Compare Plans


Meet business-critical mandates with communications that are secure, compliant, and accredited by major regulatory bodies. 

Related links

Avaya portfolio security

Keeping our customers’ data secure is a primary requirement in product development. 

Security by design

Avaya cloud security

Learn how we meet the unique needs for securing data in our cloud-based solutions. 

Security for cloud

Frequently asked questions:

Does Avaya Experience Platform solution/service support Security Posture Management?

Avaya recognizes that cloud solution security is a primary customer concern. The Avaya Cloud Public Security Playbook illustrates our: 

  • 360º security visibility  
  • Global security intelligence 
  • Sophisticated customer-facing controls
  • Secure and hardened CCaaS solution 

Does Avaya Experience Platform solution support access control methods?

The supported access control methods are:

  • Role-based access control (RBAC)
  • Mandatory access control (MAC)
  • Discretionary access control (DAC)

Multi-tenant RBAC provides fine-grained access management of Contact Center resources. Using RBAC, a customer may segregate duties within your organization and grant only the amount of access to users and applications that they need to perform their roles. Between you the Customer and Avaya the Provider, we employ Segregation of Duties (SoD) as a security strategy and to maintain compliance regulations. 

Avaya Experience Platform solutions provide RBAC for granular control of users. The Admin Center uses a unique account ID across all APIs, events, and data to prevent unauthorized access to the data of a customer. These roles are pre-configured or built-in to cover different job functions related to administration and contact center operations. You can define permissions on the protected resources and map these permissions to built-in roles during installation. The built-in roles are:

  • System administrator 
  • Auditor 
  • Security administrator 
  • Tenant administrator 
  • Supervisor 
  • Reporting user 
  • Operations manager or analyst 

Does Avaya Experience Platform solution/service support access control by IP address or range we specify?

Yes, however, the list of IP addresses may change over time as per Azure range assignments for various cloud components and regions.  Inbound traffic through public APIs and Admin panels can be restricted at Avaya Experience Platform solution level.

Do Avaya Cloud solutions/services embrace AOSSL (Always On SSL)?

Avaya cloud solutions use encryption to protect all data in transit and at rest. Data in transit uses Transport Layer Security (TLS) version 1.2+. The Cloud platform complies to Federal Information Processing Standards (FIPS) 140-2 and National Institute of Standards and Technology (NIST) standards to underpin our security protocols, standards, and encryption practices. Key Vault Technology is used to maintain trust and to ensure the security and integrity of:

  • Secrets Management: tokens, passwords, certificates, and API keys
  • Key Management: controlling the encryption keys used to encrypt your data
  • Certificate Management: deploy the platform that supports public and private TLS/SSL certificates
  • Strong encryption is achieved by using 2048-bit public/private key pairs to create unreadable records that may be safely stored
  • Keys support the encryption of API transactions, passwords, certificates, or cryptographic exchanges

Does Avaya implement IDS/IPS to detect and block malicious network traffic that can exploit vulnerabilities in OS and middleware? If so, describe the conditions for monitoring and operation.

We proactively identify and monitor threats utilizing User and Entity Behavior Analytics (UEBA) to detect:  

  • Zero-day
  • Targeted attacks
  • Advanced persistent threats

Our partners, security teams, and tools continuously monitor and isolate threats in real-time via operational proactive response 24x7x365 and incident handling processes.

Describe the solution provider’s process to report an incident.

To maintain security and to ensure trust and integrity, we maintain security change audit logging of our entire cloud real estate: 

• Restricting change via pipeline and maintaining:  

• Active audit trail 

• Activity logs 

• Audit reports 

• Diagnostic services, logs, and metrics (such as key vault audit) 

• Network Security Group (NSG) flow logs and event logs 

• Cloud monitoring, Cloud network watching, and Cloud real-time scanning  

• Audit data retention and archiving to meet sovereignty and regulatory processes  

• Retention period for monitor logs is 365 days and we can configure with a maximum of two years 

Describe the solution provider’s reporting mechanism for security and/or other incidents. In what format do notifications go out and what information do they contain?

Support for Avaya cloud solutions is based on ITIL®️ processes, including service desk, service management, incident management, problem management, and change management.

Do Avaya cloud solutions/services record access and authentication logs of our cloud service users (all administrative users and general users, etc.)?

For Avaya cloud solutions, customers receive an email with details of the updates being applied to the environment through the standard notification processes for all planned maintenance and emergency changes.

Is it possible to obtain my administrator's operation log?

Avaya enables the export of audit trace logs to integrate a customer SIEM. RWS admin can download application configuration change logs, Product activity and resource logs aren't exportable, and the retention period is 90 days, but it is configurable.

Does the solution provider conduct infrastructure (OS/Middleware/Network) vulnerability scanning (inspection) regularly and take countermeasures swiftly when the vulnerability is detected?

Yes. Systems are scanned with Qualys and patched according to Avaya’s vulnerability and patch management security standard. Avaya conducts vulnerability assessment and penetration testing on a regular cadence to maintain targeted regulatory compliances. Please note: Avaya doesn’t allow our customers to conduct vulnerability assessment and penetrating testing on Avaya Experience Platform.

Loading page...
Error: There was a problem processing your request.