Forums/Product news and updates/Announcements

New features to better secure your customer data

Ben Rohrs
posted this on July 25, 2013 18:11

We're happy to announce several enhancements and new features that help you to keep your customer data secure. These features help you to secure your customer data in a way that's appropriate for your business, while keeping it easy for your customers to access their tickets, your knowledge base, and your community forums. And if you're not a security expert, don't worry, we've written a security best practices article to help you keep your customer data secure.

Here’s a summary of the features and enhancements with links to additional details:

Split authentication methods for customers and agents

Separating the password policies for your employees and customers enables you to enforce a higher security policy for your agents, who have access to your customer data, while keeping it easy for your customers to help themselves via your knowledge base and community forums. Learn how to set up separate password policies for your employees and customers.

Agent device management

Agent can see all of the devices and browsers they use to access Zendesk. New devices are automatically added when you log in from them, notifying admins via email. And managing and disconnecting devices is as simple as clicking a link. Learn how to check the devices used to access your Zendesk account.

Email notifications for security changes

These email alerts help to quickly identify and respond to any significant changes to your Zendesk. Not only are you alerted to changes such as a new admin being added, or an agent account being suspended due to multiple failed login attempts, but you’ll also be notified when your SSL certificate will soon expire. This new feature is being slowly rolled out, so it might be a few weeks before all of the alerts are live in your account. See a full list of email alerts and how to manage them.

New audit log events

Expanding on the audit log events that were released in 2012, we’ve added 14 new events to help admins identify and investigate any potentially suspicious activity, such as when a user account is suspended due to multiple failed logins, or your IP restrictions change. See a full list of audit log events.

Customizable password policy

While it’s always been possible to choose from three pre-defined password security levels, now you can enforce stricter passwords by fully customizing your password policy to include the specific factors that are critical for your team and your business, such as password length, password expiration, and session timeout. Learn how to customize your password policy.

Digital signing of outbound emails

If you’re a large company that sends lots of email, you can ensure that emails Zendesk sends on your behalf will get to where they need to go, and your customers can feel secure that the emails truly came from you (and are not a phishing attempt). Learn how to digitally sign email messages for your custom domain to support the DKIM and DMARC standards.