Ensuring the Security of our Digital Workplace

As a technology company, we naturally care a lot about the security of our workplace. The way that colleagues in our company communicate, access applications and handle data plays a vital role in ensuring overall security. We work to create a secure environment by applying state-of-the-art concepts such as Zero-Trust and bringing in the right solutions to help with the job.

Zero-Trust Architecture

Secure access management is a key cornerstone in any tech-enabled business. Using a SASE-architecture, we validate and authenticate at every key decision point in a context-based fashion (considering the user’s device, its state, location etc.)

Awareness & Edcuation

People can be the weakest link, but they can also turn into a strong point. This is how we look at it within CrossEngage. Our teams undergo a dedicated security onboarding, where we create awareness around key threat scenarios that are important for our company.

Secure Communication & Collaboration

To secure data during day to day work, we rely on a strong foundation. CrossEngage uses Google Workplace (Enterprise), end-to-end encrypted communication channels and more dedicated solutions, in order to ensure data is safe at any point in time.

Ensuring the Security of our Infrastructure & Applications

To build on a maximum strong foundation, CrossEngage relies on German providers to manage infrastructure, operations and service delivery.

System & Runtime Security

We deploy safeguards in every runtime that we are managing. This includes Endpoint Detection & Response (EDR) and Vulnerability Management (VM) solutions to monitor for indicators of compromise in our environment.

Edge Security

CrossEngage’s infrastructure perimeter is protected through Cloudflare’s edge network and connected Web Application and API Protection (WAAP) capabilities. This added layer of security protects against 0day exploits, volumetric attacks and more.

Attack Surface Management

Taking the attackers viewpoint is an important (and high-leverage) strategic weapons against attacks. At CrossEngage, we aim to tightly control our external attack surface to minimize entry points that attackers can exploit.

Ensuring Security of Customer Data

We believe firmly that your data is our responsibility. You own it, not we. As such, we offer our customers a detailed Data Processing Agreement that describes our commitment to protecting any data that we collect and process to deliver our service.

Data Hosting with German Infrastructure Providers

Our data is stored with our Frankfurt-based data centre provider Telehouse, who holds numerous security certifications  as you would expect.

Data Encryption

Encryption is an important piece of CrossEngage’s data security strategy. At any point when data is processed between our systems, we rely on Transport Layer Security (TLS) for transit encryption. This prevents eavesdropping. For data stored „at rest“, we leverage OS-native security features on all of our systems.

Tenant Separation

CrossEngage leverages stringent data segregation principles. This means that our customer’s data is logically separated on the storage level with tight access control rules, such that access is only granted to authorized people even inside of CrossEngage.

Cross-Cutting Initiatives

Security at CrossEngage entails much more than what you see on this page. As our services are evolving, so is our threat landscape. Our Security Team runs quarterly OKR programs to improve the status quo even more. Here is a selection of other initiatives that are more cross-cutting in nature but could be valuable for you to understand.

Bug Bounty & Penetration Testing

CrossEngage is investing in a close relationship with the security research community, and we greatly value their help identifying vulnerabilities in our products. Our Vulnerability Reward Program was developed to honor all the external contributions that help us keep our services safe.


Incident & Breach Response

Continuous Threat Modeling

Security by Design mandates us to be as proactive as possible in understanding our own threat landscape. Our Security Team takes this risk-centric viewing angle by regularly conducting threat modeling workshops, to determine where we may have gaps or room for improvement.