Securing the transport layer
March 30th, 2020
Deprecating older versions of TLS
Freshworks is committed to implementing and practicing security controls to ensure information systems and customer data used as part of our offerings are protected.
Freshworks ended support for Transport Layer Security (TLS) 1.0 for our products in 2016 and at that time standardized support for TLS 1.1 and above. Since then, TLS 1.1 as a protocol has become outdated, as it does not support modern cryptographic algorithms and also exhibits known security vulnerabilities that are exploitable by attackers. The Internet Engineering Tasks Force (IETF) is planning to officially deprecate TLS 1.1 and recommend TLS 1.2 and above for secure use of Transport Layer security.
Following the tenets of Freshworks philosophy of Security By Design & Default, as of 30th April 2020, TLS 1.1 will no longer be supported in Freshworks products. This deprecation will reduce the attack surface and strengthen the security posture for both Freshworks and the hundreds of thousands of businesses relying on our products. Freshworks will continue to support TLS 1.2 to provide a higher degree of data integrity and to maintain compliance with the latest industry standards.
Freshworks recommends all customers use modern, updated web browsers for accessing our SaaS products. All customer endpoints (browsers, mobile, API, etc..) will be required to support TLS 1.2 after April 30, 2020 date in order to securely access our services.
For more information, please refer to our product-specific support articles for freshdesk, freshservice, freshchat, freshcaller and freshsales.
Reach out to firstname.lastname@example.org in case of any queries.
Securing the last mile
Last mile security is as critical as data centre or platform security and security is a shared responsibility in a cloud model. We recommend the following best practices that you could follow at your end to security of your data at your side.
You can enforce strong authentication mechanisms using our SAML services or tune-up the password rules from the admin console.
Role based access
Enforce differential access based on the users’ responsibilities to limit access based on the principle of least privileged access and prevent conflict of interest.
Update your APIs as and when we bring in new releases and notify you.
Establish processes to provide appropriate access to your users and remove accesses that are no longer valid.
The products come with the option of implementing custom SSL certificates that let you secure the solution for a safe and personalized experience.
Establish authorized and exclusive connections by whitelisting your IP Addresses in our services.