transit: Data sent in-transit is encrypted using TLS 1.2.
-
Physical security: Dialog leverages Amazon Web Services (AWS) to host our application, and defers all data center physical security controls to them. Please refer to AWS’s physical security controls here.
Application security
-
Secure coding: Dialog’s development team use secure coding practices like OWASP top 10. After code review the code is tested by automated unit tests and vulnerability scans to ensure a secure release.
-
Vulnerability & patch management: Dialog performs regular vulnerability scanning and package monitoring on all infrastructure related hosts. Any issues that are discovered are resolved according to the severity based on our incident management protocol.
-
Separate Production Environment: Customer data is never stored in non-production environments. Customer accounts are logically separated in our production environment. We have separate development, acceptance and production environments.
Company security
-
Awareness: Dialog holds regular companywide awareness sessions with employees and management. Each periodic meeting also starts with an Information Security Safety Topic.
-
HR security: Dialog performs background checks on employees when they are hired. They are also required to sign and adhere to our Information Security Protocol.
-
Incident response: Dialog has an incident management protocol which also includes the ability for all employees to report (potential) incidents.
-
Improvements: Dialog has implemented an improvement program where all employees can report any improvement to the Information Security Management System they encounter.
-
MFA: Multi-factor authentication (MFA) is required for all Dialog employees to log into any assets the has MFA ability.
Access control
-
Data access: Dialog internally leverages the principle of Least Privilege for access. Access is granted based on a risk analysis detailing if the access doesn’t pose risks. Access reviews are conducted each quarter to ensure adequate access.
-
Password Security: Dialog has implemented a password policy based on NIST and requires MFA to be enabled for any and all systems (that provide the option for MFA). When such delegation is not possible, Dialog maintains a stringent internal password management policy including complexity, and length.
Endpoint security
-
Disk Encryption: Employee laptops have disk encryption enabled for protection
-
Endpoint Detection & Response: All endpoints have detection software installed. Additionally, Dialog has implemented a specific security policy to ensure the security of customer data and solutions. These controls ensure we have ongoing visibility of what our end point is doing, that we can detect and react quickly to any tampering or threats as well as, logging and enforcement controls.
-
Mobile Device Management: Employee devices and their software configuration are managed remotely by members of the IT team.
-
Threat Detection: Dialog utilizes a third party endpoint protection software for dedicated threat detection. The endpoint software detects intrusions, malware, and malicious activities on endpoints and assists in rapid response to eliminate and mitigate the threats.
Network security
-
Firewall: Dialog’s office networks are configured with a network firewall.
-
VPN: Dialog uses a selfhosted VPN server to make sure all online data is secure and tamper free.
Product security features
-
SAML Single Sign-On (SSO): Dialog provides Single Sign-On (SSO) functionality for our customers to access the app through a single authentication source.
-
2FA (MFA): Dialog provides 2-step verification to add an extra layer of protection to your Dialog account. This feature is available to all plan types and can be set up easily in your account settings.
-
Manage Permissions: Dialog allows admins to assign roles to ensure that users are viewing and interacting with your content exactly the way you want them to.