bvoip Knowledge

Academy Contact Us Support Center

Data Encryption Policies

This article serves to cover the encryption of data at bvoip

Updated at September 24th, 2024

Table of Contents

Encryption in Transit Encryption at Rest Current Encryption State: 95%

Encryption in Transit

All sensitive data handled by the bvoip team is encrypted in transit using modern TLS standards.

Phone systems, SIP Trunks, and physical devices do not use Secure SIP with TLS by default, as it can cause call quality and latency issues. This also requires additional configuration and can limit some capabilities like automatic device provisioning.

You can reach out to our Support for details on enabling this, but some key notes are below.

  • Our support team needs to enable the Secure SIP protocol on the backend.
  • Enabling secure connections for physical phones requires a Session Border Controller (SBC) local to the network where the phones reside. An SBC is required for every network where a phone will live, however some phones can act as SBCs themselves, though it isn't recommended except for remote user scenarios.
  • Enabling secure connections for SIP Trunks has seen instability or complete lack of support depending on the provider. You may need to move to a different SIP Trunk provider depending on their supported capabilities.
  • It is crucial to note that once it leaves your trunk providers network, there is no guarantee that the call remains encrypted. All calls that transact on the public switched telephone network (PSTN) will be unencrypted.

Encryption at Rest

While we have offered data encryption for recordings and voicemails for a long while now which sufficed for some compliance needs, full server encryption at rest was not offered outside of very specific cases.

We have been actively working to implement an encrypted at rest standard across our entire fleet of existing virtual machines and servers, and we're pleased to announce that is well underway with our ongoing infrastructure migrations.

Current Encryption State: 95%

Last Updated September 23rd, 2024.

These migrations will also ensure a smoother experience, better performance, and improved reliability. For our partners that resell, you can also expect much faster system setups and migrations intra or inter-datacenter.

At this time, all phone systems in all regions are considered Encrypted at Rest, with the exception of our Vancouver datacenter and dedicated servers that had their migration done prior to July 10th, 2024.

Related Articles

Disabling Trusted Certificates

Why Disable a Trusted Certificate? The specific parameter to be disabled allows f...

Manual Provisioning General Setup

Manual Provisioning Notice Manually provisioning a phone should only be done if t...

MPP Provisioning Troubleshooting Steps

While the bvoip phone system is compatible with most phones, this article will be...