Recently our team reviewed the OWASP top 10 API security risks and wanted to check if Genesys Cloud CX has any documentation that lists how does Genesys addresses these risks.
I remember Engage used to have certain documentation on the components that addressed such mentioned risks but can anyone share or guide how to verify and find it for Genesys Cloud CX? The link to OWASP 2023- https://owasp.org/API-Security/editions/2023/en/0x11-t10/
The Genesys Cloud generic security (document is from 2022, haven't been updated) - https://help.mypurecloud.com/articles/genesys-cloud-security-policy/ 

*I am not from security background so please pardon if I mistakenly use wrong terminology or confused between security standards. We want to confirm the Genesys-Salesforce or Genesys-Datagamz and other integrations being impacted with this.

Thanks

Recently our team reviewed the OWASP top 10 API security risks and wanted to check if Genesys Cloud CX has any documentation that lists how does Genesys addresses these risks.
I remember Engage used to have certain documentation on the components that addressed such mentioned risks but can anyone share or guide how to verify and find it for Genesys Cloud CX? The link to OWASP 2023- https://owasp.org/API-Security/editions/2023/en/0x11-t10/
The Genesys Cloud generic security (document is from 2022, haven't been updated) - https://help.mypurecloud.com/articles/genesys-cloud-security-policy/ 

*I am not from security background so please pardon if I mistakenly use wrong terminology or confused between security standards. We want to confirm the Genesys-Salesforce or Genesys-Datagamz and other integrations being impacted with this.

Thanks

Hi All,

We did ask similar question to Genesys Support and Developer forum. Didn't get any direct answer from developer forum and the Genesys support replied with standard security and the not the ones mentioned in OWASP article.  Still looking for a straight answer if anyone is aware about from the 2023 OWASP list.


(Sharing thinking it might help some who are only looking for Genesys cloud basic security standards)

PCI DSS (Payment Card Industry Data Security Standard): This standard applies to all organizations that handle credit card data. If your SaaS application involves payment processing, PCI DSS compliance testing would look for compliance with the security measures recommended by OWASP.

ISO 27001: This is an international standard that provides the framework for an Information Security Management System (ISMS). ISO 27001 compliance testing ensures that your organization has the necessary controls in place to manage information security risks effectively, which would include the security vulnerabilities highlighted by OWASP.

SOC 2 (Service Organization Control 2): SOC 2 is a compliance requirement for SaaS companies that handle customer data. A SOC 2 audit would check if your organization's controls are in line with the Trust Services Criteria, including the security controls that align with the OWASP's Top 10 API Security list.

HIPAA (Health Insurance Portability and Accountability Act): If your SaaS application handles health information, HIPAA compliance testing would check if you follow the necessary security measures to protect sensitive patient health information, which would include measures outlined in the OWASP's Top 10 API Security list.

GDPR (General Data Protection Regulation): If you operate in or serve customers in the European Union, GDPR compliance would apply. It would cover the security of personal data, including measures to ensure API security as highlighted by OWASP.

Cloud Security Alliance (CSA) STAR Certification: The STAR certification is a rigorous third-party independent assessment of the security of a cloud service provider. The technology-neutral certification leverages the requirements of the ISO/IEC 27001 standard together with the CSA Cloud Controls Matrix.

Recently our team reviewed the OWASP top 10 API security risks and wanted to check if Genesys Cloud CX has any documentation that lists how does Genesys addresses these risks.
I remember Engage used to have certain documentation on the components that addressed such mentioned risks but can anyone share or guide how to verify and find it for Genesys Cloud CX? The link to OWASP 2023- https://owasp.org/API-Security/editions/2023/en/0x11-t10/
The Genesys Cloud generic security (document is from 2022, haven't been updated) - https://help.mypurecloud.com/articles/genesys-cloud-security-policy/ 

*I am not from security background so please pardon if I mistakenly use wrong terminology or confused between security standards. We want to confirm the Genesys-Salesforce or Genesys-Datagamz and other integrations being impacted with this.

Thanks

Hi,

You might have a look at Genesys RFPIO database? It includes lots of good answers, including security, that can be used with RFP responses. You can access RFPIO via Genesys OKTA application portal.

Best Regards,

Antti

Hi All,

We did ask similar question to Genesys Support and Developer forum. Didn't get any direct answer from developer forum and the Genesys support replied with standard security and the not the ones mentioned in OWASP article.  Still looking for a straight answer if anyone is aware about from the 2023 OWASP list.


(Sharing thinking it might help some who are only looking for Genesys cloud basic security standards)

PCI DSS (Payment Card Industry Data Security Standard): This standard applies to all organizations that handle credit card data. If your SaaS application involves payment processing, PCI DSS compliance testing would look for compliance with the security measures recommended by OWASP.

ISO 27001: This is an international standard that provides the framework for an Information Security Management System (ISMS). ISO 27001 compliance testing ensures that your organization has the necessary controls in place to manage information security risks effectively, which would include the security vulnerabilities highlighted by OWASP.

SOC 2 (Service Organization Control 2): SOC 2 is a compliance requirement for SaaS companies that handle customer data. A SOC 2 audit would check if your organization's controls are in line with the Trust Services Criteria, including the security controls that align with the OWASP's Top 10 API Security list.

HIPAA (Health Insurance Portability and Accountability Act): If your SaaS application handles health information, HIPAA compliance testing would check if you follow the necessary security measures to protect sensitive patient health information, which would include measures outlined in the OWASP's Top 10 API Security list.

GDPR (General Data Protection Regulation): If you operate in or serve customers in the European Union, GDPR compliance would apply. It would cover the security of personal data, including measures to ensure API security as highlighted by OWASP.

Cloud Security Alliance (CSA) STAR Certification: The STAR certification is a rigorous third-party independent assessment of the security of a cloud service provider. The technology-neutral certification leverages the requirements of the ISO/IEC 27001 standard together with the CSA Cloud Controls Matrix.

Recently our team reviewed the OWASP top 10 API security risks and wanted to check if Genesys Cloud CX has any documentation that lists how does Genesys addresses these risks.
I remember Engage used to have certain documentation on the components that addressed such mentioned risks but can anyone share or guide how to verify and find it for Genesys Cloud CX? The link to OWASP 2023- https://owasp.org/API-Security/editions/2023/en/0x11-t10/
The Genesys Cloud generic security (document is from 2022, haven't been updated) - https://help.mypurecloud.com/articles/genesys-cloud-security-policy/ 

*I am not from security background so please pardon if I mistakenly use wrong terminology or confused between security standards. We want to confirm the Genesys-Salesforce or Genesys-Datagamz and other integrations being impacted with this.

Thanks