Nexmo is committed to supplying a highly available platform and we do our best to minimise outages. Through use of a content delivery network, geographically redundant data centers, and redundancy within each data center, we ensure failovers exist at several levels to maximize uptime.
Information about availability and outages can be found on our status page.
We also take regular offsite backups of important data to ensure business continuity.
|Type of Communication||Secure Protocols Used||Other Protocols Used|
|Between customers and Nexmo APIs||HTTPS, SMPP-over-SSL, SIPS, SMPP-over-IPsec||SMPP, SIP, RTP|
|Between Nexmo and carriers||HTTPS, SMPP-over-SSL, SIPS, SMPP-over-IPsec||HTTP, SMPP, ENUM, SIP, RTP|
We still support unencrypted protocols on the customer side in response to customer demand, but we strongly encourage customers to use secure protocols. Rest assured, the security of your data is unaffected by the communications protocols used by Nexmo’s other customers because of the logical segregation between customer accounts.
In connection with the provision of our services, Nexmo has secured direct relationships with telecommunications carriers and similar services providers around the globe. While many of our connections with these carriers are secure, some of these “last mile” connections are unencrypted. This is beyond our control and depends on the carrier, as some telecommunications providers have legacy infrastructure and do not currently support secure protocols. We opt for secured communication with carriers when available.
We have rate limiting in place on API calls and Nexmo Dashboard logins to prevent brute force attacks. Password complexity requirements are enforced on API secret and Nexmo Dashboard password.
Nexmo Dashboard passwords are cryptographically hashed before storing in our database.
The Nexmo Dashboard supports 2-factor authentication (2FA using Nexmo Verify) when elected for customers who want to add an additional access control. If this is enabled, Nexmo Dashboard logins require an additional verification code, which is sent by SMS or automated phone call to the phone registered on your account, to be entered when logging in from an IP address which differs from the one used on the previous successful login.
On request, we can enable restrictions on a Nexmo Dashboard account such that it can only be logged into from specified IP addresses.
Accounts are logically segregated from each other, and we use role-based access control within our company for access to systems and information.