Macro-service architecture as a distributed SOA
All-in-one customer service software for 3 to 3,000 service Agents.
Receive all messages (email, social media, chat etc.) in one inbox.
Create, track, automate routine workflows and tasks.
Measure and understand your customer relations based on precise data.
Assign right case to right agent at just the right time.
Create and run your own branded customer self-service portal in minutes.
Enhance your enterprise software by integrating with ThinkOwl.
Combine human and machine learning for excellence in customer service.
Intelligent content understanding and contextual analysis.
Train ThinkOwl, and experience AI.
Macro-service architecture as a distributed SOA
Each service has a 3-tier model architecture with REST interfaces
We are using the services of Hosting & Service Provider Hetzner Online GmbH and PlusServer AG (Colocation).
Owned by ThinkOwl Europe GmbH, Mülheim-Kärlich (Germany) respectively ThinkOwl Inc., Orlando (FL, USA)
For EU cloud: Germany, Ireland
For US cloud: USA
In the standard product, user first name and last name, email address and customer first name and last name are mandatory fields. Additional communication address details, such as secondary e-mail addresses and street addresses are optional. Account holder information also includes credit card information, which, if it belongs to a person instead of to an organization, is also deemed to be personal identifiable information. Additionally, an administrator may create custom data fields to store any desired type of information. This decision, however, is entirely made by the ThinkOwl account customer, not by ThinkOwl itself.
ThinkOwl default authentication, SSO
Google Authenticator and FreeOTP
Requirements:
1. Password shall contain characters of 4 classes: Roman upper case (A…Z), Roman lower case (a…z), Arabic numerals (0…9), special characters (!"$%&/()=?*…)
2. Password shall have a minimum length of 15 characters
3. New password shall never be the same as any of the last five passwords
4. Password shall not be a "dictionary" word (e.g. it should not be a word commonly used in dictionary attacks)
Can be set by account administrator.
Yes, this can be configured as such.
SAML v2.0, Google
Access token lifespan: 1 minute
Password Policy for users as well as Cloudflare WAF inclusive DDoS Protection.
Only Admin team members may access the systems. Access only possible from within the company network (site-to-site VPN). Admin team members can access company network remotely by dial-in VPN plus password.
Germany, India
No. The administration facilities inherit no critical infrastructure.
Account admin has full responsibility.
Account admin has full responsibility.
Account admin has full responsibility.
User deactivation, user deletion, password change
Administrator can sign out an agent, the access token will expire after 1 minute, login a new login can be deactivated for a user.
Yes, and custom roles can be defined in ThinkOwl plan „Diamond“.
There is no audit right for a customer. Compliance is ensured through internal audits as well as the currently in process ISO 27001 certification.
This is proven by providing the Statement of Applicability as well as the ISO Certificate.
Yes. In the event of a failure, we will be notifying any customers impacted by the situation and will take appropriate action to protect the operations of our customers.
By logical separation / mandatory operation.
Encrypted data storage (ElasticSearch / S3). Keys are not known to any non ThinkOwl or service personnel.
The ISO Certification is currently in progress. However, ThinkOwl fully relies on Tier III+ data centers that fulfill SSAE-16, SOC, PCI DSS, HIPAA or ISO 27001 requirements.
Currently ThinkOwl is hosted in Data Centers located in Germany (for EU Customers) and the United States (for others).
ISO 27001 currently in progress. CC, SSAE16 not planned yet.
Patch Management, anti-malware clients, WAF, Firewall
Limiting allowed OS Versions and standard images
The development and testing environment are physically separated from the operational environment to reduce the risks of unauthorized access or changes to the operational environment as well as ensuring a segregation of duties for transporting code between the different quality gates.
Automated static code analysis with SonarQube and automated behavior tests are integrated in development lifecycle.
Static Code-Analysis for Java and JavaScript againgst OWASP Top 10 is conducted via SonarQube.
Static Code-Analysis for Java and JavaScript againgst OWASP Top 10 is conducted via SonarQube.
Static Code-Analysis for Java and JavaScript againgst OWASP Top 10 is conducted via SonarQube. Regular external and internal penetration tests.
Vulnerabilities get classified and are rectified according the respective classification and adhering to the standard development process.
OWASP10 vulnerabilities are covered by SonarQube and behavior tests performing checks for privilege escalation.
SonarQube and JBehave as quality gates.
Regular external and internal penetration tests.
Customers can only access ThinkOwl via https to the web frontend.
Customer unique document encryption in the S3 storage, facilitating the 256-bit Advanced Encryption Standard (AES-256). Transport is securred by SSL.
HTTPS / SSH
Web-Application Firewalls, firewalls, proxies, reverse proxies, VPN.
As ThinkOwl is a Cloud solution, this is not part of the architecture.
DDoS protection by Cloudflare.
S3 - Data AES256 encrypted - transport SSL - (Mails, Tif, Attachements).
ES unencrypted - Connection is done by certificate - Transport secured by SSL - (Customer cases).
DB unencrypted - Configurations (desks, Mail Servers, how many folders).
All passwords and keys are stored encrypted in DB or config files.
Credentials provided by a user are stored encrypted in DB. System credentials are stored encrypted in config files.
Only ThinkOwl Admin personnel can access backup storage systems.
1. incremental backup of ES (using ES internal toolkit)
2. VM backup (using Proxmox)
3. databases (using mysqldump)
1. ES: incremental backup every 12hrs
2. VMs: once per week
3. DBs: as needed (e.g. before update)
1. ES: 60 days
2. VMs: one month
3. DBs: as space allows
Mix between Hetzner storage boxes and our own colocation servers.
On-request physical and logical delete of case and customer data.
1. Monthly Security Newsletter.
2. Onboarding Security Training.
3. Annual Security Training.
© ThinkOwl