Security By Design

Over 60,000 customers across the globe trust us with their data being processed by our products. We back ourselves up with robust data security and privacy practices that form an integral part of our product engineering and service delivery principles. 

Behind the scenes

Freshworks, being a custodian of customers' data,  a multi-fold model of security architecture, robust product delivery, and a highly resilient service platform are the fundamental tenets of its service delivery.

Protecting your data

Multi-tiered data  security model
 

Secure Product Build

End-to-end security in product lifecycle
 

Highly Resilient Architecture

Always lights-on for your business
 

Protecting your data

We understand the value of data. With our robust system of data safeguards, we allow you to focus on the data rather than on its security

 

bitmap copy 3 bitmap copy 3

Our secure hosting partner

Virtual Private Cloud

Hosted in dedicated VPCs in non-promiscuous mode that are further segmented for increased security and manageability.

Perimeter Security

Routing rules hardened based on pre-established criteria for various permissible transactions across all resources.

Access Controls

Role-based access through IAM that enforces segregation of duties, two-factor authentication and end-to-end audit trails ensuring access is in accordance with security context.

Encryption

AES 256-bit encryption when data is encrypted at rest and HTTPS with TLS 1.2 encryption for data in transit.
 

Management Plane

Secure administrative tunnel with whitelisted IP addresses for secure connection to the servers for administrative purposes, through a bastion host.

Malware & Spam Protection

Malware and spam protection applied based on the latest threat signatures and supports real-time scanning and security.
.

Secure Product Build

Information security and data privacy requirements are baked into every release cycle and form part of the blueprint considerations of the product.
 

Product Roadmapping

Product road-map is defined and reviewed periodically by the Product Owner. Security fixes are prioritized and are bundled in the earliest possible sprint.

DevOps Squad

Our DevOps sprints are powered by a multi disciplinary Squad of members including the Product Owner, Squad Lead, Tribe Lead and Members, and Quality Assurance.

Code Review

All changes are tested by the Quality Assurance team and criteria are established for performing code reviews, web vulnerability assessment, and advanced security tests.

Quality Assurance

Builds are put through a stringent functionality tests, performance tests, stability tests, and Ux tests before the build is certified "Good to go".

Version Control

Source Code is managed centrally with version controls and access restricted based on various teams that are assigned to specific sprints. Records are maintained for code changes and code check-ins and check-outs.

Segregation of Duties

Access to the production is restricted to very limited set of users based on the job roles. Access to the production environment for developers and Quality Assurance team members are restricted based on their job responsibilities.
 

Blue-Green Deployment

We follow blue-green deployment strategy for deployment of changes to production environment that allows us to deploy upgrades in a seamless manner.

Highly Resilient Architecture

The architecture is built with resiliency in mind that ensure high availability for the product and data.

bitmap copy 3 bitmap copy 3

Our secure hosting partner

Component Redundancy

All components are deployed in ‘n+1’ mode across multiple availability zones configured in active - active mode behind a load balancing service.

Highly Scalable DNS

Route users to the best endpoint based on geo-proximity, latency, health, and other considerations.

Platform Load Balancing

Automatically distribute application traffic across multiple availability zones that supports high availability, auto scaling and robust security.

Data Backup

Near real-time backups are maintained in another AWS Availability Zones. Cloud Snapshots are taken every day and retained for the last seven days.

Cross Geo Redundancy

Mirrored multiple Availability Zones are setup and serves customers in real-time thereby providing seamless DR capability.

Incident & Breach Management

Procedures are established for reporting incidents, and tracking it for timely communication, investigation and resolution.

Content Distribution Network

Geographically distributed network of proxy servers and their data centers. The goal is to distribute service spatially relative to end-users to provide high availability and high performance.

Security Operations

Situation awareness through the detection, containment, and remediation of any suspected or actual security incidents. Tactical rules and data sensors are configured to provide suitable early warnings and alerts. 

Capacity Management

Proactive capacity monitoring based on conservative thresholds and on-demand capacity expansion capability through our highly elastic hosting partners.