Groupcall XVault is designed to operate securely and requires authentication to access web servers and the management console. It is advised that additional configuration is made in the operating environment to ensure full platform-level security.
The XVault database should be located on a physically secure server that is appropriately configured to prevent unintended access. Each system accessing the database requires a separate SQL user account with a strong password. Systems reading data from the XVault database should be constrained to a specific view or set of views per accessing system.
Groupcall recommends that the SQL platform or underlying system is encrypted in order to protect data.
The server on which the XVault application is installed on should be physically secured and appropriately configured to prevent unintended access. XVault only permits incoming connections to its Web Services interface and to its web-based management console. XVault will make outgoing connections to https://dashboard.groupcall.com/ and to any SIF Zone Integration Server that it is configured to contact.
Although the XVault application does not store any sensitive data locally (only into the XVault Database), Groupcall recommends that the server or underlying system is encrypted to prevent unintended release of the SQL server credentials or SIF SSL private keys.