61% of data breach victims are businesses with less than 1000 employees, while 98% of all Distributed Denial of Service (DDoS) attacks are almost always targeted at large organizations.
75% of all data breaches are perpetrated by individuals outside your organization. Half of all breaches involve malware—with ransomware rising to the ranks in 2017 as one of the most common forms of malware.
Source: The 2017 Verizon Data Breach Report
It begins with software design and development practices and continues through deployment and customer support to ensure that we secure and protect customer data while delivering carrier-grade reliability.
The impact of a natural disaster or an unexpected outage on business operations can cause overwhelming downtime. This is where geographic redundancy becomes important ensuring high availability of business critical systems by mitigating the risk of unforeseen disruptions. Our cloud environment is highly available with data centers located around the globe.
Our data centers host geographically redundant deployments of our BroadCloud technology using a fault-tolerant architecture. Without a single point of failure, we can maintain service availability even in the event of a major disruption.
End-to-end monitoring of BroadCloud—our application delivery platform—and proactive reporting on its real-time status and scheduled maintenance notices allows us to deliver exceptional quality of service, bringing you business continuity and peace of mind.
|"Our BroadWorks software application has been designed from the ground up for 5 9's availability and carrier-grade reliability. This is the application implemented in hundreds of carrier networks globally, and is the foundational building block of our SaaS-based BroadCloud UC-One offer."|
The BroadSoft application delivery platform is deployed across SSAE 16 and ISO 27001-audited data centers and AWS/GCP public cloud infrastructures.
BroadSoft partners with Tier-4 data center operators with years of experience in the design, implementation, and operation of large-scale data center facilities that are armed with physical security measures, external and environmental threat management safeguards, and rigorous access control mechanisms.
Our data centers and cloud partners
|"Broadsoft leverages a shared security model where we inherit compliance frameworks, physical security and network security from our world-class infrastructure providers."|
Maintaining and ensuring the protection of information interconnected through our network is essential to BroadSoft. Our network security best practices include:
BroadSoft systems are subject to evaluation consistent with applicable laws, regulations, agency policies, procedures, and practices. Reviews by independent agencies are conducted on a regular basis to ensure that our information security processes are adequate, complete, fit-for-purpose, and enforced.
BroadSoft’s approach to software development is grounded in the fundamentals of security and quality.
Our Secure Software Development Lifecycle (SSDL) uses the “Security by Design” and “Privacy by Design” approach to ensure that our applications have consistent security postures that minimize product security and privacy risks.
BroadSoft applications undergo rigorous security testing and scan validations for OWASP secure coding practices as part of their development lifecycle. Our recommended configurations deliver five nines availability to attain software integrity, resiliency, scalability, and highest reliability.
|"As a technology company, BroadSoft understands that security and privacy
Protecting customers from fraud is vital to BroadSoft. Our real-time fraud detection application analyzes calling patterns to protect our customers from losses due to fraudulent call activity.
The application closely monitors call traffic for any suspect usage patterns for further investigation. When unusual activity is detected, a number of fraud mitigation actions are invoked that include blocking outgoing calling, checking if offending calls are still active and terminating them, and sending alerts and notifications to the operations team. A real-time monitoring dashboard provides insights per site and per enterprise.
As a member of CFCA—the premier international association for fraud risk management and prevention—BroadSoft uses an industry-supplied list as one basis for monitoring destinations that have had fraudulent activity reported to the organization.
|"BroadCloud’s world-class fraud detection capabilities quickly identifies calling anomalies reducing actual fraud loss for our service provider customers."|
BroadSoft adheres to the most stringent security compliance, policy, and certification frameworks to protect your business communications.
As part of a continued commitment to industry best practices and benchmarks, BroadSoft has adopted ISO 27001:2013 as its security compliance framework and leverages NIST 800-53 for deployments in the US, European Union, and Australia.
With a recently attained FedRAMP “In Process” status, BroadSoft continues to work through the government FedRAMP Security Assessment Framework. BroadSoft also holds PCI-DSS level 1 compliance for our products that interact with end-user cardholder data.
|"Performing external audits of our security posture against industry standards is how we attest our bSecure commitment to our customers."|
Driven by core operating principles and priorities, a thorough adherence to legal, regulatory, and risk management frameworks, and industry best practices and expectations, BroadSoft’s data protection and privacy program
BroadSoft also recognizes the importance of data privacy while also adhering to valid law enforcement requests. Requests for information received from authorized law enforcement authorities will be responded to according to BroadSoft policies, terms, and applicable laws.
General Data Protection Regulation (GDPR) is the most robust set of data protection requirements due to be enforced across the European Union in May 2018. BroadSoft embraces GDPR as an opportunity to enhance our corporate responsibilities to data protection obligations and privacy principles. With the adoption of this gold standard, our data protection and privacy program will be based on delivering the core requirements of GDPR.
|"Our partnership with the major Tier 1 carriers in the EU puts us in a unique position to get direct input from them in the interpretation of the GDPR for their telecommunications and cloud UC deployments."|
BroadSoft has a security team dedicated to your success. Lead by Chief Information Security Officer Mark Kushnir, the team is responsible for creating and implementing our bSecure policies and practices.
The mission of Mark and his team is to:
At BroadSoft, we are committed to providing a secure product and appreciate help from independent researchers, industry organizations, vendors, customers and other sources in identifying ways we can improve the security, integrity, and reliability of all BroadSoft products.
However, there are some caveats to the above statement that we believe fall outside of what we consider responsible community help.
Permission is not granted and we ask that you refrain from any of the following actions:
To report a suspected security vulnerability, email corporate security.
Have a general security inquiry? Get in touch with us by completing this form.