Security Overview

RingCentral recognizes that secure and reliable phone service is critical to business operations. As a cloud service
provider, RingCentral offers robust multi-tenant cloud communications service with several layers of security built
in. This paper explains the security model for RingCentrals cloud services.
Overview
The security of RingCentrals cloud services encompasses multiple layers and many components, from
policies and methodologies to service architecture, as well as capability to detect potential toll fraud
and service abuse, and user controlled service administration. Security capabilities and settings reside
in the application and infrastructure layers, within the service delivery and operations processes, and
the companys security policies and governance practices.
The security of customer PBX services is shared among customers, who manage their PBX policies,
user permissions, and login information and RingCentral, who manages service delivery, architects and
designs security into the product, and ensures physical and environmental security of the service. We
employ a multi-layered security model, with security at the perimeter, at the service delivery layer, SSL
on our Web applications, Tier 1 data centers, and settings in the interface that a customer controls.
In addition, RingCentral has a full-time security and fraud-prevention department with a security
program that is based on industry best practices; our security program also includes communications
fraud monitoring where we monitor customers service for anomalous calling that may be toll fraud.
User Service Administration
RingCentrals cloud services include front-end settings that customers control to manage their PBX
policies and their users.
These settings include: Adding/removing extensions, setting user permission levels, managing
extension PINs, enabling international calling, allowing specifc international call destinations, and
blocking inbound caller IDs. In addition, customer admins and individual users can review call history
and upload and delete messages.
Application Security
Customer PINs are stored in secure hash(es). Customer data is logically segmented in application databases.
Transmission Security
RingCentral utilizes SSLv3/TLSv1 to encrypt Web session traffc.

RingCentral Datasheet | Security Policy
Network and Infrastructure Security
RingCentrals network and application perimeter is protected with firewalls and session border
controllers. Administrative access requires authenticating through a production VPN gateway, then
authenticating to local infrastructure systems. Only authorized personnel are given access to the
production environment. Technology layers include intrusion-detection systems, system logs, and
fraud analytics. Operational processes include system and service-level monitoring, system hardening,
change management, and regular vulnerability scans.
Physical and Environmental Security
We host our services in data centers that undergo SSAE-16 and/or ISO 27001 audits. Our data
centers share hosted facilities space with some of the worlds largest Internet companies and fnancial
institutions. The geographic diversity of our locations acts as an additional safeguard, minimizing our
risk of loss and service interruption due to natural disasters and other catastrophic situations.
Fraud Mitigation
The RingCentral service includes multiple layers to prevent and detect toll fraud, including access
control, detection controls, usage throttling, and customer-controlled settings to enable/disable
international calling to approved destinations. In addition, RingCentrals security department performs
active monitoring to detect and notify customers of anomalous calling patterns on their account.
Disaster Recovery
The RingCentral service is architected to support failover conditions in case of emergency. Our service
is built with geographically distributed redundancy. Primary and backup locations remain online
simultaneously, with a primary pod in active mode, and the secondary pod in standby mode. Database
replication between locations is in real time, with failover being built into the service. If a primary
location is unavailable, the backup location will continue service. In addition to infrastructure and
application redundancy, we also have geographically distributed operations such that service
operations can also continue if one location is not available.
Checklist for Protecting your RingCentral Service
Strong PIN
Disable calling card feature if not needed.
Disable international calling if not needed.
If you use international calling, restrict
call destinations to those needed for your
company business.
Restrict long-distance calling if not needed.
Restrict call forwarddont allow call forwarding
to international or long-distance numbers.
Restrict admin-level permissions. Limit the
users to whom you give this level of permission.
Block any numbers that you do not want to
receive calls from.
Only use email message forwarding for
non-sensitive messages. Retrieve sensitive
messages via an encrypted Web session.
Securely dispose of any physical copies of your
call records and invoices.
Change PIN codes often.
RingCentral, Inc. 1400 Fashion Island Blvd, San Mateo, CA 94404. www.ringcentral.com
2013 RingCentral, Inc. All rights reserved. RingCentral, RingCentral logo and RingCentral Offce are registered trademark of RingCentral, Inc.
Other third party marks and logos displayed on this document are trademarks of such respective third parties. CT1770
RingCentral Datasheet | Security Policy