bvoip Knowledge

Academy Contact Us Support Center

Data Encryption Policies

This article serves to cover the encryption of data at bvoip

Updated at July 27th, 2024

Table of Contents

Encryption in Transit Encryption at Rest Current Encryption State: In Progress

Encryption in Transit

All sensitive data handled by the bvoip team is encrypted in transit using modern TLS standards.

Phone systems, SIP Trunks, and physical devices do not use Secure SIP with TLS by default, as it can cause call quality and latency issues. This also requires additional configuration and can limit some capabilities like automatic device provisioning.

You can reach out to our Support for details on enabling this, but some key notes are below.

  • Our support team needs to enable the Secure SIP protocol on the backend.
  • Enabling secure connections for physical phones requires a Session Border Controller (SBC) local to the network where the phones reside. An SBC is required for every network where a phone will live, however some phones can act as SBCs themselves, though it isn't recommended except for remote user scenarios.
  • Enabling secure connections for SIP Trunks has seen instability or complete lack of support depending on the provider. You may need to move to a different SIP Trunk provider depending on their supported capabilities.
  • It is crucial to note that once it leaves your trunk providers network, there is no guarantee that the call remains encrypted. All calls that transact on the public switched telephone network (PSTN) will be unencrypted.

Encryption at Rest

While we have offered data encryption for recordings and voicemails for a long while now which sufficed for some compliance needs, full server encryption at rest was not offered outside of very specific cases.

We have been actively working to implement an encrypted at rest standard across our entire fleet of existing virtual machines and servers, and we're pleased to announce that is well underway with our ongoing infrastructure migrations.

Current Encryption State: In Progress

Last Updated July 11th, 2024.

These migrations will also ensure a smoother experience, better performance, and improved reliability. For our partners that resell, you can also expect much faster system setups and migrations intra or inter-datacenter.

New spin ups in the following datacenters are considered Encrypted at Rest:

  • Amsterdam (As of May 20th, 2024)
  • Los Angeles (As of June 10th, 2024)
  • Dallas (As of June 10th, 2024)
  • Virginia (As of June 18th, 2024)
  • Chicago (As of June 19th, 2024)
  • United Kingdom (As of June 25th, 2024)
  • Singapore (As of June 25th, 2024)
  • Frankfurt (As of July 10th, 2024)

At this time, all servers on the following systems and regions are considered Encrypted at Rest:

  • Amsterdam
  • LACLOUD04, LACLOUD05
  • DALCLOUD05, DALCLOUD06
  • VACLOUD14, VACLOUD15
  • Chicago
  • UKCLOUD04
  • Singapore
  • Frankfurt
  • Dedicated servers purchased or migrated to after June 10th, 2024

If you have a pressing need to migrate to an encrypted server ahead of the planned migration for your server on our Status Page, you can reach out to our support team. If you're not seeing your server on there yet, it just means we're still working on scheduling your migration.

Related Articles

Disabling Trusted Certificates

Why Disable a Trusted Certificate? The specific parameter to be disabled allows f...

Manual Provisioning General Setup

Manual Provisioning Notice Manually provisioning a phone should only be done if t...

MPP Provisioning Troubleshooting Steps

While the bvoip phone system is compatible with most phones, this article will be...