Security at Zoho
All our products are secure by design, where every change and feature in our products goes through secure coding guidelines, code analyzer tools, vulnerability scanners, and manual review processes. Our robust security framework based on OWASP standards, implemented in the application layer, provides functionalities to mitigate threats. Our employees think "security first" and we incorporate security into our entire software development process.
Our framework ensures that each customer's data is logically separated from other customers' data. Furthermore, we provide encryption at rest as well as in transit to protect our customers' data. Data retention and backup happens in a secure manner.
Our disaster recovery and business continuity programs help us provide you with high availability. Customer data is spread over geographically diverse Data Centers (DC) such that data in one DC is replicated in another. This ensures that operations carry on smoothly with minimal or no loss of time, if one DC fails. Our DCs are physically secure with strict access control from our colocation providers.
We have a robust logging and monitoring system to ensure clean and secure traffic through our servers. We use intrusion detection and prevention systems to ensure protection and prevent misuse of our infrastructure. We use a combination of certified third-party scanning tools and in-house tools to manage vulnerabilities.
What we offer
- Encryption at rest
- Encryption in transit
- Single-sign on
- Multi-factor Authentication
- Role-based access controls
- Logging, auditing and monitoring features
- Features to enhance privacy of personal data
Privacy at Zoho
We understand, scrutinize, and evaluate each third-party service that may handle your data, through risk assessments and periodic reviews.
Our products provide you with features like authorization, encryption of fields with personal information, audit trails, and labelling of fields, that enhance the privacy of your data.
We have a dedicated team that runs the privacy program through practices like performing Data Protection Impact Assessments (DPIA), Internal audits, and providing awareness and training to our employees.