Ensuring the Security of our Digital Workplace
As a technology company, we naturally care a lot about the security of our workplace. The way that colleagues in our company communicate, access applications and handle data plays a vital role in ensuring overall security. We work to create a secure environment by applying state-of-the-art concepts such as Zero-Trust and bringing in the right solutions to help with the job.
Secure access management is a key cornerstone in any tech-enabled business. Using a SASE-architecture, we validate and authenticate at every key decision point in a context-based fashion (considering the user’s device, its state, location etc.)
Awareness & Edcuation
People can be the weakest link, but they can also turn into a strong point. This is how we look at it within CrossEngage. Our teams undergo a dedicated security onboarding, where we create awareness around key threat scenarios that are important for our company.
Secure Communication & Collaboration
To secure data during day to day work, we rely on a strong foundation. CrossEngage uses Google Workplace (Enterprise), end-to-end encrypted communication channels and more dedicated solutions, in order to ensure data is safe at any point in time.
Ensuring the Security of our Infrastructure & Applications
To build on a maximum strong foundation, CrossEngage relies on German providers to manage infrastructure, operations and service delivery.
System & Runtime Security
We deploy safeguards in every runtime that we are managing. This includes Endpoint Detection & Response (EDR) and Vulnerability Management (VM) solutions to monitor for indicators of compromise in our environment.
CrossEngage’s infrastructure perimeter is protected through Cloudflare’s edge network and connected Web Application and API Protection (WAAP) capabilities. This added layer of security protects against 0day exploits, volumetric attacks and more.
Attack Surface Management
Taking the attackers viewpoint is an important (and high-leverage) strategic weapons against attacks. At CrossEngage, we aim to tightly control our external attack surface to minimize entry points that attackers can exploit.
Ensuring Security of Customer Data
We believe firmly that your data is our responsibility. You own it, not we. As such, we offer our customers a detailed Data Processing Agreement that describes our commitment to protecting any data that we collect and process to deliver our service.
Data Hosting with German Infrastructure Providers
Our data is stored with our Frankfurt-based data centre provider Telehouse, who holds numerous security certifications as you would expect.
Encryption is an important piece of CrossEngage’s data security strategy. At any point when data is processed between our systems, we rely on Transport Layer Security (TLS) for transit encryption. This prevents eavesdropping. For data stored „at rest“, we leverage OS-native security features on all of our systems.
CrossEngage leverages stringent data segregation principles. This means that our customer’s data is logically separated on the storage level with tight access control rules, such that access is only granted to authorized people even inside of CrossEngage.
Security at CrossEngage entails much more than what you see on this page. As our services are evolving, so is our threat landscape. Our Security Team runs quarterly OKR programs to improve the status quo even more. Here is a selection of other initiatives that are more cross-cutting in nature but could be valuable for you to understand.
Bug Bounty & Penetration Testing
CrossEngage is investing in a close relationship with the security research community, and we greatly value their help identifying vulnerabilities in our products. Our Vulnerability Reward Program was developed to honor all the external contributions that help us keep our services safe.
Incident & Breach Response
Continuous Threat Modeling
Security by Design mandates us to be as proactive as possible in understanding our own threat landscape. Our Security Team takes this risk-centric viewing angle by regularly conducting threat modeling workshops, to determine where we may have gaps or room for improvement.