Secure Network Architecture
Medallia uses multiple network layer security controls to protect the confidentiality and availability of client data. Any transmission of confidential client data, including personal data or PII, is encrypted through Transport Layer Security (TLS) 1.2 or Secure File Transfer Protocol (SFTP) with optional PGP encryption. Next generation ICSA-certified network appliances protect all network edges and enterprise-class routers and firewalls control the flow of information to and from our systems. Intrusion Detection Systems/Intrusion Prevention Systems (IDS/IPS) and load balancers detect and prevent attacks and maximize system performance. Our network security controls are fully redundant, fault-tolerant, and highly available. Medallia never transmits confidential data or personally identifiable information over public networks or unencrypted emails.
SegregationMedallia hosts its Medallia Experience Cloud clients’ programs in a separate dedicated environment with a dedicated database for each client program to ensure client data is not commingled. Each client environment is logically separated from all other clients’ environments through the use of containerization; this is our way of ensuring that we isolate each individual client environment. In addition, our production environment is also segregated from our development, QA, and corporate environments. And finally, client data is not used in the development or QA environments. Medallia’s logical system architecture diagram is attached below.
Network Monitoring and Protection
Medallia relies on a wide variety of monitoring systems to provide a highly available service. In order to identify, block and prevent network attacks, we send event logs and alerts to our centralized SIEM from multiple network security devices for monitoring, looking for unauthorized activities or unusual conditions at ingress/egress points. We also monitor key performance metrics to ensure we have sufficient resources for optimal performance. An on-call schedule ensures that operations team members are always ready to respond to critical events.
Medallia maintains well-defined procedures to deal with any security incident that might impact client operations. Our Computer Security Incident Response Team (CSIRT) includes representatives from the Executive, Legal, Information Systems Management, and Public Relations teams. It is managed by a member of the Security Operations team.
In the event of a security incident, CSIRT will perform an initial analysis, assess the severity of the incident, and notify senior leadership and relevant stakeholders, including any clients that might have been affected. CSIRT will take any measure necessary to stop or contain the incident and then coordinate the deployment of controls and countermeasures to prevent a recurrence of the incident.
Medallia notifies the client of any incident that affects their data along with the classified severity level: SEV1, SEV2 or SEV3. The level of severity is a measure of its impact or threat to the operation or integrity of the affected department, client and its information.
Medallia notifies the customer without undue delay after confirmation of a breach, but no later than 72 hours. Medallia communicates the time of incident occurrence, the category and severity of the incident, details of the affected customer data and the state of resolution.
The following default communication schedule is used:
SEV-1 (Code Red): Every six hours
SEV-2 (Code Orange): Every twelve hours
SEV-3 (Code Yellow): Ad-Hoc
Once the incident investigation has been completed, Medallia ensures the deployment of controls or countermeasures to ensure that the incident does not reoccur once the service is resumed. Such controls include but are not limited to:
Modifying firewalls, Intrusion Detection Systems or device configurations and rulesets
Applying security patches to affected technology platforms and application binaries (code)
Rebuilding or restoring systems from known good backups or codebase